Helm Charts are a set of Kubernetes manifests that reflect best practices for deploying an application or service on Kubernetes.
After you add the Deis Chart Repository, you can customize the chart using
helm inspect values deis/workflow | sed -n '1!p' > values.yaml before using helm install to complete the
installation. To customize the respective component, edit values.yaml and modify the section of
the component to tune these settings.
You can set resource limits to Workflow components by modifying the values.yaml file fetched
earlier. This file has a section for each Workflow component. To set a limit to any Workflow
component just add limits_cpu, limits_memory in the section and set them to the appropriate
values.
Below is an example of how the builder section of values.yaml might look with CPU and memory
limits set:
[builder]
org = "deisci"
pullPolicy = "Always"
dockerTag = "canary"
limits_cpu = "100m"
limits_memory = "50Mi"
The following environment variables are tunable for the Builder component:
| Setting | Description |
|---|---|
| DEBUG | Enable debug log output (default: false) |
The following environment variables are tunable for the Controller component:
| Setting | Description |
|---|---|
| REGISTRATION_MODE | set registration to "enabled", "disabled", or "admin_only" (default: "enabled") |
| GUNICORN_WORKERS | number of gunicorn workers spawned to process requests (default: CPU cores * 4 + 1) |
| RESERVED_NAMES | a comma-separated list of names which applications cannot reserve for routing (default: "deis, deis-builder, deis-workflow-manager") |
| SLUGRUNNER_IMAGE_NAME | the image used to run buildpack application slugs (default: "quay.io/deisci/slugrunner:canary") |
| DEIS_DEPLOY_HOOK_URLS | a comma-separated list of URLs to send deploy hooks to. |
| DEIS_DEPLOY_HOOK_SECRET_KEY | a private key used to compute the HMAC signature for deploy hooks. |
| DEIS_DEPLOY_REJECT_IF_PROCFILE_MISSING | rejects a deploy if the previous build had a Procfile but the current deploy is missing it. A 409 is thrown in the API. Prevents accidental process types removal. (default: "false", allowed values: "true", "false") |
| DEIS_DEPLOY_PROCFILE_MISSING_REMOVE | when turned on (default) any missing process type in a Procfile compared to the previous deploy is removed. When set to false will allow an empty Procfile to go through without removing missing process types, note that new images, configs and so on will get updated on all proc types. (default: "true", allowed values: "true", "false") |
| KUBERNETES_NAMESPACE_DEFAULT_QUOTA_SPEC | set resource quota to application namespace by setting ResourceQuota spec, for example: {"spec":{"hard":{"pods":"10"}}}, restrict app owner to spawn more then 10 pods (default: "", no quota will be applied to namespace) |
| Setting | Description |
|---|---|
| DEIS_DEPLOY_BATCHES | the number of pods to bring up and take down sequentially during a scale (default: number of available nodes) |
| DEIS_DEPLOY_TIMEOUT | deploy timeout in seconds per deploy batch (default: 120) |
| IMAGE_PULL_POLICY | the kubernetes image pull policy for application images (default: "IfNotPresent") (allowed values: "Always", "IfNotPresent") |
| KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT | how many revisions Kubernetes keeps around of a given Deployment (default: all revisions) |
| KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS | how many seconds kubernetes waits for a pod to finish work after a SIGTERM before sending SIGKILL (default: 30) |
See the Deploying Apps guide for more detailed information on those.
The following environment variables are tunable for the Database component:
| Setting | Description |
|---|---|
| BACKUP_FREQUENCY | how often the database should perform a base backup (default: "12h") |
| BACKUPS_TO_RETAIN | number of base backups the backing store should retain (default: 5) |
The following environment variables are tunable for Fluentd:
| Setting | Description |
|---|---|
| SYSLOG_HOST_1 | The hostname of a remote syslog endpoint for shipping logs |
| SYSLOG_PORT_1 | The port of a remote syslog endpoint for shipping logs |
The following environment variables are tunable for the Logger component:
| Setting | Description |
|---|---|
| STORAGE_ADAPTER | How to store logs that are sent to the logger. Legal values are "file", "memory", and "redis". (default: "redis") |
| NUMBER_OF_LINES | How many lines to store in the ring buffer (default: 1000) |
The monitor component uses Telegraf under the hood, and derives most of its configuration from it. Please see telegraf configuration for more information on tuning the Monitor component.
The Registry component can be tuned by following the deis/distribution config doc.
The majority of router settings are tunable through annotations, which allows the router to be re-configured with zero downtime post-installation. You can find the list of annotations to tune here.
The following environment variables are tunable for the Router component:
| Setting | Description |
|---|---|
| POD_NAMESPACE | The pod namespace the router resides in. This is set by the Kubernetes downward API. |
The following environment variables are tunable for Workflow Manager:
| Setting | Description |
|---|---|
| CHECK_VERSIONS | Enables the external version check at https://versions.deis.com/ (default: "true") |
| POLL_INTERVAL_SEC | The interval when Workflow Manager performs a version check, in seconds (default: 43200, or 12 hours) |
| VERSIONS_API_URL | The versions API URL (default: "https://versions-staging.deis.com") |
| DOCTOR_API_URL | The doctor API URL (default: "https://doctor-staging.deis.com") |
| API_VERSION | The version number Workflow Manager sends to the versions API (default: "v2") |
Configuration options for LDAP authentication are detailed here.
The following environment variables are available for enabling LDAP authentication of user accounts in the Controller component:
| Setting | Description |
|---|---|
| LDAP_ENDPOINT | The URI of the LDAP server. If not specified, LDAP authentication is not enabled (default: "", example: ldap://hostname). |
| LDAP_BIND_DN | The distinguished name to use when binding to the LDAP server (default: "") |
| LDAP_BIND_PASSWORD | The password to use with LDAP_BIND_DN (default: "") |
| LDAP_USER_BASEDN | The distinguished name of the search base for user names (default: "") |
| LDAP_USER_FILTER | The name of the login field in the users search base (default: "username") |
| LDAP_GROUP_BASEDN | The distinguished name of the search base for user's groups names (default: "") |
| LDAP_GROUP_FILTER | The filter for user's groups (default: "", example: objectClass=person) |