Configure a Custom Values File for Scalar Manager
This document provides instructions on how to configure a custom values file for the Scalar Manager Helm Chart. For details about the available parameters, see the README in the Scalar Manager chart repository.
Required configurations​
This section describes the service, image, and Scalar Manager configurations that you must include in the Scalar Manager values file.
Service configurations​
You must configure web.service.type to define the Kubernetes Service resource type. To use a load balancer that cloud service providers offer for exposing the service, set web.service.type to LoadBalancer.
web:
service:
type: LoadBalancer
# other web configurations
Security considerations for exposing Scalar Manager​
Setting web.service.type to LoadBalancer exposes Scalar Manager externally via HTTP by default, which creates security risks on untrusted networks due to unencrypted traffic. If external access is not required, using a private network or properly configuring network access to your Kubernetes cluster is recommended.
Scalar Manager supports authentication and authorization mechanisms. You can configure these mechanisms to ensure authorized actions for features like scheduling jobs to pause Scalar products. For details, see Authentication configuration for Scalar Manager.
Container image configurations​
You must configure api.image.repository and web.image.repository. These settings specify the Scalar Manager container images, ensuring you can pull them from the container repository.
api:
image:
repository: <SCALAR_MANAGER_API_IMAGE>
web:
image:
repository: <SCALAR_MANAGER_WEB_IMAGE>
Optional configurations​
This section describes optional configurations for customizing the Scalar Manager values file.
Scalar Manager configurations (optional based on your environment)​
You can override the api.applicationProperties setting to modify the default Scalar Manager configurations.
api:
applicationProperties: |
prometheus.kubernetes-service-label-name="app"
prometheus.kubernetes-service-label-value="kube-prometheus-stack-prometheus"
prometheus.kubernetes-service-port-name="http-web"
# other application properties
Scalar Manager includes default configurations to discover Scalar product deployments and the Prometheus service within the cluster. In most scenarios, especially when following the guides to deploy kube-prometheus-stack and loki-stack, these default configurations are sufficient and do not require modification.
Configurable properties in api.applicationProperties​
The configurations for Scalar Manager are in the format of Java application properties, which are key=value pairs. These application properties can be set by using the api.applicationProperties custom value in the Scalar Manager Helm Chart.
| Name | Description | Default Value |
|---|---|---|
prometheus.kubernetes-service-label-name | The label name used to discover the Prometheus service in Kubernetes | app |
prometheus.kubernetes-service-label-value | The label value corresponding to prometheus.kubernetes-service-label-name | kube-prometheus-stack-prometheus |
prometheus.kubernetes-service-port-name | The port name used to discover the Prometheus service port in Kubernetes | http-web |
springdoc.swagger-ui.enabled | Whether to enable the Swagger UI or not | false |
springdoc.swagger-ui.path | The path of the Swagger UI | /swagger-ui.html |
app.cors.allowed-origins | The allowed origins for CORS | * |
app.cors.allowed-methods | The allowed methods for CORS | * |
app.cors.allowed-headers | The allowed headers for CORS | * |
authentication.providers.static-jwt.secret | Secret key used for signing JWT tokens; minimum 32 characters | example-jwt-secret-with-minimum-32-characters |
authentication.providers.static-jwt.issuer-uri | The issuer URI of the JWT tokens | https://scalar-manager.example.com |
authentication.providers.static-jwt.access-token-expiration-time | The expiration time of the access token | 1h |
authentication.providers.static-jwt.refresh-token-expiration-time | The expiration time of the refresh token | 3d |
app.initial-admin-user.enabled | Whether to enable the initial admin user or not | true |
app.initial-admin-user.email | The email address of the initial admin user | admin@example.com |
app.initial-admin-user.name | The name of the initial admin user | Administrator |
app.initial-admin-user.password | The password of the initial admin user | Password@123! |
spring.jpa.hibernate.ddl-auto | The DDL mode for Hibernate | update |
spring.jpa.show-sql | Whether to show the SQL query | false |
spring.jpa.properties.hibernate.format_sql | Whether to format the SQL query | false |
spring.datasource.url | The URL of the database | jdbc:postgresql://scalar-manager-postgres-postgresql:5432/scalar-manager |
spring.datasource.username | The username of the database | scalar-manager |
spring.datasource.password | The password of the database | scalar-manager |
spring.datasource.driver-class-name | The driver class name of the database | org.postgresql.Driver |
There are more configurations that you can set in api.applicationProperties regarding the JPA, Hibernate, and Spring Data. If you're familiar with these configurations, you can set them to customize the database connection and the behavior of Scalar Manager.
Authentication configuration for Scalar Manager​
By default, to access Scalar Manager, you need to authenticate by using a username and password.
The following are the prerequisites for setting up authentication:
- You need to have a PostgreSQL database, either your own or one that a cloud service provider hosts. For example, you can use the Bitnami package for PostgreSQL to deploy a PostgreSQL database in your Kubernetes cluster.
- You must set the
authentication.providers.static-jwt.secretconfiguration. This configuration is used for signing JWT tokens, and the minimum length of the secret is 32 characters.
The following is an example of the additional configurations you need to set in the api.applicationProperties to apply the above prerequisites. Be sure to change the configurations to match your environment.
# JWT configuration
# Secret key used for signing JWT tokens, minimum 32 characters
authentication.providers.static-jwt.secret=${AUTHENTICATION_PROVIDERS_STATIC_JWT_SECRET:example-jwt-secret-with-minimum-32-characters}
authentication.providers.static-jwt.issuer-uri=${AUTHENTICATION_PROVIDERS_STATIC_JWT_ISSUER_URI:https://scalar-manager.example.com}
authentication.providers.static-jwt.access-token-expiration-time=${AUTHENTICATION_PROVIDERS_STATIC_JWT_ACCESS_TOKEN_EXPIRATION_TIME:1h}
authentication.providers.static-jwt.refresh-token-expiration-time=${AUTHENTICATION_PROVIDERS_STATIC_JWT_REFRESH_TOKEN_EXPIRATION_TIME:3d}
# Initial admin configuration
app.initial-admin-user.enabled=${APP_INITIAL_ADMIN_USER_ENABLED:true}
app.initial-admin-user.email=${APP_INITIAL_ADMIN_USER_EMAIL:admin@example.com}
app.initial-admin-user.name=${APP_INITIAL_ADMIN_USER_NAME:Administrator}
app.initial-admin-user.password=${APP_INITIAL_ADMIN_USER_PASSWORD:Password@123!}
# JPA configuration
spring.jpa.hibernate.ddl-auto=${SPRING_JPA_HIBERNATE_DDL_AUTO:update}
spring.jpa.show-sql=${SPRING_JPA_SHOW_SQL:false}
spring.jpa.properties.hibernate.format_sql=${SPRING_JPA_PROPERTIES_HIBERNATE_FORMAT_SQL:false}
# Database configuration
spring.datasource.url=jdbc:postgresql://${DATABASE_HOST:scalar-manager-postgres-postgresql}:${DATABASE_PORT:5432}/${DATABASE_NAME:scalar-manager}
spring.datasource.username=${DATABASE_USERNAME:scalar-manager}
spring.datasource.password=${DATABASE_PASSWORD:scalar-manager}
spring.datasource.driver-class-name=org.postgresql.Driver
Service discovery​
Scalar Manager uses labels to discover the Prometheus service in Kubernetes, and then uses the port name to connect to them. You can modify the labels and the port name by setting the prometheus.kubernetes-service-label-name, prometheus.kubernetes-service-label-value, and prometheus.kubernetes-service-port-name configurations.
In general, you don't need to modify these configurations. However, if you customized the labels or port names of the Prometheus service when installing their Helm Charts, you should adjust these configurations to match your customizations.
Configurable environment variables in web.env​
| Name | Description | Default Value |
|---|---|---|
GRAFANA_SERVER_URL | The URL of the Grafana service in the Kubernetes cluster | http://scalar-monitoring-grafana.monitoring.svc.cluster.local:3000 |
Currently, the GRAFANA_SERVER_URL variable can be set in web.env to customize the proxy from the Scalar Manager web UI to the Grafana UI. By default, the variable is set to the Grafana service scalar-monitoring-grafana installed in the monitoring namespace. If you have installed Grafana in different namespace or have changed the name of the Grafana service, you will need to update the GRAFANA_SERVER_URL variable accordingly.