Stash Enterprise by AppsCode - Enterprise features for Stash by AppsCode
$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm install stash-enterprise appscode/stash-enterprise -n kube-system
This chart deploys a Stash Enterprise operator on a Kubernetes cluster using the Helm package manager.
- Kubernetes 1.11+
To install the chart with the release name stash-enterprise
:
$ helm install stash-enterprise appscode/stash-enterprise -n kube-system
The command deploys a Stash Enterprise operator on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
To uninstall/delete the stash-enterprise
:
$ helm delete stash-enterprise -n kube-system
The command removes all the Kubernetes components associated with the chart and deletes the release.
The following table lists the configurable parameters of the stash-enterprise
chart and their default values.
Parameter | Description | Default |
---|---|---|
nameOverride | Overrides name template | "" |
fullnameOverride | Overrides fullname template | "" |
replicaCount | Number of stash operator replicas to create (only 1 is supported) | 1 |
license | License for the product. Get a license by following the steps from here. Example: helm install appscode/stash-enterprise \ --set-file license=/path/to/license/file or helm install appscode/stash-enterprise \ --set license=<license file content> |
"" |
licenseApiService | Name of the ApiService to use by the addon to identify the respective service and certificate for license verification request | v1beta1.admission.stash.appscode.com |
operator.registry | Docker registry used to pull operator image | stashed |
operator.repository | Name of operator container image | stash-enterprise |
operator.tag | Operator container image tag | v0.11.5 |
operator.resources | Compute Resources required by the operator container | {"requests":{"cpu":"100m"}} |
operator.securityContext | Security options the operator container should run with | {} |
pushgateway.registry | Docker registry used to pull Prometheus pushgateway image | prom |
pushgateway.repository | Prometheus pushgateway container image | pushgateway |
pushgateway.tag | Prometheus pushgateway container image tag | v1.2.0 |
pushgateway.resources | Compute Resources required by the Prometheus pushgateway container | {} |
pushgateway.securityContext | Security options the Prometheus pushgateway container should run with | {} |
cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode |
cleaner.repository | Webhook cleaner container image | kubectl |
cleaner.tag | Webhook cleaner container image tag | v1.16 |
imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace. Example: helm template charts/stash \ --set imagePullSecrets[0].name=sec0 \ --set imagePullSecrets[1].name=sec1 |
[] |
imagePullPolicy | Container image pull policy | IfNotPresent |
criticalAddon | If true, installs Stash operator as critical addon | false |
logLevel | Log level for operator | 3 |
annotations | Annotations applied to operator deployment | {} |
podAnnotations | Annotations passed to operator pod(s). | {} |
nodeSelector | Node labels for pod assignment | {"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux"} |
tolerations | Tolerations for pod assignment | [] |
affinity | Affinity rules for pod assignment | {} |
podSecurityContext | Security options the operator pod should run with. | {"fsGroup":65535} |
serviceAccount.create | Specifies whether a service account should be created | true |
serviceAccount.annotations | Annotations to add to the service account | {} |
serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `` |
apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | 10000 |
apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | 15 |
apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | true |
apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | true |
apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. | not-ca-cert |
apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | false |
apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround Azure/AKS#522 (default true) | true |
apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | false |
apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in apiserver.servingCerts.{caCrt, serverCrt, serverKey} . |
true |
apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | "" |
apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | "" |
apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | "" |
enableAnalytics | If true, sends usage analytics | true |
monitoring.agent | Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") | "none" |
monitoring.backup | Specify whether to monitor Stash backup and recovery | false |
monitoring.operator | Specify whether to monitor Stash operator | false |
monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is prometheus.io/operator . |
{} |
security.apparmor.enabled | Optional: Allows the default AppArmor profile, requires setting the default. |
false |
security.seccomp.enabled | Optional: Allows the default seccomp profile, requires setting the default. |
false |
security.podSecurityPolicies | PSP names passed to operator Example: helm install appscode/stash \ --set podSecurityPolicies[0]=abc \ --set podSecurityPolicies[1]=xyz |
["baseline"] |
platform.openshift | Set true, if installed in OpenShift | false |
netVolAccessor.cpu | CPU resource for each network volume accessor deployment | 100m |
netVolAccessor.memory | Memory for each network volume accessor deployment | 128Mi |
netVolAccessor.runAsUser | Run the network volume accessor with this UID. | 2000 |
netVolAccessor.privileged | Run the network volume accessor deployments in privileged mode | false |
Specify each parameter using the --set key=value[,key=value]
argument to helm install
. For example:
$ helm install stash-enterprise appscode/stash-enterprise -n kube-system --set replicaCount=1
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
$ helm install stash-enterprise appscode/stash-enterprise -n kube-system --values values.yaml