From 2ee026702922bd45c0d5e913ddf2ddddf637377b Mon Sep 17 00:00:00 2001 From: Matthew Ball Date: Wed, 14 Jan 2026 18:10:29 -0800 Subject: [PATCH 1/3] set limits for kubernetes services --- bin/k8s/values.yaml | 52 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/bin/k8s/values.yaml b/bin/k8s/values.yaml index 11594422d37..748ae67afb5 100644 --- a/bin/k8s/values.yaml +++ b/bin/k8s/values.yaml @@ -45,8 +45,11 @@ postgresql: initialDelaySeconds: 30 # increase this if the launching of postgresql is slow on the cluster resources: requests: + cpu: "0.25" + memory: "256Mi" + limits: cpu: "1" - memory: "1Gi" + memory: "256Mi" persistence: enabled: true size: 10Gi @@ -61,6 +64,11 @@ minio: image: repository: bitnamilegacy/minio tag: 2025.3.12-debian-12-r0 + resources: + requests: + memory: "256Mi" + limits: + memory: "256Mi" customIngress: enabled: false ingressClassName: "" # e.g., "nginx" @@ -126,6 +134,13 @@ webserver: service: type: ClusterIP port: 8080 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 1Gi workflowComputingUnitManager: name: workflow-computing-unit-manager @@ -135,6 +150,13 @@ workflowComputingUnitManager: service: type: ClusterIP port: 8888 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi workflowCompilingService: name: workflow-compiling-service @@ -143,6 +165,13 @@ workflowCompilingService: service: type: ClusterIP port: 9090 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi fileService: name: file-service @@ -151,6 +180,13 @@ fileService: service: type: ClusterIP port: 9092 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 512Mi configService: name: config-service @@ -159,6 +195,13 @@ configService: service: type: ClusterIP port: 9094 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi accessControlService: name: access-control-service @@ -167,6 +210,13 @@ accessControlService: service: type: ClusterIP port: 9096 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi # Configs of the envoy proxy, used to routerequests to the computing units envoy: From 34b011dc72f15cf89e25566424b69a867cfef978 Mon Sep 17 00:00:00 2001 From: Matthew Ball Date: Wed, 4 Feb 2026 03:52:36 -0700 Subject: [PATCH 2/3] added seperate development values.yaml for reducing resource limits' --- bin/k8s/values-development.yaml | 413 ++++++++++++++++++++++++++++++++ bin/k8s/values.yaml | 54 +---- 2 files changed, 415 insertions(+), 52 deletions(-) create mode 100644 bin/k8s/values-development.yaml diff --git a/bin/k8s/values-development.yaml b/bin/k8s/values-development.yaml new file mode 100644 index 00000000000..748ae67afb5 --- /dev/null +++ b/bin/k8s/values-development.yaml @@ -0,0 +1,413 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +global: + security: + allowInsecureImages: true # for custom postgres image + +# Persistence Configuration +# This controls how Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) are managed +# +# removeAfterUninstall: +# - true: PVCs will be deleted when helm uninstalls the chart +# - false: PVCs will remain after uninstall to preserve the data +persistence: + removeAfterUninstall: true + minioHostLocalPath: "" + postgresqlHostLocalPath: "" + +# Part 1: the configuration of Postgres, Minio and LakeFS +postgresql: + image: + repository: texera/postgres17-pgroonga + tag: latest + debug: true + auth: + postgresPassword: root_password # for executing init script with superuser + primary: + livenessProbe: + initialDelaySeconds: 30 # increase this if the launching of postgresql is slow on the cluster + readinessProbe: + initialDelaySeconds: 30 # increase this if the launching of postgresql is slow on the cluster + resources: + requests: + cpu: "0.25" + memory: "256Mi" + limits: + cpu: "1" + memory: "256Mi" + persistence: + enabled: true + size: 10Gi + storageClass: local-path + existingClaim: "postgresql-data-pvc" + + initdb: + scriptsConfigMap: "postgresql-init-script" + +minio: + mode: standalone + image: + repository: bitnamilegacy/minio + tag: 2025.3.12-debian-12-r0 + resources: + requests: + memory: "256Mi" + limits: + memory: "256Mi" + customIngress: + enabled: false + ingressClassName: "" # e.g., "nginx" + texeraHostname: "" # the url for the texera WITH http or https, e.g., "https://texera.example.com" + minioHostname: "" # the url for the minio + issuer: "" # e.g., "letsencrypt-prod" + auth: + rootUser: texera_minio + rootPassword: password + service: + # In production, use ClusterIP to avoid exposing the minio to the internet + # type: ClusterIP + type: NodePort + nodePorts: + api: 31000 + persistence: + enabled: true + size: 20Gi + storageClass: local-path + existingClaim: "minio-data-pvc" + +lakefs: + secrets: + authEncryptSecretKey: random_string_for_lakefs + databaseConnectionString: postgres://postgres:root_password@texera-postgresql:5432/texera_lakefs?sslmode=disable + auth: + username: texera-admin + accessKey: AKIAIOSFOLKFSSAMPLES + secretKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + service: + port: 8000 + lakefsConfig: | + database: + type: postgres + blockstore: + type: s3 + s3: + endpoint: http://texera-minio:9000 + pre_signed_expiry: 15m + pre_signed_endpoint: http://localhost:31000 + force_path_style: true + credentials: + access_key_id: texera_minio + secret_access_key: password + +# Part2: configurations of Texera-related micro services +texeraImages: + pullPolicy: Always + +# Example data loader configuration +exampleDataLoader: + enabled: true + image: apache/texera-example-data-loader:1.1.0-incubating + username: texera + password: texera + datasetDir: datasets + workflowDir: workflows + +webserver: + name: webserver + numOfPods: 1 # Number of pods for the Texera deployment + imageName: apache/texera-dashboard-service:1.1.0-incubating # image name of the texera + service: + type: ClusterIP + port: 8080 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 1Gi + +workflowComputingUnitManager: + name: workflow-computing-unit-manager + numOfPods: 1 + serviceAccountName: workflow-computing-unit-manager-service-account + imageName: apache/texera-workflow-computing-unit-managing-service:1.1.0-incubating + service: + type: ClusterIP + port: 8888 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi + +workflowCompilingService: + name: workflow-compiling-service + numOfPods: 1 + imageName: apache/texera-workflow-compiling-service:1.1.0-incubating + service: + type: ClusterIP + port: 9090 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi + +fileService: + name: file-service + numOfPods: 1 + imageName: apache/texera-file-service:1.1.0-incubating + service: + type: ClusterIP + port: 9092 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 512Mi + +configService: + name: config-service + numOfPods: 1 + imageName: apache/texera-config-service:1.1.0-incubating + service: + type: ClusterIP + port: 9094 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi + +accessControlService: + name: access-control-service + numOfPods: 1 + imageName: apache/texera-access-control-service:1.1.0-incubating + service: + type: ClusterIP + port: 9096 + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + cpu: 1000m + memory: 256Mi + +# Configs of the envoy proxy, used to routerequests to the computing units +envoy: + replicas: 1 + image: + repository: envoyproxy/envoy + tag: v1.31-latest + port: + 10000 + debug: false + service: + type: ClusterIP + port: 10000 + +# headless service for the access of computing units +workflowComputingUnitPool: + createNamespaces: true + # The name of the workflow computing unit pool + name: texera-workflow-computing-unit + # Note: the namespace of the workflow computing unit pool might conflict when there are multiple texera deployments in the same cluster + namespace: texera-workflow-computing-unit-pool + # Max number of resources allocated for computing units + maxRequestedResources: + cpu: 100 + memory: 100Gi + nvidiaGpu: 5 + imageName: apache/texera-workflow-execution-coordinator:1.1.0-incubating + service: + port: 8085 + targetPort: 8085 + +texeraEnvVars: + - name: USER_SYS_ADMIN_USERNAME + value: "texera" + - name: USER_SYS_ADMIN_PASSWORD + value: "texera" + - name: STORAGE_JDBC_USERNAME + value: postgres + - name: USER_SYS_ENABLED + value: "true" + - name: SCHEDULE_GENERATOR_ENABLE_COST_BASED_SCHEDULE_GENERATOR + value: "true" + - name: MAX_WORKFLOW_WEBSOCKET_REQUEST_PAYLOAD_SIZE_KB + value: "64" + - name: MAX_NUM_OF_RUNNING_COMPUTING_UNITS_PER_USER + value: "10" + - name: KUBERNETES_COMPUTING_UNIT_CPU_LIMIT_OPTIONS + value: "2" + - name: KUBERNETES_COMPUTING_UNIT_MEMORY_LIMIT_OPTIONS + value: "2Gi" + - name: KUBERNETES_COMPUTING_UNIT_GPU_LIMIT_OPTIONS + value: "0" + - name: COMPUTING_UNIT_LOCAL_ENABLED + value: "false" + - name: KUBERNETES_COMPUTING_UNIT_ENABLED + value: "true" + - name: KUBERNETES_IMAGE_PULL_POLICY + value: "IfNotPresent" + - name: GUI_WORKFLOW_WORKSPACE_PYTHON_LANGUAGE_SERVER_PORT + value: "" + - name: GUI_WORKFLOW_WORKSPACE_PRODUCTION_SHARED_EDITING_SERVER + value: "true" + - name: GUI_LOGIN_LOCAL_LOGIN + value: "true" + - name: GUI_LOGIN_GOOGLE_LOGIN + value: "true" + - name: GUI_DATASET_SINGLE_FILE_UPLOAD_MAXIMUM_SIZE_MB + value: "1024" + - name: GUI_WORKFLOW_WORKSPACE_EXPORT_EXECUTION_RESULT_ENABLED + value: "true" + - name: GUI_WORKFLOW_WORKSPACE_WORKFLOW_EXECUTIONS_TRACKING_ENABLED + value: "true" + - name: GUI_WORKFLOW_WORKSPACE_ASYNC_RENDERING_ENABLED + value: "true" + - name: COMPUTING_UNIT_SHARING_ENABLED + value: "true" + - name: USER_SYS_INVITE_ONLY + value: "true" + - name: USER_SYS_GOOGLE_CLIENT_ID + value: "" + - name: USER_SYS_GOOGLE_SMTP_GMAIL + value: "" + - name: USER_SYS_GOOGLE_SMTP_PASSWORD + value: "" + - name: USER_SYS_DOMAIN + value: "" + +# Ingress dependency configs +ingress-nginx: + enabled: true # set to true if nginx is not installed, should be false in production + controller: + replicaCount: 1 + service: + type: NodePort + nodePorts: + http: 30080 + ingressClassResource: + name: nginx + enabled: true + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + rbac: + create: true + + +yWebsocketServer: + name: y-websocket-server + replicaCount: 1 + image: texera/y-websocket-server:latest + + +pythonLanguageServer: + name: python-language-server + replicaCount: 1 + image: texera/pylsp:latest + imagePullSecret: regcred + resources: + limits: + cpu: "100m" + memory: "100Mi" + +# Metrics Server configuration +metrics-server: + enabled: true # set to false if metrics-server is already installed + args: + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --metric-resolution=15s + resources: + requests: + cpu: 200m + memory: 400Mi + rbac: + create: true + serviceAccount: + create: true + priorityClassName: system-cluster-critical + +# Custom Ingress resource configs +ingressPaths: + enabled: true + ingressClassName: nginx # Set to "alb" when deploying on AWS + hostname: "" + # Optional TLS secret (manually created) + tlsSecretName: "" # e.g., "texera-tls" + # Optional Issuer name for cert-manager + issuer: "" # e.g., "letsencrypt-prod" + paths: + - path: /api/computing-unit + serviceName: workflow-computing-unit-manager-svc + servicePort: 8888 + - path: /api/compile + serviceName: workflow-compiling-service-svc + servicePort: 9090 + - path: /api/dataset + serviceName: file-service-svc + servicePort: 9092 + - path: /api/access/dataset + serviceName: file-service-svc + servicePort: 9092 + - path: /api/access/computing-unit + serviceName: workflow-computing-unit-manager-svc + servicePort: 8888 + - path: /api/config + serviceName: config-service-svc + servicePort: 9094 + - path: /wsapi/workflow-websocket + serviceName: envoy-svc + servicePort: 10000 + - path: /api/executions/*/stats/* + pathType: ImplementationSpecific + serviceName: envoy-svc + servicePort: 10000 + - path: /api/executions/result/export/* + pathType: ImplementationSpecific + serviceName: envoy-svc + servicePort: 10000 + - path: /api + serviceName: webserver-svc + servicePort: 8080 + - path: /rtc + serviceName: y-websocket-server-svc + servicePort: 1234 + - path: /python-language-server + serviceName: python-language-server-svc + servicePort: 3000 + - path: / + serviceName: webserver-svc + servicePort: 8080 diff --git a/bin/k8s/values.yaml b/bin/k8s/values.yaml index 748ae67afb5..3791971f96b 100644 --- a/bin/k8s/values.yaml +++ b/bin/k8s/values.yaml @@ -45,11 +45,8 @@ postgresql: initialDelaySeconds: 30 # increase this if the launching of postgresql is slow on the cluster resources: requests: - cpu: "0.25" - memory: "256Mi" - limits: cpu: "1" - memory: "256Mi" + memory: "1Gi" persistence: enabled: true size: 10Gi @@ -64,11 +61,6 @@ minio: image: repository: bitnamilegacy/minio tag: 2025.3.12-debian-12-r0 - resources: - requests: - memory: "256Mi" - limits: - memory: "256Mi" customIngress: enabled: false ingressClassName: "" # e.g., "nginx" @@ -134,13 +126,6 @@ webserver: service: type: ClusterIP port: 8080 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 1Gi workflowComputingUnitManager: name: workflow-computing-unit-manager @@ -150,13 +135,6 @@ workflowComputingUnitManager: service: type: ClusterIP port: 8888 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 256Mi workflowCompilingService: name: workflow-compiling-service @@ -165,13 +143,6 @@ workflowCompilingService: service: type: ClusterIP port: 9090 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 256Mi fileService: name: file-service @@ -180,13 +151,6 @@ fileService: service: type: ClusterIP port: 9092 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 512Mi configService: name: config-service @@ -195,13 +159,6 @@ configService: service: type: ClusterIP port: 9094 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 256Mi accessControlService: name: access-control-service @@ -210,13 +167,6 @@ accessControlService: service: type: ClusterIP port: 9096 - resources: - requests: - cpu: 10m - memory: 256Mi - limits: - cpu: 1000m - memory: 256Mi # Configs of the envoy proxy, used to routerequests to the computing units envoy: @@ -410,4 +360,4 @@ ingressPaths: servicePort: 3000 - path: / serviceName: webserver-svc - servicePort: 8080 + servicePort: 8080 \ No newline at end of file From f7db65a925c0b9bc292eff44d2bba3e8baeb98ed Mon Sep 17 00:00:00 2001 From: Matthew Ball Date: Wed, 25 Feb 2026 15:14:50 -0800 Subject: [PATCH 3/3] updated development reduced yaml to match current values.yaml --- bin/k8s/values-development.yaml | 156 +++++++++++--------------------- 1 file changed, 54 insertions(+), 102 deletions(-) diff --git a/bin/k8s/values-development.yaml b/bin/k8s/values-development.yaml index 748ae67afb5..cbf0183f004 100644 --- a/bin/k8s/values-development.yaml +++ b/bin/k8s/values-development.yaml @@ -15,9 +15,16 @@ # specific language governing permissions and limitations # under the License. +texera: + # Container image registry and tag for all Texera services + # Override these to use a different registry or version + imageRegistry: ghcr.io/apache + imageTag: latest + global: + # Required by Bitnami sub-charts (postgresql, minio) to allow custom images security: - allowInsecureImages: true # for custom postgres image + allowInsecureImages: true # Persistence Configuration # This controls how Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) are managed @@ -33,12 +40,15 @@ persistence: # Part 1: the configuration of Postgres, Minio and LakeFS postgresql: image: - repository: texera/postgres17-pgroonga + repository: groonga/pgroonga tag: latest debug: true auth: postgresPassword: root_password # for executing init script with superuser primary: + containerSecurityContext: + # Disabled because groonga/pgroonga needs to write a lock/socket file to /var/run/postgresql + readOnlyRootFilesystem: false livenessProbe: initialDelaySeconds: 30 # increase this if the launching of postgresql is slow on the cluster readinessProbe: @@ -55,7 +65,6 @@ postgresql: size: 10Gi storageClass: local-path existingClaim: "postgresql-data-pvc" - initdb: scriptsConfigMap: "postgresql-init-script" @@ -69,12 +78,10 @@ minio: memory: "256Mi" limits: memory: "256Mi" - customIngress: + gateway: enabled: false - ingressClassName: "" # e.g., "nginx" - texeraHostname: "" # the url for the texera WITH http or https, e.g., "https://texera.example.com" - minioHostname: "" # the url for the minio - issuer: "" # e.g., "letsencrypt-prod" + hostname: "" # the url for the minio, e.g. "minio.example.com" + tlsSecretName: "" # e.g. "minio-tls-secret" auth: rootUser: texera_minio rootPassword: password @@ -121,7 +128,7 @@ texeraImages: # Example data loader configuration exampleDataLoader: enabled: true - image: apache/texera-example-data-loader:1.1.0-incubating + imageName: texera-example-data-loader username: texera password: texera datasetDir: datasets @@ -130,7 +137,7 @@ exampleDataLoader: webserver: name: webserver numOfPods: 1 # Number of pods for the Texera deployment - imageName: apache/texera-dashboard-service:1.1.0-incubating # image name of the texera + imageName: texera-dashboard-service service: type: ClusterIP port: 8080 @@ -146,7 +153,7 @@ workflowComputingUnitManager: name: workflow-computing-unit-manager numOfPods: 1 serviceAccountName: workflow-computing-unit-manager-service-account - imageName: apache/texera-workflow-computing-unit-managing-service:1.1.0-incubating + imageName: texera-workflow-computing-unit-managing-service service: type: ClusterIP port: 8888 @@ -161,7 +168,7 @@ workflowComputingUnitManager: workflowCompilingService: name: workflow-compiling-service numOfPods: 1 - imageName: apache/texera-workflow-compiling-service:1.1.0-incubating + imageName: texera-workflow-compiling-service service: type: ClusterIP port: 9090 @@ -176,7 +183,7 @@ workflowCompilingService: fileService: name: file-service numOfPods: 1 - imageName: apache/texera-file-service:1.1.0-incubating + imageName: texera-file-service service: type: ClusterIP port: 9092 @@ -191,7 +198,7 @@ fileService: configService: name: config-service numOfPods: 1 - imageName: apache/texera-config-service:1.1.0-incubating + imageName: texera-config-service service: type: ClusterIP port: 9094 @@ -206,7 +213,7 @@ configService: accessControlService: name: access-control-service numOfPods: 1 - imageName: apache/texera-access-control-service:1.1.0-incubating + imageName: texera-access-control-service service: type: ClusterIP port: 9096 @@ -218,19 +225,6 @@ accessControlService: cpu: 1000m memory: 256Mi -# Configs of the envoy proxy, used to routerequests to the computing units -envoy: - replicas: 1 - image: - repository: envoyproxy/envoy - tag: v1.31-latest - port: - 10000 - debug: false - service: - type: ClusterIP - port: 10000 - # headless service for the access of computing units workflowComputingUnitPool: createNamespaces: true @@ -243,7 +237,7 @@ workflowComputingUnitPool: cpu: 100 memory: 100Gi nvidiaGpu: 5 - imageName: apache/texera-workflow-execution-coordinator:1.1.0-incubating + imageName: texera-workflow-execution-coordinator service: port: 8085 targetPort: 8085 @@ -304,29 +298,6 @@ texeraEnvVars: - name: USER_SYS_DOMAIN value: "" -# Ingress dependency configs -ingress-nginx: - enabled: true # set to true if nginx is not installed, should be false in production - controller: - replicaCount: 1 - service: - type: NodePort - nodePorts: - http: 30080 - ingressClassResource: - name: nginx - enabled: true - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - rbac: - create: true - - yWebsocketServer: name: y-websocket-server replicaCount: 1 @@ -360,54 +331,35 @@ metrics-server: create: true priorityClassName: system-cluster-critical -# Custom Ingress resource configs -ingressPaths: - enabled: true - ingressClassName: nginx # Set to "alb" when deploying on AWS +gatewayConfig: + # Routes are available at bin/k8s/templates/gateway-routes.yaml + + # The hostname for the Gateway listener (HTTP/HTTPS). + # e.g., "texera.example.com" hostname: "" - # Optional TLS secret (manually created) - tlsSecretName: "" # e.g., "texera-tls" - # Optional Issuer name for cert-manager - issuer: "" # e.g., "letsencrypt-prod" - paths: - - path: /api/computing-unit - serviceName: workflow-computing-unit-manager-svc - servicePort: 8888 - - path: /api/compile - serviceName: workflow-compiling-service-svc - servicePort: 9090 - - path: /api/dataset - serviceName: file-service-svc - servicePort: 9092 - - path: /api/access/dataset - serviceName: file-service-svc - servicePort: 9092 - - path: /api/access/computing-unit - serviceName: workflow-computing-unit-manager-svc - servicePort: 8888 - - path: /api/config - serviceName: config-service-svc - servicePort: 9094 - - path: /wsapi/workflow-websocket - serviceName: envoy-svc - servicePort: 10000 - - path: /api/executions/*/stats/* - pathType: ImplementationSpecific - serviceName: envoy-svc - servicePort: 10000 - - path: /api/executions/result/export/* - pathType: ImplementationSpecific - serviceName: envoy-svc - servicePort: 10000 - - path: /api - serviceName: webserver-svc - servicePort: 8080 - - path: /rtc - serviceName: y-websocket-server-svc - servicePort: 1234 - - path: /python-language-server - serviceName: python-language-server-svc - servicePort: 3000 - - path: / - serviceName: webserver-svc - servicePort: 8080 + + # The name of the cert-manager Issuer or ClusterIssuer to use for obtaining certificates. + # This requires cert-manager to be installed in the cluster. + # You can find available ClusterIssuers with: `kubectl get clusterissuers` + # You can find available Issuers with: `kubectl get issuers -A` + # e.g., "letsencrypt-prod" + issuer: "" + + # The Kind of the issuer specified above. Can be "Issuer" or "ClusterIssuer". + # If you found it via `kubectl get clusterissuers`, use "ClusterIssuer". + # If you found it via `kubectl get issuers`, use "Issuer". + # defaults to "Issuer" if not specified. + issuerKind: "Issuer" + + # The name of the Secret where the signed certificate should be stored. + # If empty, it defaults to "{{ .Release.Name }}-cert". + # e.g., "texera-tls" + tlsSecretName: "" + +# Envoy Gateway Configuration +envoy-gateway: + config: + envoyGateway: + extensionApis: + enableBackend: true + enableEnvoyPatchPolicy: true