Wallaroo Helm Reference Table
A Helm chart for the control plane for Wallaroo
Configuration
The following table lists the configurable parameters of the Wallaroo chart and their default values.
Parameter | Description | Default |
---|---|---|
kubernetes_distribution | Required. Must be one of: aks, eks, gke, oke, or kurl. | "" |
imageRegistry | imageRegistry where images are pulled from | "ghcr.io/wallaroolabs" |
replImagePrefix | imageRegistry where images are pulled from, as overridden by Kots | "ghcr.io/wallaroolabs" |
assays.enabled | Controls the display of Assay data in the Dashboard | true |
custTlsSecretName | Name of existing Kubernetes TLS type secret | "" |
deploymentStage | Deployment stage, must be set to “cust” when deployed | "cust" |
custTlsCert | Customer provided certificate chain when deploymentStage is “cust”. | "" |
custTlsKey | Customer provided private key when deploymentStage is “cust”. | "" |
nodeSelector | Global node selector | {} |
tolerations | Global tolerations | [{"key": "wallaroo", "operator": "Exists", "effect": "NoSchedule"}] |
domainPrefix | DNS prefix of Wallaroo endpoints, can be "" for none, but do not leave blank | "xxx" |
domainSuffix | DNS suffix of Wallaroo endpoints, MUST be provided | "yyy" |
externalIpOverride | Used in cases where we can’t accurately determine our external, inbound IP address. Normally “”. | "" |
imagePullPolicy | Global policy saying when K8s pulls images: Always, Never, or IfNotPresent. | "Always" |
wallarooSecretName | Secret name for pulling Wallaroo images | "regcred" |
privateModelRegistry.enabled | If true, external containerized models can be accessed | false |
privateModelRegistry.registry | Registry URL, eg “reg.big.corp:3579” | "" |
privateModelRegistry.email | Optional, for bookkeeping | "" |
privateModelRegistry.username | Username access credential | "" |
privateModelRegistry.password | Password access credential | "" |
ociRegistry.enabled | If true, pipelines can be published to this OCI registry for use in edge deployments | false |
ociRegistry.registry | Registry URL, eg “reg.big.corp:3579” | "" |
ociRegistry.repository | Repository within the registry. May contain cloud account, eg “account123/wallaroothings” | "" |
ociRegistry.email | Optional, for bookkeeping | "" |
ociRegistry.username | Username access credential | "" |
ociRegistry.password | Password access credential | "" |
ociRegistry.noTls | Set to true if the registry does not support TLS - for development only | false |
apilb.nodeSelector | standard node selector for API-LB | {} |
apilb.annotations | Annotations for api-lb service | {} |
apilb.serviceType | Service type of api-lb service | "ClusterIP" |
apilb.external_inference_endpoints_enabled | Enable external URL inference endpoints: pipeline inference endpoints that are accessible outside of the Wallaroo cluster. | true |
apilb.ingress_mode | How the Wallaroo instance is reached through the Kubernetes network settings. Options are internal , external ,or none | internal |
edgelb.enabled | Enable edge observability. | false |
edgelb.annotations | Annotations for edge-lb service | {} |
edgelb.serviceType | Service type. If LoadBalancer, host-appropriate annotations should also be given to configure it. | "ClusterIP" |
edgelb.opscenterHost | hostname or IP of opscenter as reachable from edge nodes | "" |
spireServer.joinHost | hostname or IP of the host for edges to join | "" |
jupyter.enabled | If true, a jupyer hub was deployed which components can point to. | true |
jupyter.nodeSelector | Node placement for Hub administrative pods | {} |
jupyter.labNodeSelector | Node placement for Hub-spawned jupyterlab pods | {} |
jupyter.memory.limit | Each Lab - memory limit in GB | "4" |
jupyter.memory.guarantee | Each Lab - lemory guarantee in GB | "2" |
jupyter.cpu.limit | Each Lab - fractional CPU limit | "2.0" |
jupyter.cpu.guarantee | Each Lab - fractional CPU guarantee | "1.0" |
jupyter.storage.capacity | Each Lab - disk storage capacity in GB | "50" |
keycloak.user | administrative username | "admin" |
keycloak.password | default admin password: overridden if generate_secrets is true | "admin" |
keycloak.provider.clientId | upstream client id | "" |
keycloak.provider.clientSecret | upstream client secret | "" |
keycloak.provider.name | human name for provider | "" |
keycloak.provider.id | Type of provider, one of: “github”, “google”, or “OIDC” | "" |
keycloak.provider.authorizationUrl | URL to contact the upstream client for auth requests | null |
keycloak.provider.clientAuthMethod | client auth method - Must be client_secret_post for OIDC provider type, leave blank otherwise. | null |
keycloak.provider.displayName | human name for provider, displayed to end user in login dialogs | null |
keycloak.provider.tokenUrl | Used only for ODIC, see token endpoint under Azure endpoints. | null |
dbcleaner.schedule | when the cleaner runs, default is every eight hours | "* */8 * * *" |
dbcleaner.maxAgeDays | delete older than this many days | "30" |
prometheus.storageRetentionSizeGb | Retain this much data, in GB. | "10" |
prometheus.storageRetentionTimeDays | When to remove old data. In days. | "15" |
plateau.enabled | Enable Plateau deployment | true |
plateau.diskSize | Disk space to allocate. Smaller than 100Gi is not recommended. | "100Gi" |
telemetry.enabled | Used only for our CE product. Leave disabled for EE/Helm installs. | false |
dashboard.enabled | Enable dashboard service | true |
dashboard.clientName | Customer display name which appears at the top of the dashboard window. | "Fitzroy Macropods, LLC" |
minio.imagePullSecrets | Must override for helm + private registry; eg -name: "some-secret" | [] |
minio.image.repository | Must override for helm + private registry | "quay.io/minio/minio" |
minio.mcImage.repository | Must override for helm + private registry | "quay.io/minio/mc" |
minio.persistence.size | Minio model storage disk size. Smaller than 10Gi is not recommended. | "25Gi" |
fluent-bit.imagePullSecrets | Must override for helm + private registry; eg -name: "some-secret" | [] |
fluent-bit.image.repository | Must override for helm + private registry | "cr.fluentbit.io/fluent/fluent-bit" |
helmTests.enabled | When enabled, create “helm test” resources. | true |
helmTests.nodeSelector | When helm test is run, this selector places the test pods. | {} |
explainabilityServer.enabled | Enable the model explainability service | false |