Search
Varnish Helm Chart

Configurations

Configuration types

string

A string. While the YAML spec does not require strings to be quoted, it is highly recommended to quote strings to prevent YAML type coercion (e.g., values such as country: NO are treated as country: false by YAML).

Example:

key1: "value"

# or multi-line
key2: |
  value

number

A number.

key1: 42

# or float
key2: 3.14

boolean

A true or false. While the YAML spec also treats keywords such as “yes” and “no” as true and false, respectively, it is highly recommended to use explicit true and false as the value for maintainability.

key1: true

object

A pair of key value.

key1:
  subkey1: "string"
  subkey2: 3.14
  subkey3: true

# alternatively, using JSON syntax
key2: { "subkey1": "string", "subkey2": 3.14, "subkey3": true }

array of objects

An array of objects.

key1:
  - name: "value1"
    subkey: "value"
  - name: "value2"
    subkey: "value"

array of strings

An array of strings.

key1:
  - "string1"
  - "string2"
  - "string3"

# alternatively, using JSON syntax
key1: ["string1", "string2", "string3"]

template string

A pair of key value as a string. Template functions exposed by Helm are available in this type.

key1: |
  subkey1: {{ .Release.Name | quote }}
  subkey2: "hello, world"

# in array of objects
key2: |
  - name: {{ .Release.Name | quote }}
    subkey1: "hello, world"

Chart configurations

nameOverride

  • Type: string

Overrides the name of the chart (without the release name). For example, setting nameOverride to “hello” would produce a deployment named “release-name-hello”. Containers within a pod derive their name from this setting. By default, the name of the chart is used (i.e., “varnish-controller”)

fullnameOverride

  • Type: string

Overrides the full name of the chart (with the release name). This setting allows overriding both release name and a deployment name altogether. For example, setting fullnameOverride to “hello” would produce a deployment named “hello”. By default, a composition of a Helm release name and the name of the chart is used (i.e., “release-name-varnish-controller”).

Global configurations

global.imagePullSecrets

  • Type: array of object

An array of object that conforms to Kubernetes’ imagePullSecrets definition. When set, each item in an array must consist of an object with a key name referencing the Kubernetes a secret.

For example:

global:
  imagePullSecrets:
    - name: registry-quay-k7c2f4m2d5

global.podSecurityContext

  • Type: object

An object that conforms to Kubernetes’ securityContext definition of a Pod.

For example:

global:
  podSecurityContext:
    fsGroup: 999

This securityContext will be set on all Pods within this chart. For setting securityContext on all containers, see global.securityContext.

global.securityContext

  • Type: object

An object that conforms to Kubernetes’ securityContext definition of a Container.

For example:

global:
  securityContext:
    runAsUser: 999
    runAsNonRoot: true

This securityContext will be set on all containers within this chart. For setting securityContext on the Pod itself, see global.podSecurityContext.

global.natsServer

  • Type: object

An object configuring Varnish Controller access to NATS.

global.natsServer.externalAddress

  • Type: string

An FQDN to the NATS server. The value is ignored if global.natsServer.internal.enabled is set to true.

global.natsServer.internal.enabled

  • Type: boolean or string
  • Default: -

Configures Varnish Controller to use the internal NATS server. Set this to “-” to inherit the value of nats.enabled. Note that when using a shared values file between Varnish Controller and Varnish Enterprise, this value should be set to boolean.

global.natsServer.internal.namespace

  • Type: string

Discovers the internal NATS server within the given namespace. By default, the current namespace is used.

global.natsServer.internal.releaseName

  • Type: string

Overrides the full name of the internal NATS server. Use the current release name if left blank.

global.natsServer.internal.clusterDomain

  • Type: string
  • Default: cluster.local

Overrides the Kubernetes cluster domain. Required if Kubernetes cluster is configured to use different cluster domain than the default. By default, “cluster.local” is used. In most cases, this value should not be changed.

global.natsServer.internal.passwordFrom

  • Type: object
  • Default:
    name: varnish-controller-credentials
    key: nats-varnish-password
    
  • Availability: v1.3.0

Sets internal NATS password from external secret. For example:

global:
  natsServer:
    internal:
      passwordFrom:
        name: secret-name
        key: nats-password

Internal NATS must be configured separately by setting the following values:

nats:
  container:
    env:
      VARNISH_CONTROLLER_NATS_PASSWORD:
        valueFrom:
          secretKeyRef:
            name: secret-name
            key: nats-password

Service Account configurations

serviceAccount.create

  • Type: boolean
  • Default: true

Create a Kubernetes service account to use with the deployment.

serviceAccount.labels

  • Type: object or template string

Applies extra labels to the service account. The value can be set as either an object or a template string.

serviceAccount.annotations

  • Type: object or template string

Applies extra annotations to the service account. The value can be set as either an object or a template string.

serviceAccount.name

  • Type: string

Overrides the name of the service account. By default, the full name of the chart is used.

API-GW configurations

apigw.enabled

  • Type: boolean
  • Default: true

Enables the Varnish Controller API-GW.

apigw.replicas

  • Type: number
  • Default: 1

Specifies the number of replicas to deploy Varnish Controller API-GW server. The value is ignored if server.autoscaling.enabled is set to true.

apigw.labels

  • Type: object or template string

Applies extra labels to the deployment. The value can be set as either an object or a template string. Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use apigw.podLabels.

apigw.annotations

  • Type: object or template string

Applies extra annotations to the deployment. The value can be set as either an object or a template string. Deployment annotations can be used to for applying additional metadata or for integrating with external tooling. Annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use apigw.podAnnotations.

apigw.strategy

  • Type: object or template string

Configures deployment strategy to use to replace existing Pod with a new one

apigw.image.repository

  • Type: string
  • Default: quay.io/varnish-software/varnish-controller-api-gw

Sets the repository for Varnish Controller APIGW image.

apigw.image.pullPolicy

  • Type: string
  • Default: IfNotPresent

Sets the imagePullPolicy for the Varnish Controller API-GW image. This can be one of Always, Never, or IfNotPreset.

apigw.image.tag

  • Type: string
  • Default: same as appVersion

Sets the tag for the Varnish Controller API-GW image. By default, this is set to the same application version as in the Varnish Controller Helm Chart. If the tag is set to non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy to “Always” to make sure the image is always updated.

apigw.autoscaling

  • Type: object

An object for configuring HorizontalPodAutoscaling.

apigw.autoscaling.enabled

  • Type: boolean
  • Default: false

Enables the HorizontalPodAutoscaling with the Varnish Controller Pod. apigw.replicas is ignored if autoscaling is enabled.

apigw.autoscaling.minReplicas

  • Type: number
  • Default: 1

Sets the minimum number of replicas to always keep running.

apigw.autoscaling.maxReplicas

  • Type: number
  • Default: 100

Sets the maximum number of replicas to run at most.

apigw.autoscaling.metrics

  • Type: object or template string

Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.

apigw.service

  • Type: object

An object for configuring Service.

apigw.service.enabled

  • Type: boolean
  • Default: true

Enables the Service for Varnish Controller.

apigw.service.labels

  • Type: object or template string

Applies extra labels to the Service. The value can be set as either an object or a template string.

apigw.service.annotations

  • Type: object or template string

Applies extra annotations to the Service. The value can be set as either an object or a template string.

apigw.service.type

  • Type: string
  • Default: NodePort

Sets the type of the Service. Can be either CluterIP, LoadBalancer, or NodePort.

apigw.service.clusterIP

  • Type: string

Sets a custom Service ClusterIP. This value can be set as either an IP address, or a literal string “None”. Only applicable when server.service.type is set to ClusterIP. When set to “None”, Kubernetes will create a Headless Service, skipping Kubernetes’ proxying mechanism.

apigw.service.port

  • Type: number
  • Default: 80

Sets the port to expose Varnish Controller API-GW service.

apigw.extraEnvs

  • Type: object

Sets the extra environment variables for the Varnish Controller API-GW.

apigw.podAnnotations

  • Type: object or template string

Applies extra annotations to the Pod. The value can be set as either an object or a template string. Pod annotations can be used to for applying additional metadata or for integrating with external tooling. Annotations specified here will be applied to the Pod. To apply labels on the deployment, use apigw.annotations.

apigw.podLabels

  • Type: object or template string

Applies extra labels to the Pod. The value can be set as either an object or a template string. Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use apigw.labels.

apigw.securityContext

  • Type: object

An object that conforms to Kubernetes’ securityContext definition of a Container.

For example:

server:
  securityContext:
    runAsUser: 999

This securityContext will be set on the Varnish Controller API-GW container. For setting securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext to all containers, see global.securityContext.

apigw.startupProbe

  • Type: object
  • Availability: v1.1.0

An object that conforms to Kubernetes’ startupProbe definition of a Container.

For example:

apigw:
  startupProbe:
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3

apigw.readinessProbe

  • Type: object
  • Default:
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
    

An object that confirms to the Kubernetes readinessProbe definition of a Container.

apigw.livenessProbe

  • Type: object
  • Default:
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
    

An object that confirms to the Kubernetes livenessProbe definition of a Container.

apigw.resources

  • Type: object

An object that conforms to Kubernetes’ resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller API-GW container

apigw.nodeSelector

  • Type: object or template string

An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.

apigw.tolerations

  • Type: array of strings or template string

An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.

apigw.affinity

  • Type: object or template string
  • Default: template string
podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-apigw
          app.kubernetes.io/instance: {{ .Release.Name }}
      topologyKey: kubernetes.io/hostname

This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller API-GW Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.

Brainz configurations

brainz.enabled

  • Type: boolean
  • Default: true

Enables the Varnish Controller Brainz.

brainz.replicas

  • Type: number
  • Default: 1

Specifies the number of replicas to deploy Varnish Controller Brainz server. The value is ignored if server.autoscaling.enabled is set to true.

brainz.labels

  • Type: object or template string

Applies extra labels to the deployment. The value can be set as either an object or a template string. Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use brainz.podLabels.

brainz.annotations

  • Type: object or template string

Applies extra annotations to the deployment. The value can be set as either an object or a template string. Deployment annotations can be used to for applying additional metadata or for integrating with external tooling. The annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use brainz.podAnnotations.

brainz.strategy

  • Type: object or template string

Configures deployment strategy to use to replace existing Pod with a new one

brainz.image.repository

  • Type: string
  • Default: quay.io/varnish-software/varnish-controller-brainz

Sets the repository for Varnish Controller Brainz image.

brainz.image.pullPolicy

  • Type: string
  • Default: IfNotPresent

Sets the imagePullPolicy for the Varnish Controller Brainz image. This can be one of Always, Never, or IfNotPreset.

brainz.image.tag

  • Type: string
  • Default: same as appVersion

Sets the tag for the Varnish Controller Brainz image. By default, this is set to the same application version as in the Varnish Controller Helm Chart. If the tag is set to non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy to “Always” to make sure the image is always updated.

brainz.licenseSecret

  • Type: string

Sets the Varnish Controller Brainz secret name containing the Varnish Controller license. The secret must contains a key name license.lic.

brainz.autoscaling

  • Type: object

An object for configuring HorizontalPodAutoscaling.

brainz.autoscaling.enabled

  • Type: boolean
  • Default: false

Enables the HorizontalPodAutoscaling with the Varnish Controller Pod. brainz.replicas is ignored if autoscaling is enabled.

brainz.autoscaling.minReplicas

  • Type: number
  • Default: 1

Sets the minimum number of replicas to always keep running.

brainz.autoscaling.maxReplicas

  • Type: number
  • Default: 100

Sets the maximum number of replicas to run at most.

brainz.autoscaling.metrics

  • Type: object or template string

Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.

brainz.extraEnvs

  • Type: object

Sets the extra environment variables for the Varnish Controller Brainz.

brainz.externalPostgresql

  • Type: object

Sets a credential for an external PostgreSQL server for Varnish Controller Brainz to connect to. This variable is ignored if postgresql.enabled is true.

brainz.externalPostgresql.database

  • Type: string

Sets the database name for an external PostgreSQL server.

brainz.externalPostgresql.host

  • Type: string

Sets the host for an external PostgreSQL server. For example, postgresql.example.com:5432

brainz.externalPostgresql.user

  • Type: string

Sets the username for an external PostgreSQL server.

brainz.externalPostgresql.password

  • Type: string

Sets the password for an external PostgreSQL server.

brainz.externalPostgresql.passwordFrom

  • Type: object
  • Availability: v1.3.0

Sets the password for an external PostgreSQL server from an external secret.

For example:

brainz:
  externalPostgresql:
    passwordFrom:
      name: secret-name
      key: postgresql-password

brainz.externalPostgresql.tls

  • Type: boolean

Enables TLS connection with an external PostgreSQL server.

brainz.podAnnotations

  • Type: object or template string

Applies extra annotations to the Pod. The value can be set as either an object or a template string. Pod annotations can be used to for applying additional metadata or for integrating with external tooling. Annotations specified here will be applied to the Pod. To apply labels on the deployment, use brainz.annotations.

brainz.podLabels

  • Type: object or template string

Applies extra labels to the Pod. The value can be set as either an object or a template string. Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use brainz.labels.

brainz.securityContext

  • Type: object

An object that conforms to Kubernetes’ securityContext definition of a Container.

For example:

server:
  securityContext:
    runAsUser: 999

This securityContext will be set on the Varnish Controller Brainz container. For setting securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext to all containers, see global.securityContext.

brainz.resources

  • Type: object

An object that conforms to Kubernetes’ resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller Brainz container.

brainz.nodeSelector

  • Type: object or template string

An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.

brainz.tolerations

  • Type: array of strings or template string

An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.

brainz.affinity

  • Type: object or template string
  • Default: template string
podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-brainz
          app.kubernetes.io/instance: {{ .Release.Name }}
      topologyKey: kubernetes.io/hostname

This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller Brainz Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.

brainz.modAdminUser

  • Type: object

Sets the username and password for Varnish Controller. If not set, the username will be set to “admin” and password to be auto-generated and stored in the default secret.

To retrieve the autogenerated value, run:

kubectl get secrets -o jsonpath="{.data.varnish-admin-password}" varnish-controller-credentials | base64 --decode

brainz.modAdminUser.username

  • Type: string

Sets the username for Varnish Controller’s admin account.

brainz.modAdminUser.password

  • Type: string

Sets the password for Varnish Controller’s admin account.

By default, the password is auto-generated and saved into a secret varnish-controller-credentials in the varnish-admin-password key.

brainz.modAdminUser.passwordFrom

  • Type: object
  • Availability: v1.3.0

Sets the password for Varnish Controller’s admin account from external secret.

For example:

brainz:
  modAdminUser:
    passwordFrom:
      name: secret-name
      key: nats-password

UI configurations

ui.enabled

  • Type: boolean
  • Default: true

Enables the Varnish Controller UI.

ui.replicas

  • Type: number
  • Default: 1

Specifies the number of replicas to deploy Varnish Controller UI server. The value is ignored if server.autoscaling.enabled is set to true.

ui.labels

  • Type: object or template string

Applies extra labels to the deployment. The value can be set as either an object or a template string. Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use ui.podLabels.

ui.annotations

  • Type: object or template string

Applies extra annotations to the deployment. The value can be set as either an object or a template string. Deployment annotations can be used to for applying additional metadata or for integrating with external tooling. Annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use ui.podAnnotations.

ui.strategy

  • Type: object or template string

Configures deployment strategy to use to replace existing Pod with a new one

ui.image.repository

  • Type: string
  • Default: quay.io/varnish-software/varnish-controller-ui

Sets the repository for Varnish Controller UI image.

ui.image.pullPolicy

  • Type: string
  • Default: IfNotPresent

Sets the imagePullPolicy for the Varnish Controller UI image. This can be one of Always, Never, or IfNotPreset.

ui.image.tag

  • Type: string
  • Default: same as appVersion

Sets the tag for the Varnish Controller UI image. By default, this is set to the same application version as in the Varnish Controller Helm Chart. If the tag is set to non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy to “Always” to make sure the image is always updated.

ui.autoscaling

  • Type: object

An object for configuring HorizontalPodAutoscaling.

ui.autoscaling.enabled

  • Type: boolean
  • Default: false

Enables the HorizontalPodAutoscaling with the Varnish Controller Pod. ui.replicas is ignored if autoscaling is enabled.

ui.autoscaling.minReplicas

  • Type: number
  • Default: 1

Sets the minimum number of replicas to always keep running.

ui.autoscaling.maxReplicas

  • Type: number
  • Default: 100

Sets the maximum number of replicas to run at most.

ui.autoscaling.metrics

  • Type: object or template string

Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.

ui.service

  • Type: object

An object for configuring Service.

ui.service.enabled

  • Type: boolean
  • Default: true

Enables the Service for Varnish Controller.

ui.service.labels

  • Type: object or template string

Applies extra labels to the Service. The value can be set as either an object or a template string.

ui.service.annotations

  • Type: object or template string

Applies extra annotations to the Service. The value can be set as either an object or a template string.

ui.service.type

  • Type: string
  • Default: NodePort

Sets the type of the Service. Can be either CluterIP, LoadBalancer, or NodePort.

ui.service.clusterIP

  • Type: string

Sets a custom Service ClusterIP. This value can be set as either an IP address, or a literal string “None”. Only applicable when server.service.type is set to ClusterIP. When set to “None”, Kubernetes will create a Headless Service, skipping Kubernetes’ proxying mechanism.

ui.service.port

  • Type: number
  • Default: 80

Sets the port to expose Varnish Controller UI service.

ui.ingress

  • Type: object

An object for configuring Ingress.

ui.ingress.enabled

  • Type: boolean
  • Default: false

Enables the Ingress for Varnish Controller UI.

ui.ingress.labels

  • Type: object or template string

Applies extra labels to the Ingress. The value can be set as either an object or a template string.

ui.ingress.annotations

  • Type: object or template string

Applies extra annotations to the Ingress. The value can be set as either an object or a template string.

ui.ingress.ingressClassName

  • Type: string

Sets the Ingress Class for selecting Ingress controller to use.

ui.ingress.pathType

  • Type: string
  • Default: Prefix

Sets the Ingress Path Type for the Varnish Controller UI endpoint. The value can be either Prefix, Exact, or ImplementationSpecific. The value to use here depends on the Ingress controller.

ui.ingress.hosts

  • Type: array of object

Sets the hostname for the Ingress. This hostname is used for routing traffic.

ui.ingress.tls

  • Type: array of objects

An array of objects that conforms to Ingress TLS.

ui.extraEnvs

  • Type: object

Sets the extra environment variables for the Varnish Controller UI.

ui.podAnnotations

  • Type: object or template string

Applies extra annotations to the Pod. The value can be set as either an object or a template string. Pod annotations can be used to for applying additional metadata or for integrating with external tooling. Annotations specified here will be applied to the Pod. To apply labels on the deployment, use ui.annotations.

ui.podLabels

  • Type: object or template string

Applies extra labels to the Pod. The value can be set as either an object or a template string. Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use ui.labels.

ui.securityContext

  • Type: object

An object that conforms to Kubernetes’ securityContext definition of a Container.

For example:

server:
  securityContext:
    runAsUser: 999

This securityContext will be set on the Varnish Controller UI container. For setting securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext to all containers, see global.securityContext.

ui.startupProbe

  • Type: object

An object that conforms to the Kubernetes startupProbe definition of a Container

For example:

apigw:
  startupProbe:
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3

ui.readinessProbe

  • Type: object
  • Availability: v1.1.0
  • Default:
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
    

An object that confirms to the Kubernetes readinessProbe definition of a Container.

ui.livenessProbe

  • Type: object
  • Availability: v1.1.0
  • Default:
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
    

An object that confirms to the Kubernetes livenessProbe definition of a Container.

ui.resources

  • Type: object

An object that conforms to the Kubernetes resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller UI container.

ui.nodeSelector

  • Type: object or template string

An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.

ui.tolerations

  • Type: array of strings or template string

An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.

ui.affinity

  • Type: object or template string
  • Default: template string
podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-ui
          app.kubernetes.io/instance: {{ .Release.Name }}
      topologyKey: kubernetes.io/hostname

This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller UI Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.

Internal NATS configuration

This section only outlines the default variables set by Varnish Controller Helm Chart.

For more configuration options, see https://artifacthub.io/packages/helm/nats/nats/1.0.3.

nats.enabled

  • Type: boolean
  • Default: true

Configures NATS subchart. Only deployed if nats.enabled is true.

nats.config

  • Type: object
  • Default: object
config:
  merge:
    max_payload: 104857600
    max_pending: 104857600
    debug: false

    authorization:
      user: varnish-controller
      password: "<< $VARNISH_CONTROLLER_NATS_PASSWORD >>"

Configure NATS. See https://artifacthub.io/packages/helm/nats/nats/1.0.3 for more information.

When overriding this value, config.merge.authorization object must be included as-is to use automatic discovery. Password is auto-generated as varnish-controller-credentials secret in the nats-varnish-password key. The value is then injected into NATS via VARNISH_CONTROLLER_NATS_PASSWORD environment variable.

nats.reloader.enabled

  • Type: boolean
  • Default: false

Enables the NATS Reloader sidecar for automatically reloading NATS configuration files.

Varnish Controller does not make use of this functionality and is disabled by default.

nats.promExporter.enabled

  • Type: boolean
  • Default: false

Enables the NATS Exporter sidecar for exporting metrics to Prometheus.

Varnish Controller does not make use of this functionality and is disabled by default.

nats.natsBox.enabled

  • Type: boolean
  • Default: false

Enables the NATS Box sidecar for NATS Streaming.

Varnish Controller does not make use of this functionality and is disabled by default.

Internal PostgreSQL configuration

This section only outlines the default variables set by Varnish Controller Helm Chart.

For more configuration options, see https://artifacthub.io/packages/helm/bitnami/postgresql/12.2.4.

postgresql.enabled

  • Type: boolean
  • Default: true

Configures PostgreSQL subchart. Only deployed if postgresql.enabled is true.

postgresql.image.debug

  • Type: boolean
  • Default: true

Configures whether to use the debug image for PostgreSQL.

It is recommended to set this to false in production.

postgresql.tls.enabled

  • Type: boolean
  • Default: false

Enables TLS for PostgreSQL.

It is recommended to set this to true in production.

postgresql.tls.certificatesSecret

  • Type: string

Sets the secret name containing PostgreSQL TLS certificate. The key names for the certificate file and the key file can be set via postgresql.tls.certFilename and postgresql.tls.certKeyFilename respectively.

postgresql.tls.certFilename

  • Type: string
  • Default: cert.pem

Sets the certificate filename for PostgreSQL TLS certificate. This is the key name that needs to be present in the secret as specified by postgresql.tls.certificatesSecret.

postgresql.tls.certKeyFilename

  • Type: string
  • Default: cert.key

Sets the certificate key filename for PostgreSQL TLS certificate. This is the key name that needs to be present in the secret as specified by postgresql.tls.certificatesSecret.

postgresql.auth.enablePostgresUser

  • Type: boolean
  • Default: true

Enables password for the “postgres” admin user.

postgresql.auth.postgresPassword

  • Type: string

Sets the default password for the “postgres” admin user. This value is ignored.

By default, Varnish Controller Helm Chart will auto-generate the password and store in a secret named varnish-controller-credentials with the key postgresql-admin-password. To enable setting password via this value, set the following:

postgresql:
  auth:
    secretKeys:
      adminPasswordKey: ""

postgresql.auth.username

  • Type: string
  • Default: varnish-controller

Sets a username for an extra user to be created during initial PostgreSQL deployment. Note that the Varnish Controller uses this value to configure Brainz when an internal PostgreSQL is used.

postgresql.auth.password

  • Type: string
  • Default: dummyPasswordIgnoredByExistingSecret

Sets the default password for the extra user created during initial PostgreSQL deployment. This value is ignored.

By default, Varnish Controller Helm Chart will auto-generate the password and store in a secret named varnish-controller-credentials with the key postgresql-varnish-password. To enable setting password via this value, set the following:

postgresql:
  auth:
    secretKeys:
      userPasswordKey: ""

postgresql.auth.existingSecret

  • Type: string
  • Default: varnish-controller-credentials

Sets the secret name to read PostgreSQL passwords from.

When set to a value other than “varnish-controller-credentials”, Varnish Controller Helm Chart will no longer auto-generate the password to varnish-controller-credentials secret. In this case, it’s necessary to configure postgresql.auth.secretKeys.

postgresql.auth.secretKeys

  • Type: object
  • Default:
    adminPasswordKey: postgreql-admin-password
    userPasswordKey: postgresql-varnish-password
    replicationPasswordKey: postgresql-replication-password
    

Sets the secret key to read PostgreSQL passwords from.

postgresql.auth.database

  • Type: string
  • Default: varnish_controller

Sets a database name for an extra user to be created during initial PostgreSQL deployment. Note that the Varnish Controller uses this value to configure Brainz when an internal PostgreSQL is used.

postgresql.primary.persistence.enabled

  • Type: boolean
  • Default: true

Enables data persistence using PersistentVolumes.

postgresql.audit.logConnections

  • Type: boolean
  • Default: true

Enables connection logging.

postgresql.volumePermissions.enabled

  • Type: boolean
  • Default: true

Enables init container that changes the owner and group of the PersistentVolumes.

extraManifests

  • Type: array of object
  • Availability: v1.2.1

An array of objects to attach Kubernetes manifests to the deployment.

For example:

extraManifests:
  - name: clusterrole
    data: |
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: {{ .Release.Name }}-clusterrole
      # ...

extraManifests[].name

  • Type: string
  • Availability: v1.2.1

The name of the manifest. Only used if extraManifests[].checksum is true.

extraManifests[].checksum

  • Type: boolean
  • Availability: v1.2.1

Whether to attach the manifest’s checksum to that of workload to force an automatic rollout when the manifest is updated.

extraManifests[].data

  • Type: object or template string
  • Availability: v1.2.1

The full content of the manifest.