-
Notifications
You must be signed in to change notification settings - Fork 23
/
values.yaml
555 lines (457 loc) · 14.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
### TO DEPLOY SQL RUNNERS IN THE CLUSTER
### FROM LENSES YOU NEED TO PATCH THE SERVICE ACCOUNT
### LENSES WILL USE TO DEPLOY. SEE:
### https://docs.lenses.io/install_setup/deployment-options/kubernetes-deployment.html
# Basic info
replicaCount: 1
image:
repository: lensesio/lenses
pullPolicy: IfNotPresent
annotations: {}
labels: {}
strategy: {}
nodeSelector: {}
tolerations: {}
affinity: {}
# Monitoring
monitoring:
pipeline: lenses
enabled: true
port: 9102
path: "/metrics"
# Resource management
resources:
limits:
memory: 5Gi
requests:
memory: 4Gi
# rbacEnable indicates if a the cluster has rbac enabled and a cluster role
# and rolebinding should be created for the service account
rbacEnable: true
# restPort is the Lenses rest port
restPort: 3030
servicePort: 80
# serviceAccount is the Service account to be used by Lenses to deploy apps
serviceAccount: default
# If you use Data Policies module enable a Persistent Volume to keep your data policies rule.
persistence:
enabled: false
accessModes:
- ReadWriteOnce
size: 5Gi
# Target an pre-existing volume claim to use it as Lenses Persistent volume
# existingClaim:
# persistentVolumeReclaimPolicy: Retain
## Policies data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
#service
service:
enabled: true
type: ClusterIP
annotations: {}
# If you want to make it available as a node port, then add nodePort: <somePort>
# Warning: this should not be used with servicePort:
# nodePort:
## Load balancer IP address
## Is not required, but allows for static address with
## serviceType LoadBalancer.
## If not supported by cloud provider, this field is ignored.
## Default: nil
##
# loadBalancerIP: 130.211.x.x
## This will restrict traffic through the cloud-provider load-balancer
## to the specified client IPs.
## If not supported by cloud provider, this field is ignored.
## Default: nil
##
# loadBalancerSourceRanges:
# - 0.0.0.0/0
ingress:
## If true, Ingress will be created
##
enabled: false
host:
# Ingress annotations
annotations:
kubernetes.io/ingress.class: traefik
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
# nginx.ingress.kubernetes.io/rewrite-target: /
# TLS if enabled load the tls.crt and tls.keys as a secrets and enable TLS on the ingress
tls:
enabled: false
crt: |-
key: |-
lenses:
# For generic settings
# Read more: https://docs.lenses.io/4.0/configuration/jvm/#content
lensesOpts: |-
append:
# Add custom configuration values, will take precedence over the env variables and auto-generated values
# Read more: https://docs.lenses.io/3.2/install_setup/deployment-options/docker-deployment.html#configuration-via-files-and-secrets
conf: |-
jvm:
# heapOpts are any overrides for Lenses Heap JVM options
heapOpts: |-
# logBackOpts are any logging options
logBackOpts:
#performanceOpts are any jvm tuning options to add to the jvm
performanceOpts:
# base64 encoded truststore data
trustStoreFileData: |-
# trust store password
trustStorePassword:
# TODO: Replace with docker implementation
# Global truststore/keystore for the JVM
opts:
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
trustStoreFileData: |-
# base64 trust store password
# echo "$password" | tr -d '\n' | base64
trustStorePassword: |-
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
keyStoreFileData: |-
# base64 keystore password
# echo "$password" | tr -d '\n' | base64
keyStorePassword: |-
tls:
# TLS setup for serving Lenses over TLS
enabled: false
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
keyStoreFileData: |-
# base64 keystore password
# echo "$password" | tr -d '\n' | base64
keyStorePassword: |-
# base64 key password
# echo "$password" | tr -d '\n' | base64
keyPassword: |-
# Authenticate to Lenses with client authentication
clientAuth: false
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
trustStoreFileData: |-
# base64 trust store password
# echo "$password" | tr -d '\n' | base64
trustStorePassword: |-
# Broker details
## Brokers should be behind a service, if so set one entry in the hosts
## If your brokers are outside explicitly add them to the hosts. Note you only need one to bootstrap
## but you should specify more than one for resilience
# kafka ssl
# The keytab, key and truststores file data are the base64 encoded contents of the files. YOU MUST PROVIDE THE DATA BASE64 encoded
# openssl base64 < client.keystore.jks | tr -d '\n'
# The passwords will be base64enc by the secret
# and added to the kafka secret and mounted into /mnt/secrets
kafka:
ssl:
# TLS setup to connect to brokers over TLS with/without client authentication
enabled: false
# base64 encoded truststore data
trustStoreFileData: |-
# password strings
trustStorePassword:
# base64 encoded keystore data
keyStoreFileData: |-
keyStorePassword:
keyPassword:
sasl:
# Authenticate to brokers using SASL, can be used in conjuction with SSL
enabled: false
# mechanism is the sasl authentication mechanism GSSAPI, SCRAM or PLAIN
mechanism: GSSAPI
# jaasFileData is the contents of the kafka jaas file mounted in /mnt/secrets
# Note: this will be deprecated in favor of jaasConfig
jaasFileData: |-
# jaasConfig
# This configuration is used inline, so do not enclose it in 'KafkaClient{ }'
# jaasConfig: |-
# com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="lenses.keytab" storeKey=true useTicketCache=false serviceName=kafka principal="lenses@TESTING.LENSES.IO";
jaasConfig: |-
# krb5Conf is the kerberos config data to be mounted into /etc
krb5Conf: |-
# keyTabData is the base64 contents kerberos keytab file is using kerberos mounted in /mnt/secrets
# openssl base64 < keytab | tr -d '\n'
keyTabData: |-
# JMX/JOLOKIA Metrics
metrics:
enabled: false
username:
password:
ssl:
type: "JMX"
port: 9102
# For multiple ports:
# ports:
# - id: foo
# port: 9103
# host: example1
# - id: bar
# port: 9104
# host: example2
# For multiple ports from AWS:
# type: AWS
# ports:
# - id: foo
# url: example1:9103
# - id: bar
# url: example2:9104
bootstrapServers:
- name: kafka
port: 9092
sslPort: 9093
saslSslPort: 9094
saslPlainTextPort: 9095
# zookeeper
## Zookeepers should be behind a service, if so set one entry in the hosts
## If your zookeepers are outside explicitly add them to the hosts.
zookeepers:
enabled: false
chroot:
hosts:
- host: zookeeper
port: 2181
# JMX/JOLOKIA Metrics
# metrics:
# type: "JMX"
# port: 9102
# protocol:
# username:
# password:
# ssl:
# schemaRegistries
## Schema registries should be behind a service, if so set one entry in the hosts
## If your schema registries are outside explicitly add them to the hosts.
schemaRegistries:
enabled: false
mode:
topic:
hosts:
- host: schema-registry
protocol: http
port: 8081
# If your schema registry accepts request in a path eg. <url>:<port>/api/v1
path:
# JMX/JOLOKIA Metrics
# metrics:
# type: "JMX"
# port: 9102
# protocol:
# username:
# password:
# ssl:
ssl:
## Encryption in Transit
# base64 encoded truststore data
trustStoreFileData: |-
# password strings
trustStorePassword:
## Authentication via TLS certificates
# base64 encoded keystore data
keyStoreFileData: |-
keyStorePassword:
keyPassword:
security:
enabled: false
# Authenticate using BasicAuth
authType:
username:
password:
# TODO: Remove SPNEGO
# kerberos:
# enabled: false
# # the kerberos principal <name>@<KDC-REALM>
# principal:
# # the service name HTTP@<service-url>
# serviceName:
# # keyTabData is the base64 contents kerberos keytab file is using kerberos mounted in /mnt/secrets
# # openssl base64 < keytab | tr -d '\n'
# keytabData: |-
# # jaasFileData is the contents of the kafka jaas file mounted in /mnt/secrets
# jaasFileData: |-
connectClusters:
enabled: false
clusters:
- name: streamreactor
port: 8083
jmxPort: 9102
protocol: http
offsetsTopic: connect-offsets
statusTopic: connect-status
configTopic: connect-configs
# Authenticate using BasicAuth
authType:
username:
password:
# TODO: Add connect auth using SSL
# Secret provider
aes256:
- key: PasswordPasswordPasswordPassword
hosts:
- host: connect-worker-1
# JMX/JOLOKIA Metrics
# metrics:
# type: "JMX"
# port: 9102
# protocol:
# username:
# password:
# ssl:
- host: connect-worker-2
- host: connect-worker-3
storage:
postgres:
enabled: false
host:
port: # optional, defaults to 5432
username:
password:
database:
schema: # optional, defaults to public schema
# Data Application Deployment Framework
deployments:
eventsBufferSize: 10000
errorsBufferSize: 1000
connect:
statusInterval: 30 second
actionsBufferSize: 1000
# sql
sql:
# processorImage: eu.gcr.io/lenses-container-registry/lenses-sql-processor
# processorImageTag: 2.3
mode: IN_PROC
heap: 1024M
minHeap: 128M
memLimit: 1152M
memRequest: 128M
livenessInitialDelay: 60 seconds
# If Lenses is ssl or sasl Lenses will create a secret from the contents below and it will be mounted into the runners
# This data is mounted into /mnt/secrets/processors for Lenses to read
# trustStoreFileData and keyStoreFileData is the base64 encoded contents of the jks files
# openssl base64 < client.keystore.jks | tr -d '\n'
# ssl:
# trustStoreFileData: |-
# keyStoreFileData: |-
# trustStorePassword:
# keyStorePassword:
# keyPassword:
# sasl:
# # keyTabData is the base64 contents kerberos keytab file is using kerberos mounted in /mnt/secrets/processors
# # openssl base64 < keytab | tr -d '\n'
# keyTabData: |-
# # TODO: Before removing, fix the bug where this was driving secure registry from the processor
# # jaasFileData is the contents of the kafka jaas file mounted in /mnt/secrets/processors
# jaasFileData: |-
# # mechanism is the sasl authentication mechanism GSSAPI, SCRAM or PLAIN
# mechanism: GSSAPI
# # krb5Conf is the kerberos config data to be mounted into /mnt/secrets/processors
# krb5Conf: |-
# alerts
alerts:
enabled: true
consumersLagThreshold: 50000
# The alert plugins to integrate with Lenses
plugins:
# Example
# - class: "io.lenses.alerts.plugin.slack.SlackAlertsPlugin"
# config: |
# {
# webhook-url="https://your-slack-webhook-url
# username=Lenses™
# channel=lenses-slack-test
# }
# - class: "io.lenses.alerts.plugin.am.AlertManagerPlugin"
# config: |
# {
# endpoints="http://your-alert-manager-url"
# source=PROD
# generator-url="http://lenses_prod:port1"
# }
#grafana
grafanaUrl:
# topics
topics:
# suffix to add to lenses system topics, for example if you are running more than one Lenses on the same kafka cluster
suffix:
security:
# Change Default Lenses user credentials.
# Username: admin / Password:admin
defaultUser:
# Example
# username: admin
# password: admin
# SPNEGO for incoming connections to Lenses
kerberos:
enabled: false
principal:
keytabData: |-
debug: false
# ldap setting
ldap:
enabled: false
url: ""
base: ""
password: ""
user: ""
filter: ""
# ldap plugins
plugin:
class: "io.lenses.security.ldap.LdapMemberOfUserGroupPlugin"
memberofKey: ""
groupExtractRegex: ""
personNameKey: ""
saml:
enabled: false
# The HTTPS URL of the Lenses deployment.
# This needs to match the Service Provider (SP) URL
# given to the Identity Provider (IdP)
# as it will be used as part of the SAML handshake protocol.
baseUrl:
# Provider type.
# Supported values:
# "azure" - Microsoft Azure
# "okta" - Okta
# "onelogin" - OneLogin
# "keycloak" - Keycloak
provider:
# XML File provided by the external Identity Provider.
# This is needed in order for Lenses SAML to understand how to communicate
# with the Idenity Provider.
# content of the XML file - base64 encoded
# openssl base64 < idp.xml | tr -d '\n'
metadataFileData: |-
# base64 encoded keystore data to be used for SAML crypto.
# openssl base64 < saml.jks | tr -d '\n'
keyStoreFileData: |-
# Password for accessing the keystore.
keyStorePassword:
# Alias to use for the private key within the keystore (only required when the keystore has multiple keys)
keyAlias:
# Password for accessing the private key within the keystore.
keyPassword:
append:
conf: |-
# license is the Lenses license
license: |-
# licenseUrl is a url pointing to the Lenses license
licenseUrl:
# Uncomment to inject custom env vars if needed
# env:
# CUSTOM_ENV_VAR: "foo"
# extra configurations that will be append to the lenses.conf file mounted in /mnt/settings
## keys must be uppercase and underscores for separators suit for use as environment variables
## see https://docs.lenses.io/install_setup/configuration/lenses-config.html#option-reference
configOverrides: {}
#LENSES_PROPERTY : value
sidecarContainers:
# - name: sidecar-example
# image: alpine
# command: ["sh", "-c", "watch datetime"]