forked from open-metadata/openmetadata-helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
266 lines (248 loc) · 7.13 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
# Default values for OpenMetadata.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
# Overrides the openmetadata config file with the help of Environment Variables
# Below are defaults as per openmetadata-dependencies Helm Chart Values
global:
# Values can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL
logLevel: INFO
clusterName: openmetadata
openmetadata:
host: openmetadata
port: 8585
adminPort: 8586
elasticsearch:
host: elasticsearch
port: 9200
scheme: http
connectionTimeoutSecs: 5
socketTimeoutSecs: 60
batchSize: 10
trustStore:
enabled: false
path: ""
password:
secretRef: "elasticsearch-truststore-secrets"
secretKey: "openmetadata-elasticsearch-truststore-password"
auth:
enabled: false
username: "elasticsearch"
password:
secretRef: elasticsearch-secrets
secretKey: openmetadata-elasticsearch-password
database:
host: mysql
port: 3306
driverClass: com.mysql.cj.jdbc.Driver
dbScheme: mysql
dbUseSSL: false
databaseName: openmetadata_db
auth:
username: openmetadata_user
password:
secretRef: mysql-secrets
secretKey: openmetadata-mysql-password
airflow:
enabled: true
# endpoint url for airflow
host: http://openmetadata-dependencies-web.default.svc.cluster.local:8080
auth:
username: admin
password:
secretRef: airflow-secrets
secretKey: openmetadata-airflow-password
openmetadata:
# possible values are "no-auth", "azure", "google", "okta", "auth0", "custom-oidc", "openmetadata"
authProvider: "no-auth"
# this will be the api endpoint url of OpenMetadata Server
serverHostApiUrl: "http://openmetadata.default.svc.cluster.local:8585/api"
authConfig:
azure:
clientSecret:
secretRef: azure-client-secret
secretKey: azure-client-secret
authority: ""
scopes: []
clientId: ""
google:
# absolute path of secret file on airflow instance
secretKeyPath: ""
audience: "https://www.googleapis.com/oauth2/v4/token"
okta:
clientId: ""
orgUrl: ""
privateKey:
secretRef: okta-client-private-key-secret
secretKey: okta-client-private-key-secret
email: ""
scopes: []
auth0:
clientId: ""
secretKey:
secretRef: auth0-client-key-secret
secretKey: auth0-client-key-secret
domain: ""
customOidc:
clientId: ""
secretKey:
secretRef: custom-oidc-key-secret
secretKey: custom-oidc-key-secret
tokenEndpoint: ""
openMetadata:
jwtToken:
secretRef: openmetadata-jwt-secret
secretKey: openmetadata-jwt-secret
authorizer:
className: "org.openmetadata.catalog.security.NoopAuthorizer"
containerRequestFilter: "org.openmetadata.catalog.security.NoopFilter"
initialAdmins:
- "admin"
botPrincipals:
- "ingestion-bot"
principalDomain: "open-metadata.org"
enforcePrincipalDomain: false
enableSecureSocketConnection: false
authentication:
provider: "no-auth"
publicKeys:
- ""
authority: ""
clientId: ""
callbackUrl: ""
jwtPrincipalClaims:
- "email"
- "preferred_username"
- "sub"
jwtTokenConfiguration:
enabled: false
# File Path on Airflow Container
rsapublicKeyFilePath: ""
# File Path on Airflow Container
rsaprivateKeyFilePath: ""
jwtissuer: "open-metadata.org"
keyId: "Gb389a-9f76-gdjs-a92j-0242bk94356"
fernetKey: "jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA="
secretsManager:
# Possible values are noop, aws, aws-ssm
provider: noop
additionalParameters:
enabled: false
region: ""
accessKeyId:
secretRef: aws-access-key-secret
secretKey: aws-key-secret
secretAccessKey:
secretRef: aws-secret-access-key-secret
secretKey: aws-key-secret
# You can create Kubernetes secrets from AWS Credentials with the below command
# kubectl create secret generic aws-key-secret \
# --from-literal=aws-access-key-secret=<access_key_id_value> \
# --from-literal=aws-secret-access-key-secret=<access_key_secret_value>
# Example Google SSO Auth Config
# authorizer:
# className: "org.openmetadata.catalog.security.DefaultAuthorizer"
# containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
# initialAdmins:
# - "suresh"
# botPrincipal:
# - "ingestion-bot"
# principalDomain: "open-metadata.org"
# authentication:
# provider: "google"
# publicKeys:
# - "https://www.googleapis.com/oauth2/v3/certs"
# authority: "https://accounts.google.com"
# clientId: "<client_id>"
# callbackUrl: "<callback_url>"
image:
repository: openmetadata/server
# Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: "Always"
sidecars: []
# - name: "busybox"
# image: "busybox:1.34.1"
# imagePullPolicy: "Always"
# command: ["ls"]
# args: ["-latr", "/usr/share"]
# env:
# - name: DEMO
# value: "DEMO"
# volumeMounts:
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
imagePullSecrets: []
nameOverride: ""
fullnameOverride: "openmetadata"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 100
service:
type: ClusterIP
port: 8585
adminPort: 8586
annotations: {}
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/tls-acme: "true"
hosts:
- host: open-metadata.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: tls-open-metadata.local
# hosts:
# - open-metadata.local
extraEnvs: []
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
extraVolumes: []
# - name: extras
# emptyDir: {}
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
extraInitContainers: []
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 5