-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
483 lines (436 loc) · 13.3 KB
/
values.yaml
File metadata and controls
483 lines (436 loc) · 13.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
# Default values for zero-cache helm chart
# For more details, see: https://zero.rocicorp.dev/docs/deployment
## Common Configuration
image:
# Official Zero image from Rocicorp
repository: docker.io/rocicorp/zero
# Will default to the appVersion from Chart.yaml if not overridden
tag: ""
pullPolicy: IfNotPresent
# Image pull secrets for private container registries
imagePullSecrets: []
# - name: regcred
# Common environment variables shared between components
common:
# Application identifier
appId: zero
# If specified, will create publications for tables in these schemas
appPublications: []
# Required: Path to the SQLite replica file
replicaFile: /data/sync-replica.db
# Automatically reset and resync when replication is halted
autoReset: true
# Auth configuration (one of secret, jwk, or jwksUrl MUST be provided)
auth:
# Secret for JWT authentication using symmetric keys
secret:
{}
# Direct value for the secret
# value: "your-jwt-secret-key"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: my-auth-secret
# key: jwt-secret
# optional: false
# # or configMapKeyRef, fieldRef, resourceFieldRef
# Public key in JWK format for asymmetric JWT verification
jwk:
{}
# Direct value for the JWK
# value: '{"kty":"RSA","e":"AQAB","kid":"your-key-id","n":"your-public-key-data"}'
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: my-auth-jwk
# key: public-key
# optional: false
# # or configMapKeyRef, fieldRef, resourceFieldRef
# URL that returns a JWK set (often provided by auth services like Auth0, Cognito)
jwksUrl:
{}
# Direct value for the JWKS URL
# value: "https://your-auth-domain.auth0.com/.well-known/jwks.json"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# configMapKeyRef:
# name: my-auth-config
# key: jwks-url
# optional: false
# # or secretKeyRef, fieldRef, resourceFieldRef
# Admin password for management endpoints (inspector/statz)
adminPassword: {}
# Direct value for the admin password
# value: "your-admin-password"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: my-admin-secret
# key: admin-password
# optional: false
# # or configMapKeyRef, fieldRef, resourceFieldRef
# Database configuration
database:
# Upstream database connection configuration
upstream:
# Database connection string (PostgreSQL URL format)
url:
{}
# Direct value for the connection string
# value: "postgres://app_user:password123@postgres-primary.default.svc.cluster.local:5432/app_db"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: postgres-credentials
# key: upstream-url
# optional: false
# Max connections to upstream database
maxConns: 20
# CVR database connection configuration
cvr:
# Database connection string (PostgreSQL URL format)
url:
{}
# Direct value for the connection string
# value: "postgres://cvr_user:password123@postgres-cvr.default.svc.cluster.local:5432/cvr_db"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: postgres-credentials
# key: cvr-url
# optional: false
# Max connections to CVR database
maxConns: 30
# CVR garbage collection
garbageCollection:
# Hours of inactivity before CVR eligible for purging
inactivityThresholdHours: 48
# CVRs purged per GC interval (0 = disabled)
initialBatchSize: 25
# Initial interval in seconds between GC checks
initialIntervalSeconds: 60
# Change database connection configuration
change:
# Database connection string (PostgreSQL URL format)
url:
{}
# Direct value for the connection string
# value: "postgres://change_user:password123@postgres-change.default.svc.cluster.local:5432/change_db"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: postgres-credentials
# key: change-url
# optional: false
# Max connections to change database
maxConns: 5
# Litestream configuration for SQLite replication
litestream:
# S3-compatible backup URL (e.g., s3://bucket-name/backup)
backupUrl: ""
# Size threshold for checkpointing (MB)
checkpointThresholdMb: 40
# Interval between incremental backups (minutes)
incrementalBackupIntervalMinutes: 15
# Interval between snapshot backups (hours)
snapshotBackupIntervalHours: 12
# Parallelism for restore operations
restoreParallelism: 48
# Log level for litestream
logLevel: warn
# Parallel parts for snapshot upload/download
multipartConcurrency: 48
# Size of each multipart chunk in bytes (default 16 MiB)
multipartSize: 16777216
# Performance tuning
performance:
# Interval for SQLite VACUUM operation (hours, unset = no vacuum)
replicaVacuumIntervalHours: null
# Workers for table copying during initial sync
initialSyncTableCopyWorkers: 5
# Logging configuration
logging:
# Log format: text or json
format: text
# Log level: debug, info, warn, error
level: info
# Slow query thresholds
slowHydrateThreshold: 100
slowRowThreshold: 2
# IVM sampling rate (1 in N requests)
ivmSampling: 5000
# OpenTelemetry traces
otel:
enable: false
endpoint: ""
headers: ""
resourceAttributes: ""
nodeResourceDetectors: ""
# Rate limiting
rateLimiting:
# Maximum mutations per user
perUserMutationLimitMax: null
# Window for mutation rate limiting (ms)
perUserMutationLimitWindowMs: 60000
# API server endpoints (custom queries and mutators)
# See: https://zero.rocicorp.dev/docs/custom-mutators
api:
# URL for mutation handler (ZERO_MUTATE_URL >=0.24, ZERO_PUSH_URL <0.24)
mutateUrl: ""
# URL for query handler (>=0.24 only)
queryUrl: ""
# API key for authorizing zero-cache to call mutation handler
mutateApiKey: {}
# value: "your-api-key"
# valueFrom:
# secretKeyRef:
# name: my-api-key
# key: mutate-key
# API key for authorizing zero-cache to call query handler
queryApiKey: {}
# value: "your-api-key"
# valueFrom:
# secretKeyRef:
# name: my-api-key
# key: query-key
# Forward cookies from client requests to mutation handler
mutateForwardCookies: false
# Forward cookies from client requests to query handler
queryForwardCookies: false
# Advanced configuration
advanced:
# Delay startup until first request (single-node only)
lazyStartup: false
# Anonymous telemetry (set false or DO_NOT_TRACK=1 to disable)
enableTelemetry: true
# Enable query planner for ZQL optimization
enableQueryPlanner: true
# Max ms a sync worker spends in IVM before yielding
yieldThresholdMs: 10
# SQLite page cache size in KiB (null = SQLite default ~2MB)
replicaPageCacheSizeKib: null
# Temp directory for IVM operator storage
storageTmpDir: ""
# WebSocket per-message deflate compression
websocketCompression: false
# WebSocket compression options (JSON string)
websocketCompressionOptions: ""
## Single Node Configuration
## This is a simplified deployment option for development or small deployments
singleNode:
# Enable single-node deployment (disables replicationManager and viewSyncer)
enabled: false
# Resource requests and limits
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
# Persistent storage for SQLite replica
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
storageClass: null
annotations: {}
allowVolumeExpansion: true
retainPolicy: "Delete" # Options: Delete, Retain
# Service configuration
service:
type: ClusterIP
port: 4848
annotations: {}
# Pod annotations
podAnnotations: {}
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity settings
affinity: {}
# Startup probe for slow-starting instances
startupProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
## Replication Manager Configuration
replicationManager:
# Resource requests and limits
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
# Persistent storage for SQLite replica
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
storageClass: null
annotations: {}
allowVolumeExpansion: true
retainPolicy: "Delete" # Options: Delete, Retain
# Service configuration
service:
type: ClusterIP
port: 4849
annotations: {}
# Pod annotations
podAnnotations: {}
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity settings
affinity: {}
# Startup probe for slow-starting instances
startupProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
## View Syncer Configuration
viewSyncer:
# Number of replicas (horizontally scalable)
# Set this to at least 2 for high availability
# Note: If autoscaling.enabled=true, this becomes the initial number of replicas
replicas: 2
# Resource requests and limits
resources:
requests:
cpu: 1
memory: 2Gi
limits:
cpu: 2
memory: 4Gi
# Autoscaling configuration
autoscaling:
# When enabled, replicas field becomes the initial/minimum replica count
enabled: false
# Minimum number of replicas for the HPA
minReplicas: 2
# Maximum number of replicas for the HPA
maxReplicas: 10
# Target CPU threshold for scaling
targetCPUUtilizationPercentage: 80
# Target memory threshold for scaling
targetMemoryUtilizationPercentage: 80
# Persistent storage for SQLite replica
# Each view-syncer pod gets its own PVC via StatefulSet volumeClaimTemplates
# If disabled, pods will use ephemeral storage and re-sync from S3 on restart (if configured)
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
storageClass: null
annotations: {}
allowVolumeExpansion: true
retainPolicy: "Delete" # Options: Delete, Retain
# Service configuration
service:
type: ClusterIP
# Default Zero port - align with zero-cache-config port setting
port: 4848
# Additional service annotations
# Note: Client IP session affinity is automatically added for better performance
annotations: {}
# Create an Ingress resource
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: zero-cache.local
paths:
- path: /
pathType: Prefix
tls: []
# Pod annotations
podAnnotations: {}
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity settings
affinity: {}
# Pod Disruption Budget
pdb:
enabled: true
minAvailable: 1
# Startup probe for slow-starting instances
startupProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
## S3-compatible Storage Configuration
s3:
# Enable S3 backup with Litestream (strongly recommended for production)
enabled: false
# Access credentials for S3
accessKey:
{}
# Direct value for the access key
# value: "AKIAIOSFODNN7EXAMPLE"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: aws-s3-credentials
# key: access-key
# optional: false
# # or configMapKeyRef, fieldRef, resourceFieldRef
secretKey:
{}
# Direct value for the secret key
# value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
# Or, reference a value from a configMap, secret, etc.
# valueFrom:
# secretKeyRef:
# name: aws-s3-credentials
# key: secret-key
# optional: false
# # or configMapKeyRef, fieldRef, resourceFieldRef
# Region setting for S3
region: us-east-1
# For S3-compatible storage providers (MinIO, DigitalOcean Spaces, etc.)
# Leave empty for AWS S3
endpoint: ""
# Bucket configuration
# Must be created before deployment
bucketName: "zero-cache-backup"
# Path within bucket for backups
path: "backup"
## Security Context Configuration
# Security best practices for containers
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
podSecurityContext:
runAsNonRoot: true
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile:
type: RuntimeDefault
## Service Account Configuration
serviceAccount:
create: true
annotations: {}
name: ""
automountServiceAccountToken: true