Configure a custom values file for Scalar Admin for Kubernetes
This document explains how to create your custom values file for the Scalar Admin for Kubernetes chart. For details on the parameters, see the README of the Scalar Admin for Kubernetes chart.
Required configurations
This section explains the required configurations when setting up a custom values file for Scalar Admin for Kubernetes.
Flag configurations
You must specify several flags to scalarAdminForKubernetes.commandArgs
as an array to run Scalar Admin for Kubernetes. For more details on the flags, see README of Scalar Admin for Kubernetes.
scalarAdminForKubernetes:
commandArgs:
- -r
- <HELM_RELEASE_NAME>
- -n
- <SCALAR_PRODUCT_NAMESPACE>
- -d
- <PAUSE_DURATION>
- -z
- <TIMEZONE>
Optional configurations
This section explains the optional configurations when setting up a custom values file for Scalar Admin for Kubernetes.
CronJob configurations (optional based on your environment)
By default, the Scalar Admin for Kubernetes chart creates a Job resource to run the Scalar Admin for Kubernetes CLI tool once. If you want to run the Scalar Admin for Kubernetes CLI tool periodically by using CronJob, you can set scalarAdminForKubernetes.jobType
to cronjob
. Also, you can set some configurations for the CronJob resource.
scalarAdminForKubernetes:
cronJob:
timeZone: "Etc/UTC"
schedule: "0 0 * * *"
Resource configurations (recommended in production environments)
To control pod resources by using requests and limits in Kubernetes, you can use scalarAdminForKubernetes.resources
.
You can configure requests and limits by using the same syntax as requests and limits in Kubernetes. For more details on requests and limits in Kubernetes, see Resource Management for Pods and Containers.
scalarAdminForKubernetes:
resources:
requests:
cpu: 1000m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
SecurityContext configurations (default value is recommended)
To set SecurityContext and PodSecurityContext for Scalar Admin for Kubernetes pods, you can use scalarAdminForKubernetes.securityContext
and scalarAdminForKubernetes.podSecurityContext
.
You can configure SecurityContext and PodSecurityContext by using the same syntax as SecurityContext and PodSecurityContext in Kubernetes. For more details on the SecurityContext and PodSecurityContext configurations in Kubernetes, see Configure a Security Context for a Pod or Container.
scalarAdminForKubernetes:
podSecurityContext:
seccompProfile:
type: RuntimeDefault
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
allowPrivilegeEscalation: false
Image configurations (default value is recommended)
If you want to change the image repository, you can use scalarAdminForKubernetes.image.repository
to specify the container repository information of the Scalar Admin for Kubernetes image that you want to pull.
scalarAdminForKubernetes:
image:
repository: <SCALAR_ADMIN_FOR_KUBERNETES_CONTAINER_IMAGE>
Taint and toleration configurations (optional based on your environment)
If you want to control pod deployment by using taints and tolerations in Kubernetes, you can use scalarAdminForKubernetes.tolerations
.
You can configure taints and tolerations by using the same syntax as the tolerations in Kubernetes. For details on configuring tolerations in Kubernetes, see the official Kubernetes documentation Taints and Tolerations.
scalarAdminForKubernetes:
tolerations:
- effect: NoSchedule
key: scalar-labs.com/dedicated-node
operator: Equal
value: scalardb-analytics-postgresql
TLS configurations (optional based on your environment)
You can enable TLS between Scalar Admin for Kubernetes and the pause targets (ScalarDB Cluster or ScalarDL) by using the following configurations:
scalarAdminForKubernetes:
commandArgs:
- (omit other options)
- --tls
- --ca-root-cert-path
- /tls/certs/ca.crt
- --override-authority
- cluster.scalardb.example.com
You can mount the /tls/certs/ca.crt
file on a pod by using a secret resource. To mount the file, specify the name of the secret resource that includes the root CA certificate file to scalarAdminForKubernetes.tls.caRootCertSecret
as follows:
scalarAdminForKubernetes:
tls:
caRootCertSecret: "scalar-admin-tls-ca"
In this case, you have to create a secret resource that includes the root CA certificate file for the pause targets (ScalarDB Cluster or ScalarDL) as follows:
kubectl create secret generic scalar-admin-tls-ca --from-file=ca.crt=/path/to/your/ca/certificate/file -n <NAMESPACE>