## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets ## # global: # imageRegistry: myRegistryName # imagePullSecrets: # - myRegistryKeySecretName image: &image registry: docker.io repository: dgraph/dgraph tag: v21.03.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging ## debug: false zero: name: zero metrics: enabled: true monitorLabel: zero-dgraph-io ## StatefulSet controller supports automated updates. There are two valid update strategies: RollingUpdate and OnDelete ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets ## updateStrategy: RollingUpdate ## Partition update strategy ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions ## # rollingUpdatePartition: ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## podManagementPolicy: OrderedReady ## Number of dgraph zero pods ## replicaCount: 1 ## Max number of replicas per data shard. ## i.e., the max number of Dgraph Alpha instances per group (shard). ## shardReplicaCount: 1 ## zero server pod termination grace period ## terminationGracePeriodSeconds: 60 ## Hard means that by default pods will only be scheduled if there are enough nodes for them ## and that they will never end up on the same node. Setting this to soft will do this "best effort" antiAffinity: soft ## By default this will make sure two pods don't end up on the same node ## Changing this to a region would allow you to spread pods across regions podAntiAffinitytopologyKey: "kubernetes.io/hostname" ## This is the node affinity settings as defined in ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature nodeAffinity: {} ## Extra environment variables which will be appended to the env: definition for the container. extraEnvs: [] ## Configuration file for dgraph zero used as an alternative to command-line options ## Ref: https://dgraph.io/docs/deploy/#config configFile: {} ## Kubernetes configuration ## For minikube, set this to NodePort, elsewhere use LoadBalancer ## service: type: ClusterIP annotations: {} ## StatefulSet pods will need to have addresses published in order to ## communicate to each other in order to enter a ready state. publishNotReadyAddresses: true ## dgraph Pod Security Context securityContext: enabled: false fsGroup: 1001 runAsUser: 1001 ## dgraph data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## persistence: enabled: true storageClass: "ssd" accessModes: - ReadWriteOnce size: 300Gi ## Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## nodeSelector: cloud.google.com/gke-nodepool: dgraph-custom-n32d tolerations: - key: "is_dgraph" operator: "Exists" effect: "NoSchedule" ## Configure resource requests ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 3200Mi cpu: 7500m limits: memory: 5200Mi cpu: 8500m ## Configure extra options for startup, liveness and readiness probes. ## NOTE: startupProbe only support in Kubernetes v1.16+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## startupProbe: enabled: false port: 6080 path: /health periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 livenessProbe: enabled: true port: 6080 path: /health initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true port: 6080 path: /health initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Custom liveness and readiness probes customStartupProbe: {} customLivenessProbe: {} customReadinessProbe: {} alpha: name: alpha metrics: enabled: true monitorLabel: alpha-dgraph-io ## StatefulSet controller supports automated updates. There are two valid update strategies: RollingUpdate and OnDelete ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets ## updateStrategy: RollingUpdate ## Partition update strategy ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions ## # rollingUpdatePartition: ## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## podManagementPolicy: OrderedReady ## Number of dgraph nodes ## replicaCount: 1 ## zero server pod termination grace period ## terminationGracePeriodSeconds: 600 ## Hard means that by default pods will only be scheduled if there are enough nodes for them ## and that they will never end up on the same node. Setting this to soft will do this "best effort" antiAffinity: soft ## By default this will make sure two pods don't end up on the same node ## Changing this to a region would allow you to spread pods across regions podAntiAffinitytopologyKey: "kubernetes.io/hostname" ## This is the node affinity settings as defined in ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature nodeAffinity: {} # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: cloud.google.com/gke-nodepool # operator: In # values: # - dgraph-nd2-16 ## Extra environment variables which will be appended to the env: definition for the container. extraEnvs: [] # - name: AWS_ACCESS_KEY_ID # value: "XXXXXXXXXXXXXXXXXXXX" # - name: AWS_SECRET_ACCESS_KEY # value: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" ## Configuration file for dgraph alpha used as an alternative to command-line options ## Ref: https://dgraph.io/docs/deploy/#config configFile: config.yaml: | lru_mb: 2048 export: '/exports' alsologtostderr: 'true' security: whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 ## Kubernetes configuration ## For minikube, set this to NodePort, elsewhere use LoadBalancer ## service: type: LoadBalancer annotations: {} ## StatefulSet pods will need to have addresses published in order to ## communicate to each other in order to enter a ready state. publishNotReadyAddresses: true ## alpha ingress resource configuration ## This requires an ingress controller to be installed into your k8s cluster ingress: enabled: true hostname: skipped annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "debug/prometheus_metrics" tls: - secretName: zero-dgraph-tls hosts: - skipped ## dgraph Pod Security Context securityContext: enabled: false fsGroup: 1001 runAsUser: 1001 ## TLS Configuration ## Documentation on dgraph alpha TLS options, ## see https://dgraph.io/docs/deploy/#tls-options tls: enabled: false ## Files created from './tls' directory set with `dgraph cert` command ## Can use make_tls_secrets.sh to generate secrets.yaml files: {} ## ACL Configuration ## Documentation on Enterprise ACL Feature ## see https://dgraph.io/docs/enterprise-features/access-control-lists/ acl: enabled: false ## The values in `file: {}` will be the filename as key and the file data as the value. ## Make sure that the filename key matches the dgraph configuration of `acl_secret_file` # file: # ## value for 1234567890123456789012345678901 # ## Note that Kubernetes secrets must be base64-encoded # hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMQo= ## Encryption at Rest Configuration ## Documentation on Enterprise ACL Feature ## see https://dgraph.io/docs/enterprise-features/encryption-at-rest/ encryption: enabled: false ## The values in `file: {}` will be the filename as key and the file data as the value. ## Make sure that the filename key matches the dgraph configuration of `encryption_key_file` # file: # ## value for 123456789012345 # ## Note that Kubernetes secrets must be base64-encoded # enc_key_file: MTIzNDU2Nzg5MDEyMzQ1Cg== ## dgraph data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## persistence: enabled: true storageClass: "ssd" accessModes: - ReadWriteOnce size: 750Gi annotations: {} ## Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ ## nodeSelector: cloud.google.com/gke-nodepool: dgraph-custom-n32d tolerations: - key: "is_dgraph" operator: "Exists" effect: "NoSchedule" ## Configure resource requests ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 19400Mi cpu: 23 limits: memory: 19400Mi cpu: 24 ## Configure extra options for startup, liveness and readiness probes ## NOTE: startupProbe only support in Kubernetes v1.16+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## startupProbe: enabled: false port: 8080 path: /health?live=1 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 30 successThreshold: 1 livenessProbe: enabled: true port: 8080 path: /health?live=1 initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true port: 8080 path: /health initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Custom liveness and readiness probes customStartupProbe: {} customLivenessProbe: {} customReadinessProbe: {} ratel: name: ratel ## Enable Ratel service enabled: true ## Number of dgraph nodes ## replicaCount: 1 # Extra environment variables which will be appended to the env: definition for the container. extraEnvs: [] ## Kubernetes configuration ## For minikube, set this to NodePort, elsewhere use ClusterIP or LoadBalancer ## service: type: ClusterIP annotations: {} ## ratel ingress resource configuration ## This requires an ingress controller to be installed into your k8s cluster ingress: enabled: true hostname: skipped annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-prod" tls: - secretName: ratel-dgraph-tls hosts: - skipped ## dgraph Pod Security Context securityContext: enabled: false fsGroup: 1001 runAsUser: 1001 ## Configure resource requests ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 20Mi cpu: 5m ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## livenessProbe: enabled: true port: 8000 path: / initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true port: 8000 path: / initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Custom liveness and readiness probes customLivenessProbe: {} customReadinessProbe: {} ## Binary Backup CronJob Configuration (Enterprise feature) ## ref: https://dgraph.io/docs/enterprise-features/binary-backups/ ## backups: name: backups admin: ## backup user and password that is a member of 'guardians'group used to ## login if ACLs are enabled. This fetches an access token used to trigger backups ## ref: https://dgraph.io/docs/enterprise-features/access-control-lists/ user: groot # password: password ## Mutual TLS client certficate and key can be used to secure transaction that was created with ## dgraph cert --client should be specified here. ## ref. https://dgraph.io/docs/deploy/tls-configuration/ tls_client: "" ## Authorization Token can be used to secure /login and /admin. The auth token ## string that is set Alpha configuration or environment variable needs to be ## specified here so that backups can properly login. ## ref. https://dgraph.io/docs/deploy/dgraph-administration/#securing-alter-operations auth_token: "" ## Backups image - image needs at least curl command ## default is to reuse dgraph image image: << : *image ## NFS Configuration for mounting a filepath in Alpha pods ## Prerequisites: NFS Server required, e.g. Google Cloud FileStore, EFS, etc. ## ref. https://kubernetes.io/docs/concepts/storage/volumes/#nfs nfs: enabled: false server: "" path: "" storage: 512Gi mountPath: &nfs_backups_path /dgraph/backups ## Volume Configuration for mounting a filepath in Alpha pods ## Prerequisites: PVC must be created beforehand. ## On cluster with 2+ alpha pods, RWX (ReadWriteMany) access mode is required. ## ref. https://kubernetes.io/docs/concepts/storage/persistent-volumes/ volume: enabled: false claim: "" mountPath: &vol_backups_path /dgraph/backups/ full: enabled: false ## enable bash debugging (set -x) debug: false ## full backup schedule ## 12AM server time schedule: "0 * * * *" incremental: enabled: false ## enable bash debugging (set -x) debug: false ## incremental backup schedule ## every hour, except 12AM serer time schedule: "0 1-23 * * *" ## destination is file path, s3, or minio ## examples: ## /dgraph/backups ## s3://s3.us-west-2.amazonawsinfo.com/ ## minio://my-release-minio.default.svc:9000/ destination: *nfs_backups_path ## subpath directory useful to store full and reclated incremental backuups ## in the same directory. ## NOTE: It is important to create directory name that matches the schedule. ## For example, daily fulls and hourly incrementals, a directory could ## be named dgraph_$(date +%Y%m%d) ## ref. `date` command: https://www.gnu.org/software/coreutils/manual/html_node/date-invocation.html#date-invocation subpath: dgraph_$(date +%Y%m%d) ## enable if minio service has https:// minioSecure: false ## specify access keys required by MinIO or S3 keys: minio: ## MINIO_ACCESS_KEY env var access: "" ## MINIO_SECRET_KEY env var secret: "" s3: ## AWS_ACCESS_KEY_ID env var access: "" ## AWS_SECRET_ACCESS_KEY env var secret: "" global: ## Combined ingress resource for alpha and ratel services ## This will override existing ingress configurations under alpha and ratel ## This requires an ingress controller to be installed into your k8s cluster ingress: enabled: false annotations: {} tls: {} ratel_hostname: "" alpha_hostname: ""