baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27e4b6fbad3ea698f404f94c081bc750cd783006
buun-stack/querybook/querybook-values.gomplate.yaml

227 lines
6.4 KiB
YAML
Raw Blame History

# Querybook Helm Chart Values
# https://github.com/pinterest/querybook/tree/master/helm
# Worker configuration
worker:
replicaCount: 1
name: worker
image:
{{- if .Env.QUERYBOOK_CUSTOM_IMAGE }}
repository: {{ .Env.QUERYBOOK_CUSTOM_IMAGE }}
pullPolicy: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_PULL_POLICY | default "Always" }}
tag: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_TAG | default "latest" }}
{{- else }}
repository: querybook/querybook
pullPolicy: IfNotPresent
tag: latest
{{- end }}
# Resource limits (based on Goldilocks/VPA recommendations, rounded to clean values)
# VPA recommendations: CPU 15m, Memory 2.8Gi
resources:
requests:
cpu: 25m
memory: 3Gi
limits:
cpu: 500m
memory: 6Gi
# Scheduler configuration
scheduler:
replicaCount: 1
name: scheduler
image:
{{- if .Env.QUERYBOOK_CUSTOM_IMAGE }}
repository: {{ .Env.QUERYBOOK_CUSTOM_IMAGE }}
pullPolicy: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_PULL_POLICY | default "Always" }}
tag: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_TAG | default "latest" }}
{{- else }}
repository: querybook/querybook
pullPolicy: IfNotPresent
tag: latest
{{- end }}
# Resource limits (based on Goldilocks/VPA recommendations, rounded to clean values)
# VPA recommendations: CPU 15m, Memory 194Mi
resources:
requests:
cpu: 25m
memory: 256Mi
limits:
cpu: 100m
memory: 512Mi
# Web server configuration
web:
replicaCount: 1
name: web
image:
{{- if .Env.QUERYBOOK_CUSTOM_IMAGE }}
repository: {{ .Env.QUERYBOOK_CUSTOM_IMAGE }}
pullPolicy: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_PULL_POLICY | default "Always" }}
tag: {{ .Env.QUERYBOOK_CUSTOM_IMAGE_TAG | default "latest" }}
{{- else }}
repository: querybook/querybook
pullPolicy: IfNotPresent
tag: latest
{{- end }}
service:
serviceType: ClusterIP
servicePort: 80
containerPort: 10001
# Resource limits (based on Goldilocks/VPA recommendations, rounded to clean values)
# VPA recommendations: CPU 224m, Memory 215Mi
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
# Custom initContainer to inject Keycloak auth backend
initContainers:
- name: copy-keycloak-auth
image: busybox:latest
command:
- sh
- -c
- cp /config/keycloak_auth.py /auth/keycloak_auth.py && chmod 644 /auth/keycloak_auth.py
volumeMounts:
- name: keycloak-auth-config
mountPath: /config
- name: auth-volume
mountPath: /auth
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# Volume mounts for main container
volumeMounts:
- name: auth-volume
mountPath: /opt/querybook/querybook/server/app/auth/keycloak_auth.py
subPath: keycloak_auth.py
# Volumes
volumes:
- name: keycloak-auth-config
configMap:
name: querybook-keycloak-auth
- name: auth-volume
emptyDir: {}
# Use external PostgreSQL (buun-stack PostgreSQL cluster)
mysql:
enabled: false
# Redis configuration (use Helm chart's embedded Redis)
redis:
enabled: true
replicaCount: 1
name: redis
image:
repository: redis
pullPolicy: IfNotPresent
tag: "7.2"
service:
serviceType: ClusterIP
servicePort: 6379
# Resource limits (based on Goldilocks/VPA recommendations, rounded to clean values)
# VPA recommendations: CPU 15m, Memory 100Mi
resources:
requests:
cpu: 25m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
# Elasticsearch configuration (use Helm chart's embedded Elasticsearch)
elasticsearch:
enabled: true
replicaCount: 1
name: elasticsearch
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
pullPolicy: IfNotPresent
tag: "7.17.16"
extraEnvs:
- name: ES_JAVA_OPTS
value: -Xms1g -Xmx1g
- name: bootstrap.memory_lock
value: 'false'
- name: cluster.name
value: querybook-cluster
- name: discovery.type
value: single-node
service:
serviceType: ClusterIP
servicePort: 9200
# Resource limits (based on Goldilocks/VPA recommendations, rounded to clean values)
# VPA recommendations: CPU 78m, Memory 1.7Gi
resources:
requests:
cpu: 100m
memory: 2Gi
limits:
cpu: 500m
memory: 4Gi
# Ingress configuration
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
# WebSocket support - apply middleware for X-Forwarded-Proto header
traefik.ingress.kubernetes.io/router.middlewares: querybook-querybook-headers@kubernetescrd
# Sticky sessions for WebSocket connections
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
traefik.ingress.kubernetes.io/service.sticky.cookie.name: querybook-session
# Increase timeouts for WebSocket connections (in seconds)
traefik.ingress.kubernetes.io/service.serversTransport: querybook-transport@kubernetescrd
path: /
pathType: Prefix
hosts:
- {{ .Env.QUERYBOOK_HOST }}
tls:
- hosts:
- {{ .Env.QUERYBOOK_HOST }}
# Querybook environment variables
extraEnv:
# Public URL (required for OAuth)
PUBLIC_URL: https://{{ .Env.QUERYBOOK_HOST }}
# WebSocket CORS origins (required for socket.io to accept connections)
WS_CORS_ALLOWED_ORIGINS: '["https://{{ .Env.QUERYBOOK_HOST }}"]'
# Authentication backend (custom Keycloak OIDC implementation)
AUTH_BACKEND: app.auth.keycloak_auth
# OAuth configuration for Keycloak
OAUTH_CLIENT_ID: querybook
OAUTH_CLIENT_SECRET: {{ .Env.OAUTH_CLIENT_SECRET }}
OAUTH_AUTHORIZATION_URL: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/auth
OAUTH_TOKEN_URL: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/token
OAUTH_USER_PROFILE: https://{{ .Env.KEYCLOAK_HOST }}/realms/{{ .Env.KEYCLOAK_REALM }}/protocol/openid-connect/userinfo
# Session configuration
LOGS_OUT_AFTER: "0" # Never expire (re-login on browser close)
# Use existing secret for Flask, database, Redis, and Elasticsearch configuration
existingSecret: querybook-secret
# Node selector, affinity, and tolerations
nodeSelector: {}
affinity: {}
tolerations: []
podAnnotations: {}
Reference in New Issue View Git Blame Copy Permalink