post_delete_hook
This hook runs when you do `helm uninstall` unless ...
- you give --no-hooks to helm
- you set the enable flag to False at INSTALL time.
imageRegistry
Registry and Tag portion of Wallaroo images. Third party images are not included. Tag is
computed at runtime and overridden. In online Helm installs, these should not be touched; in
airgap Helm installs `imageRegistry` must be overridden to local registry.
generate_secrets
If true, generate random secrets for several services at install time.
If false, use the generic defaults listed here, which can also be overridden by caller.
assays
This is a (currently) Dashboard-specific feature flag to control the display of Assays.
custTlsSecretName
To provide TLS certificates, (1) set `deploymentStage` to "cust", then (2) provide EITHER the
name of an existing Kubernetes TLS secret in `custTlsSecret` OR provide base64 encoded secrets
in `custTlsCert` and `custTlsKey`.
domainPrefix
DNS specification for our named external service endpoints.
To form URLs, we concatenate the optional domainPrefix
, the service name in question, and then
the domainSuffix
. Their values are based on license, type, and customer config inputs. They
MUST be overriden per install via helm values, or by Replicated.
Community – prefix/suffix in license
domainPrefix domainSuffix dashboard_fqdn thing_fqdn (thing = jup, kc, etc)
"" wallaroo.community (never) (never)
cust123 wallaroo.community cust123.wallaroo.community cust123.thing.wallaroo.community
Enterprise et al – prefix/suffix from config
domainPrefix domainSuffix dashboard_fqdn thing_fqdn (thing = jup, kc, etc)
"" wl.bigco wl.bigco thing.wl.bigco
cust123 wl.bigco cust123.wl.bigco cust123.thing.wl.bigco
wallarooSecretName
In online Helm installs, an image pull secret is created and this is its name. The secret allows
the Kubernetes node to pull images from proxy.replicated.com. In airgap Helm installs, a local
Secret of type `docker-registry` must be created and this value set to its name.
privateModelRegistry
If the customer has specified a private model container registry, the enable flag will reflect
and the secret will be populated. `registry`, `username`, and `password` are mandatory. `email`
is optional. `registry` is of the form "hostname:port". See the Wallaroo Private Model Registry
Guide for registry specific details.
ociRegistry
In order to support edge deployments, a customer-supplied OCI registry is required. The `enable`
flag turns on the feature, which causes the secret to be populated. `registry`, `repository`,
`username`, and `password` are mandatory. `email` is optional. `registry` is of the form
"hostname:port". Important: some cloud OCI registries require creation of the repository before
it can be published to. See the Wallaroo Private Model Registry Guide for registry specific
details.
apilb
Main ingress LB for Wallaroo services.
The Kubernetes Ingress object is not used, instead we deploy a single Envoy load balancer with a
single IP in all cases, which serves: TLS termination, authentication (JWT) checking, and both
host based and path based application routing. Customer should be aware of two values in particular.
`api.serviceType` defaults to `ClusterIP`. If `api.serviceType` is set to `LoadBalancer`, cloud
services will allocate a hosted LB service, in which case the `apilb.annotations` should be
provided, in order to pass configuration such as "internal" or "external" to the cloud service.
Example:
apilb:
serviceType: LoadBalancer
annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true"
edgelb
Edge proxy allows observability: incoming connections from edge site over secured mTLS, carrying
inference results, metrics, and edge management commands. Note: publishing to edge is handled
separately under the ociRegistry tag.
jupyter
If enabled, Jupyter Hub is deployed. This is deployed using helm hooks after the main chart is
rendered. If an upgrade is applied where hub is transitioned from enabled to disabled, any PVCs
will not be removed but they will be inaccessible.
keycloak
Wallaroo can connect to a variety of identity providers, broker OpenID Connect authentication
requests, and then limit access to endpoints. This section configures a https://www.keycloak.org
installation. If a provider is specified here, Keycloak will configure itself to use that on
install. If no providers are specified here, the administrator must login to the Keycloak
service as the administrative user and either add users by hand or create an auth provider. In
general, a client must be created upstream and a URL, client ID, and secret (token) for that
client is entered here.
dbcleaner
Manage retention for fluentbit table. This contains log message outputs from orchestration tasks.
prometheus
Prometheus Metrics. Data will be retained until either retention size or retention time is
exceeded, whichever comes first. It's a little difficult to predict which, because pipelines are
transient and the rate they generate metrics is variable. Scrape interval is fixed at 5s.
plateau
Plateau is a low-profile fixed-footprint log processor / event store for fast storage of
inference results. The amount of disk space provisioned is adjustable. Smaller than "100Gi" is
not recommended for performance reasons.
wsProxy
This controls the wsProxy, and should only be enabled if nats (ArbEx) is also enabled.
wsProxy is required for the Dashboard to subscribe to events and show notifications.
arbEx
Arbitrary Execution
orchestration
Pipeline orchestration is general task execution service that allows users to upload arbitrary
code and have it executed on their behalf by the system. nats and arbex must be enabled.
pipelines
Pipelines is service that supports packaging and publishing pipelines suitable for edge deployments.
It requires ociRegistry to be configured.
wallsvc
Wallsvc runs arbex, models, pipelines and orchestration.