-
Notifications
You must be signed in to change notification settings - Fork 25
/
values.sample.yaml
249 lines (227 loc) · 9.48 KB
/
values.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
environmentName: <company-name>
#
# useUnprivilegedContainers will pull images that do not run as root if
# using tonic provided images rather than rehosted customer images
# additionally it enforces that containers cannot run as root, uses the
# default runtime security profile, forbids privilege escalation and drops
# all SYS_CAP privileges. This setting allows tonic to run in restricted
# environments such as openshift
# NOTE setting explicit image tags in any of the tonicai services will
# overwrite the default unprivileged image tags. If you rehost unprivileged
# images then you should set useUnprivilegedContainers and tonicai service
# image tags; otherwise you only need to set this flag to true or false
useUnprivilegedContainers: false
# setting this to true will run tonic containers with a read only root
# filesystem and provides necessary emptyDir volume mounts
readOnlyRootFilesystem: false
# tonicdb is the postgres database that will hold information about your workspace.
tonicdb:
host: <db-host>
port: 5432
dbName: tonic
user: <user>
password: <password>
sslMode: Require
# tonicStatisticsSeed will cause generations to be consisent with each other for anything where consistency is set to true.
# otherwise each generation will be internally consistent, but not consistent with other generations.
# add quote to integer values to get rid of helm cast large number to float64, refer to this issue: https://github.com/helm/helm/issues/1707
# tonicStatisticsSeed: "<any-integer>"
# numberOfWorkers will determine how many worker containers are deployed when installing the helm chart.
numberOfWorkers: 1
# enableLogCollection will send errors and general information about generations to Tonic if true. It will not send user data.
enableLogCollection: false
# This value will be provided to you by Tonic and will allow you to authenticate against our private docker repository.
dockerConfigAuth: <docker-config-auth>
# Service account for tonic
serviceAccount:
create: true
annotations: {}
# You can set this to a specific Tonic version number if you wish to ensure you always get the same version. Otherwise you will always deploy the latest version of Tonic.
tonicVersion: latest
# Container repository with tonic images. If you don't use the default one you will have to copy images over before deployment
tonicai:
web_server:
env: {}
envRaw: {}
#image: quay.io/tonicai/tonic_web_server
# Comma separated list of user emails that should be have the Admin role in Tonic.
administrators: [email protected],[email protected]
# annotations to apply to the service that routes traffic to the web server
annotations: {}
# By default this chart will create an internal load balancer service on
# EKS and AKS; however, providing additional annotations will disable this
# If additional annotations are applied and you need a load balancer to
# the Tonic installation see documentation from your cloud provider
# AWS: https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
# https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/
# Azure: https://learn.microsoft.com/en-us/azure/aks/internal-lb
# GCP: https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer
features:
# Enables/Disables the HostIntegrations endpoint
host_integration_enabled: "true"
kubernetes_role: "default"
ports:
httpsOnly: true
https: 443
http: 80
# Supported values are LoadBalancer, ClusterIP and NodePort.
# By default, this is set to LoadBalancer when use_ingress = false and ClusterIP when use_ingress = true
# If a value is provided here, it will override the default set based on use_ingress
# service_type: "LoadBalancer"
resources:
requests:
memory: "2Gi"
ephemeral-storage: "1Gi"
limits:
memory: "3Gi"
worker:
#image: quay.io/tonicai/tonic_worker
env: {}
envRaw: {}
ports:
httpsOnly: true
https: 443
http: 80
resources:
requests:
memory: "6Gi"
ephemeral-storage: "1Gi"
limits:
memory: "12Gi"
notifications:
#image: quay.io/tonicai/tonic_notifications
env: {}
envRaw: {}
resources:
requests:
memory: "512Mi"
ephemeral-storage: "1Gi"
limits:
memory: "1Gi"
pyml_service:
#image: quay.io/tonicai/tonic_pyml_service
env: {}
envRaw: {}
resources:
requests:
memory: "512Mi"
ephemeral-storage: "1Gi"
limits:
memory: "8Gi"
# To enable Nvidia acceleration for the pyml container, uncomment the following
# lines and specify how many GPUs to allocate for the pod. If this feature is
# enabled then your cluster must support the nvidia.com/gpu resource.
#nvida.com/gpu: 1
# If you use node taints and pod tolerances to control scheduling
# of GPU bound workloads, then you can also provide a list of tolerations the
# pyml pod should accept
tolerations: []
# - key: "tonic.ai/gpu"
# operator: "Exists"
# effect: "NoSchedule"
# use_ingress typically only used by TIM
#use_ingress: true
#ingress:
# class: nginx
# host: null
# labels: {}
# By default this chart will create an nginx ingress, however providing
# additional annotations will disable this
# annotations: {}
# Deployment Strategy: This can be set to either "RollingUpdate" or "Recreate". If not provided, the default value
# is "RollingUpdate". "RollingUpdate" will perform a rolling update of the deployment similar to a blue/green
# deployment and thus requires additional resources as both old and new versions will be running silmultaneously
# for several minutes. Tonic will be available during this time, but behavior may be unpredictable depending on
# differences in the running an new versions. "Recreate" means that the current deployment will be deleted and a
# new one created. This will result in Tonic being down during an update.
deployStrategy: RollingUpdate
containerization:
# if self managing RBAC, to use containerization the tonic service account
# will need a rolebinding that grants:
# rules:
# - apiGroups: [""]
# resources: ["pods"]
# verbs: ["get", "list", "delete", "create", "watch", "deletecollection"]
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["list", "delete", "create", "deletecollection"]
rbac:
create: true
datapacker:
imageRepo: quay.io/tonicai/datapacker
# Professional and Enterprise License Only: Below are the settings for Single Sign On. Not every provider requires every value. The Tonic support team will help you configure this.
# tonicSsoConfig:
# groupFilter: <regex that matches groups to import into Tonic, like .*Tonic.*>
# AWS SSO Config
# -----------------
# provider: AWS
# identityProviderId: <identity-provider-id>
# entityId: <entity-id>
# # provided for existing chart installations, new installations should set
# # metadataXml.url or metadataXml.base64 instead
# samlIdpMetadataXml: <base64 encoded SAML metadata IDP xml>
# metadataXml:
# url: <url to metadata xml, given priority>
# base64: <base64 encoded SAML metadata IDP xml>
# Azure SSO Config
# -----------------
# provider: Azure
# clientId: <client-id>
# clientSecret: <client-secret>
# tenantId: <tenant-id>
# Duo SSO Config
# -----------------
# provider: Duo
# clientId: <client-id>
# clientSecret: <client-secret>
# domain: <sso-domain>
# Google SSO Config
# -----------------
# clientId: <client-id>
# clientSecret: <client-secret>
# provider: Google
# domain: <sso-domain>
# googleAccountServiceJson: <base64 encoded version of your service account json>
# Okta SSO Config
# -----------------
# provider: Okta
# authServerId: <customer auth server if you have one>
# clientId: <client-id>
# domain: <sso-domain>
# identityProviderId: <identity-provider-id>
# Keycloak SSO Config
# -----------------
# provider: Keycloak
# clientId: <client-id>
# domain: <url-of-keycloak>
# realmId: <realm-id>
# Generic Saml SSO Config
# -----------------------
# provider: SAML
# metadataXml:
# url: <url to metadataXml, given priority>
# base64: <base64 encoded metadataXml>
# entityId: <entity id used to send requests from tonic, if not provided, will be determined from metadata xml>
# Generic OIDC SSO Config
# -----------------
# provider: OIDC
# clientId: <client-id>
# authority: <url-of-authority>
# optionalConfig:
# scopes: <space delimited scopes>
# firstNameClaimName: <Name of first name claim if different than OIDC standard>
# lastNameClaimName: <Name of last name claim if different than OIDC standard>
# emailClaimName: <Name of email/username claim if different than OIDC standard>
# groupsClaimName: <Name of groups claim>
# Professional and Enterprise License Only: Configuration options for tonic-notifications.
# tonicSmtpConfig:
# tonicUrl: <tonic URL, for links>
# sendingAddress: <[email protected]>
# smtpServerAddress: <smtp host>
# smtpServerPort: <smtp port>
# smtpUsername: <smtp username>
# smtpPassword: <smtp password>
# Role used by Tonic to connect to AWS Lambda. This is needed for Snowflake and Redshift integrations.
# awsLambdaRoleArn: arn:aws:iam::<accountId>:role/<role-name>
# Your license should be configured by an admin within the Tonic UI. It can optionally be set here if there is no admin.
# tonicLicense: <license-key>