| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Default values for skywalking. |
| # This is a YAML-formatted file. |
| # Declare variables to be passed into your templates. |
| |
| serviceAccounts: |
| oap: |
| # By default, create SkyWalking's ServiceAccount. If set to false, you also need to change `serviceAccounts.oap.name` value to a custom ServiceAccount name. |
| create: true |
| name: "" |
| |
| imagePullSecrets: [] |
| |
| initContainer: |
| image: busybox |
| tag: '1.30' |
| |
| oap: |
| name: oap |
| image: |
| repository: skywalking.docker.scarf.sh/apache/skywalking-oap-server |
| tag: null # Must be set explicitly |
| pullPolicy: IfNotPresent |
| storageType: null |
| ports: |
| # add more ports here if you need, for example |
| # zabbix: 10051 |
| grpc: 11800 |
| rest: 12800 |
| # zipkinreceiver: 9411 |
| # zipkinquery: 9412 |
| replicas: 2 |
| service: |
| type: ClusterIP |
| # add annotations to the oap service |
| annotations: {} |
| javaOpts: -Xmx2g -Xms2g |
| antiAffinity: "soft" |
| nodeAffinity: {} |
| nodeSelector: {} |
| tolerations: [] |
| resources: {} |
| # limits: |
| # cpu: 8 |
| # memory: 8Gi |
| # requests: |
| # cpu: 8 |
| # memory: 4Gi |
| livenessProbe: {} |
| # tcpSocket: |
| # port: 12800 |
| # initialDelaySeconds: 5 |
| # periodSeconds: 20 |
| startupProbe: {} |
| # Time to boot the application is set to: |
| # 9 (failureThreshold) * 10 (periodSeconds) = 90 seconds in this case. |
| # tcpSocket: |
| # port: 12800 |
| # failureThreshold: 9 |
| # periodSeconds: 10 |
| readinessProbe: {} |
| # tcpSocket: |
| # port: 12800 |
| # initialDelaySeconds: 5 |
| # periodSeconds: 20 |
| # podAnnotations: |
| # example: oap-foo |
| securityContext: {} |
| # runAsUser: 1000 |
| # runAsGroup: 1000 |
| # fsGroup: 1000 |
| env: |
| # more env, please refer to https://hub.docker.com/r/apache/skywalking-oap-server |
| # or https://github.com/apache/skywalking-docker/blob/master/6/6.4/oap/README.md#sw_telemetry |
| |
| # Allows you to add any config files in /skywalking/config |
| # such as log4j2.xml, oal/core.oal, etc. |
| config: {} |
| # metadata-service-mapping.yaml: | |
| # serviceName: e2e::${LABELS."service.istio.io/canonical-name"} |
| # serviceInstanceName: ${NAME} |
| # oal: |
| # core.oal: | |
| # service_resp_time = from(Service.latency).longAvg(); |
| # service_sla = from(Service.*).percent(status == true); |
| # service_cpm = from(Service.*).cpm(); |
| # log4j2.xml: | |
| # <Configuration status="DEBUG"> |
| # <!-- ... --> |
| # </Configuration> |
| # ui-initialized-templates: |
| # general: |
| # general-service.json: | |
| # [{"id":"General-Service" ... }] |
| # When 'dynamicConfig.enabled' set to true, enable oap dynamic configuration through k8s configmap, |
| # Note: The default configmap data is empty, please refer to the detailed documentation (https://github.com/apache/skywalking/blob/master/docs/en/setup/backend/dynamic-config.md) |
| # Sync period in seconds. Defaults to 60 seconds. |
| dynamicConfig: |
| enabled: false |
| period: 60 |
| config: {} |
| # agent-analyzer.default.slowDBAccessThreshold: default:200,mongodb:50 |
| # alarm.default.alarm-settings: | |
| # rules: |
| # # Rule unique name, must be ended with `_rule`. |
| # service_resp_time_rule: |
| # metrics-name: service_resp_time |
| # op: ">" |
| # threshold: 1000 |
| # period: 10 |
| # count: 3 |
| # silence-period: 5 |
| # Response time of service {name} is more than 1000ms in 3 minutes of last 10 minutes. |
| |
| ui: |
| name: ui |
| replicas: 1 |
| image: |
| repository: skywalking.docker.scarf.sh/apache/skywalking-ui |
| tag: null # Must be set explicitly |
| pullPolicy: IfNotPresent |
| # podAnnotations: |
| # example: oap-foo |
| nodeAffinity: {} |
| nodeSelector: {} |
| tolerations: [] |
| ingress: |
| enabled: false |
| annotations: {} |
| # kubernetes.io/ingress.class: nginx |
| # kubernetes.io/tls-acme: "true" |
| path: / |
| hosts: [] |
| # - skywalking.local |
| tls: [] |
| # - secretName: skywalking-tls |
| # hosts: |
| # - skywalking.local |
| service: |
| type: ClusterIP |
| # clusterIP: None |
| externalPort: 80 |
| internalPort: 8080 |
| ## nodePort is the port on each node on which this service is exposed when type=NodePort |
| ## Default: auto-allocated port if not specified. 30080 is just an example |
| ## |
| # nodePort: 30080 |
| ## External IP addresses of service |
| ## Default: nil |
| ## |
| # externalIPs: |
| # - 192.168.0.1 |
| # |
| ## LoadBalancer IP if service.type is LoadBalancer |
| ## Default: nil |
| ## |
| # loadBalancerIP: 10.2.2.2 |
| # Annotation example: setup ssl with aws cert when service.type is LoadBalancer |
| # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:EXAMPLE_CERT |
| annotations: {} |
| ## Limit load balancer source ips to list of CIDRs (where available) |
| # loadBalancerSourceRanges: [] |
| securityContext: {} |
| # runAsUser: 1000 |
| # runAsGroup: 1000 |
| # fsGroup: 1000 |
| env: |
| |
| oapInit: |
| nodeAffinity: {} |
| nodeSelector: {} |
| tolerations: [] |
| extraPodLabels: {} |
| # sidecar.istio.io/inject: false |
| |
| elasticsearch: |
| enabled: true |
| config: # For users of an existing elasticsearch cluster,takes effect when `elasticsearch.enabled` is false |
| port: |
| http: 9200 |
| host: elasticsearch # es service on kubernetes or host |
| user: "xxx" # [optional] |
| password: "xxx" # [optional] |
| clusterName: "elasticsearch" |
| nodeGroup: "master" |
| |
| # The service that non master groups will try to connect to when joining the cluster |
| # This should be set to clusterName + "-" + nodeGroup for your master group |
| masterService: "" |
| |
| # Elasticsearch roles that will be applied to this nodeGroup |
| # These will be set as environment variables. E.g. node.master=true |
| roles: |
| master: "true" |
| ingest: "true" |
| data: "true" |
| |
| replicas: 3 |
| minimumMasterNodes: 2 |
| |
| esMajorVersion: "" |
| |
| # Allows you to add any config files in /usr/share/elasticsearch/config/ |
| # such as elasticsearch.yml and log4j2.properties |
| esConfig: {} |
| # elasticsearch.yml: | |
| # key: |
| # nestedkey: value |
| # log4j2.properties: | |
| # key = value |
| |
| # Extra environment variables to append to this nodeGroup |
| # This will be appended to the current 'env:' key. You can use any of the kubernetes env |
| # syntax here |
| extraEnvs: [] |
| # - name: MY_ENVIRONMENT_VAR |
| # value: the_value_goes_here |
| |
| # A list of secrets and their paths to mount inside the pod |
| # This is useful for mounting certificates for security and for mounting |
| # the X-Pack license |
| secretMounts: [] |
| # - name: elastic-certificates |
| # secretName: elastic-certificates |
| # path: /usr/share/elasticsearch/config/certs |
| |
| podAnnotations: {} |
| # iam.amazonaws.com/role: es-cluster |
| |
| # additionals labels |
| labels: {} |
| |
| esJavaOpts: "-Xmx1g -Xms1g" |
| |
| resources: |
| requests: |
| cpu: "100m" |
| memory: "2Gi" |
| limits: |
| cpu: "1000m" |
| memory: "2Gi" |
| |
| initResources: {} |
| # limits: |
| # cpu: "25m" |
| # # memory: "128Mi" |
| # requests: |
| # cpu: "25m" |
| # memory: "128Mi" |
| |
| sidecarResources: {} |
| # limits: |
| # cpu: "25m" |
| # # memory: "128Mi" |
| # requests: |
| # cpu: "25m" |
| # memory: "128Mi" |
| |
| networkHost: "0.0.0.0" |
| |
| volumeClaimTemplate: |
| accessModes: [ "ReadWriteOnce" ] |
| resources: |
| requests: |
| storage: 30Gi |
| |
| rbac: |
| create: false |
| serviceAccountName: "" |
| |
| podSecurityPolicy: |
| create: false |
| name: "" |
| spec: |
| privileged: true |
| fsGroup: |
| rule: RunAsAny |
| runAsUser: |
| rule: RunAsAny |
| seLinux: |
| rule: RunAsAny |
| supplementalGroups: |
| rule: RunAsAny |
| volumes: |
| - secret |
| - configMap |
| - persistentVolumeClaim |
| |
| persistence: |
| enabled: false |
| annotations: {} |
| |
| extraVolumes: "" |
| # - name: extras |
| # emptyDir: {} |
| |
| extraVolumeMounts: "" |
| # - name: extras |
| # mountPath: /usr/share/extras |
| # readOnly: true |
| |
| extraInitContainers: "" |
| # - name: do-something |
| # image: busybox |
| # command: ['do', 'something'] |
| |
| # This is the PriorityClass settings as defined in |
| # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass |
| priorityClassName: "" |
| |
| # By default this will make sure two pods don't end up on the same node |
| # Changing this to a region would allow you to spread pods across regions |
| antiAffinityTopologyKey: "kubernetes.io/hostname" |
| |
| # Hard means that by default pods will only be scheduled if there are enough nodes for them |
| # and that they will never end up on the same node. Setting this to soft will do this "best effort" |
| antiAffinity: "hard" |
| |
| # This is the node affinity settings as defined in |
| # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature |
| nodeAffinity: {} |
| |
| # The default is to deploy all pods serially. By setting this to parallel all pods are started at |
| # the same time when bootstrapping the cluster |
| podManagementPolicy: "Parallel" |
| |
| protocol: http |
| httpPort: 9200 |
| transportPort: 9300 |
| |
| service: |
| labels: {} |
| labelsHeadless: {} |
| type: ClusterIP |
| nodePort: "" |
| annotations: {} |
| httpPortName: http |
| transportPortName: transport |
| |
| updateStrategy: RollingUpdate |
| |
| # This is the max unavailable setting for the pod disruption budget |
| # The default value of 1 will make sure that kubernetes won't allow more than 1 |
| # of your pods to be unavailable during maintenance |
| maxUnavailable: 1 |
| |
| podSecurityContext: |
| fsGroup: 1000 |
| runAsUser: 1000 |
| |
| # The following value is deprecated, |
| # please use the above podSecurityContext.fsGroup instead |
| fsGroup: "" |
| |
| securityContext: |
| capabilities: |
| drop: |
| - ALL |
| # readOnlyRootFilesystem: true |
| runAsNonRoot: true |
| runAsUser: 1000 |
| |
| # How long to wait for elasticsearch to stop gracefully |
| terminationGracePeriod: 120 |
| |
| sysctlVmMaxMapCount: 262144 |
| |
| readinessProbe: |
| failureThreshold: 3 |
| initialDelaySeconds: 10 |
| periodSeconds: 10 |
| successThreshold: 3 |
| timeoutSeconds: 5 |
| |
| # https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status |
| clusterHealthCheckParams: "wait_for_status=green&timeout=1s" |
| |
| ## Use an alternate scheduler. |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ |
| ## |
| schedulerName: "" |
| |
| imagePullSecrets: [] |
| nodeSelector: {} |
| tolerations: [] |
| |
| # Enabling this will publically expose your Elasticsearch instance. |
| # Only enable this if you have security enabled on your cluster |
| ingress: |
| enabled: false |
| annotations: {} |
| # kubernetes.io/ingress.class: nginx |
| # kubernetes.io/tls-acme: "true" |
| path: / |
| hosts: |
| - chart-example.local |
| tls: [] |
| # - secretName: chart-example-tls |
| # hosts: |
| # - chart-example.local |
| |
| nameOverride: "" |
| fullnameOverride: "" |
| |
| # https://github.com/elastic/helm-charts/issues/63 |
| masterTerminationFix: false |
| |
| lifecycle: {} |
| # preStop: |
| # exec: |
| # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] |
| # postStart: |
| # exec: |
| # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] |
| |
| sysctlInitContainer: |
| enabled: true |
| |
| keystore: [] |
| |
| postgresql: |
| enabled: false # Whether to start a demo postgresql deployment, don't use this for production. |
| config: |
| # The hostname of your own postgresql service, this only takes effect when postgresql.enabled is false. |
| host: postgresql-service.your-awesome-company.com |
| auth: |
| username: postgres |
| password: "123456" |
| database: skywalking |
| containerPorts: |
| postgresql: 5432 |
| primary: |
| persistence: |
| enabled: false |
| readReplicas: |
| persistence: |
| enabled: false |
| |
| banyandb: |
| enabled: false |
| config: |
| httpHost: banyandb-http |
| httpPort: 17913 |
| targets: "banyandb-grpc:17912" |
| standalone: |
| enabled: true |
| cluster: |
| enabled: false |
| liaison: |
| replicas: 1 |
| data: |
| replicas: 1 |
| etcd: |
| enabled: false |
| replicaCount: 1 |
| |
| satellite: |
| name: satellite |
| replicas: 1 |
| enabled: false |
| image: |
| repository: skywalking.docker.scarf.sh/apache/skywalking-satellite |
| tag: null # Must be set explicitly |
| pullPolicy: IfNotPresent |
| ports: |
| grpc: 11800 |
| prometheus: 1234 |
| # Disable the pprof port by default, only enabled it when you need to debug the satellite. |
| # pprof: 6060 |
| service: |
| type: ClusterIP |
| antiAffinity: "soft" |
| nodeAffinity: {} |
| nodeSelector: {} |
| tolerations: [] |
| resources: {} |
| # limits: |
| # cpu: 4 |
| # memory: 8Gi |
| # requests: |
| # cpu: 4 |
| # memory: 4Gi |
| podAnnotations: |
| # example: oap-foo |
| env: |
| # more env, please refer to https://skywalking.apache.org/docs/skywalking-satellite/latest/en/setup/readme/#satellite_configyaml |
| # Allows you to add any config files in /skywalking/config. |
| config: {} |
| # satellite_config.yaml: | |
| # key: val |
| securityContext: {} |
| # runAsUser: 1000 |
| # runAsGroup: 1000 |
| # fsGroup: 1000 |
| |
| nameOverride: "" |
| fullnameOverride: "" |