SearchVarnish Helm Chart
string
A string. While the YAML spec does not require strings to be quoted, it is highly recommended to quote strings
to prevent YAML type coercion (e.g., values such as country: NO are treated as country: false by YAML).
Example:
key1: "value"
# or multi-line
key2: |
value
number
A number.
key1: 42
# or float
key2: 3.14
boolean
A true or false. While the YAML spec also treats keywords such as “yes” and “no” as true and false, respectively, it is highly recommended to use explicit true and false as the value for maintainability.
key1: true
object
A pair of key value.
key1:
subkey1: "string"
subkey2: 3.14
subkey3: true
# alternatively, using JSON syntax
key2: { "subkey1": "string", "subkey2": 3.14, "subkey3": true }
array of objects
An array of objects.
key1:
- name: "value1"
subkey: "value"
- name: "value2"
subkey: "value"
array of strings
An array of strings.
key1:
- "string1"
- "string2"
- "string3"
# alternatively, using JSON syntax
key1: ["string1", "string2", "string3"]
template string
A pair of key value as a string. Template functions exposed by Helm are available in this type.
key1: |
subkey1: {{ .Release.Name | quote }}
subkey2: "hello, world"
# in array of objects
key2: |
- name: {{ .Release.Name | quote }}
subkey1: "hello, world"
Overrides the name of the chart (without the release name). For example, setting nameOverride to “hello” would produce
a deployment named “release-name-hello”. Containers within a pod derive their name from this setting. By default,
the name of the chart is used (i.e., “varnish-controller”)
Overrides the full name of the chart (with the release name). This setting allows overriding both release name and
a deployment name altogether. For example, setting fullnameOverride to “hello” would produce a deployment named
“hello”. By default, a composition of a Helm release name and the name of the chart is used
(i.e., “release-name-varnish-controller”).
An array of object that conforms to Kubernetes’ imagePullSecrets definition.
When set, each item in an array must consist of an object with a key name referencing the Kubernetes a
secret.
For example:
global:
imagePullSecrets:
- name: registry-quay-k7c2f4m2d5
An object that conforms to Kubernetes’ securityContext definition of a Pod.
For example:
global:
podSecurityContext:
fsGroup: 999
This securityContext will be set on all Pods within this chart. For setting securityContext on all containers,
see global.securityContext.
An object that conforms to Kubernetes’ securityContext definition of a Container.
For example:
global:
securityContext:
runAsUser: 999
runAsNonRoot: true
This securityContext will be set on all containers within this chart. For setting securityContext on the Pod
itself, see global.podSecurityContext.
An object configuring Varnish Controller access to NATS.
An FQDN to the NATS server. The value is ignored if global.natsServer.internal.enabled is set to true.
-Configures Varnish Controller to use the internal NATS server. Set this to “-” to inherit the value
of nats.enabled. Note that when using a shared values file between Varnish Controller and Varnish Enterprise,
this value should be set to boolean.
Discovers the internal NATS server within the given namespace. By default, the current namespace is used.
Overrides the full name of the internal NATS server. Use the current release name if left blank.
cluster.localOverrides the Kubernetes cluster domain. Required if Kubernetes cluster is configured to use different cluster domain than the default. By default, “cluster.local” is used. In most cases, this value should not be changed.
name: varnish-controller-credentials
key: nats-varnish-password
Sets internal NATS password from external secret. For example:
global:
natsServer:
internal:
passwordFrom:
name: secret-name
key: nats-password
Internal NATS must be configured separately by setting the following values:
nats:
container:
env:
VARNISH_CONTROLLER_NATS_PASSWORD:
valueFrom:
secretKeyRef:
name: secret-name
key: nats-password
trueCreate a Kubernetes service account to use with the deployment.
Applies extra labels to the service account. The value can be set as either an object or a template string.
Applies extra annotations to the service account. The value can be set as either an object or a template string.
Overrides the name of the service account. By default, the full name of the chart is used.
trueEnables the Varnish Controller API-GW.
1Specifies the number of replicas to deploy Varnish Controller API-GW server.
The value is ignored if server.autoscaling.enabled is set to true.
Applies extra labels to the deployment. The value can be set as either an object or a template string.
Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use
apigw.podLabels.
Applies extra annotations to the deployment. The value can be set as either an object or a template string.
Deployment annotations can be used to for applying additional metadata or for integrating with external tooling.
Annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use
apigw.podAnnotations.
Configures deployment strategy to use to replace existing Pod with a new one
quay.io/varnish-software/varnish-controller-api-gwSets the repository for Varnish Controller APIGW image.
IfNotPresentSets the imagePullPolicy for the Varnish Controller API-GW image. This can be one of Always, Never, or IfNotPreset.
Sets the tag for the Varnish Controller API-GW image. By default, this is set to the same
application version as in the Varnish Controller Helm Chart. If the tag is set to
non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy
to “Always” to make sure the image is always updated.
An object for configuring HorizontalPodAutoscaling.
falseEnables the HorizontalPodAutoscaling with the Varnish Controller Pod. apigw.replicas
is ignored if autoscaling is enabled.
1Sets the minimum number of replicas to always keep running.
100Sets the maximum number of replicas to run at most.
Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.
An object for configuring Service.
trueEnables the Service for Varnish Controller.
Applies extra labels to the Service. The value can be set as either an object or a template string.
Applies extra annotations to the Service. The value can be set as either an object or a template string.
NodePortSets the type of the Service. Can be either CluterIP, LoadBalancer, or NodePort.
Sets a custom Service ClusterIP. This value can be set as either an IP address,
or a literal string “None”. Only applicable when server.service.type is set to ClusterIP. When set to
“None”, Kubernetes will create a Headless Service, skipping Kubernetes’ proxying mechanism.
80Sets the port to expose Varnish Controller API-GW service.
Sets the extra environment variables for the Varnish Controller API-GW.
Applies extra annotations to the Pod. The value can be set as either an object or a template string.
Pod annotations can be used to for applying additional metadata or for integrating with external tooling.
Annotations specified here will be applied to the Pod. To apply labels on the deployment, use
apigw.annotations.
Applies extra labels to the Pod. The value can be set as either an object or a template string.
Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use
apigw.labels.
An object that conforms to Kubernetes’ securityContext definition of a Container.
For example:
server:
securityContext:
runAsUser: 999
This securityContext will be set on the Varnish Controller API-GW container. For setting
securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext
to all containers, see global.securityContext.
An object that conforms to Kubernetes’ startupProbe definition of a Container.
For example:
apigw:
startupProbe:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
An object that confirms to the Kubernetes readinessProbe definition of a Container.
5Sets the initial delay before the first probe is sent to determine if the Varnish Controller API-GW Pod is ready to accept an incoming connection
10Sets the delay between each probe to determine if the Varnish Controller API-GW Pod is ready to accept an incoming connection after the initial probe
1Sets the timeout for the probe to wait for a response from the Varnish Controller API-GW Pod
1Sets the number of times when a consecutive successful response is considered a success and the Varnish Controller API-GW Pod is considered ready to accept an incoming connection
3Sets the number of times when a consecutive failure response is considered a failure and the Varnish Controller API-GW Pod is considered unhealthy
An object that confirms to the Kubernetes livenessProbe definition of a Container.
30Sets the initial delay before the first probe is sent to determine if the Varnish Controller API-GW Pod is still ready to accept an incoming connection (i.e., live)
10Sets the delay between each probe to determine if the Varnish Controller API-GW Pod is still ready to accept an incoming connection after the initial probe
5Sets the timeout for the probe to wait for a response from the Varnish Controller API-GW Pod
1Sets the number of times when a consecutive successful response is considered a success and the Varnish Controller API-GW Pod is considered still ready to accept an incoming connection
3Sets the number of times when a consecutive failure response is considered a failure and the Varnish Controller API-GW Pod is considered unhealthy (i.e., down)
An object that conforms to Kubernetes’ resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller API-GW container
An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.
An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-apigw
app.kubernetes.io/instance: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller API-GW Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.
trueEnables the Varnish Controller Brainz.
1Specifies the number of replicas to deploy Varnish Controller Brainz server.
The value is ignored if server.autoscaling.enabled is set to true.
Applies extra labels to the deployment. The value can be set as either an object or a template string.
Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use
brainz.podLabels.
Applies extra annotations to the deployment. The value can be set as either an object or a template string.
Deployment annotations can be used to for applying additional metadata or for integrating with external tooling.
The annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use
brainz.podAnnotations.
Configures deployment strategy to use to replace existing Pod with a new one
quay.io/varnish-software/varnish-controller-brainzSets the repository for Varnish Controller Brainz image.
IfNotPresentSets the imagePullPolicy for the Varnish Controller Brainz image. This can be one of Always, Never, or IfNotPreset.
Sets the tag for the Varnish Controller Brainz image. By default, this is set to the same
application version as in the Varnish Controller Helm Chart. If the tag is set to
non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy
to “Always” to make sure the image is always updated.
Sets the Varnish Controller Brainz secret name containing the Varnish Controller license.
The secret must contains a key name license.lic.
An object for configuring HorizontalPodAutoscaling.
falseEnables the HorizontalPodAutoscaling with the Varnish Controller Pod. brainz.replicas
is ignored if autoscaling is enabled.
1Sets the minimum number of replicas to always keep running.
100Sets the maximum number of replicas to run at most.
Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.
Sets the extra environment variables for the Varnish Controller Brainz.
Sets a credential for an external PostgreSQL server for Varnish Controller Brainz to connect to.
This variable is ignored if postgresql.enabled is true.
Sets the database name for an external PostgreSQL server.
Sets the host for an external PostgreSQL server. For example, postgresql.example.com:5432
Sets the username for an external PostgreSQL server.
Sets the password for an external PostgreSQL server.
Sets the password for an external PostgreSQL server from an external secret.
For example:
brainz:
externalPostgresql:
passwordFrom:
name: secret-name
key: postgresql-password
Enables TLS connection with an external PostgreSQL server.
Applies extra annotations to the Pod. The value can be set as either an object or a template string.
Pod annotations can be used to for applying additional metadata or for integrating with external tooling.
Annotations specified here will be applied to the Pod. To apply labels on the deployment, use
brainz.annotations.
Applies extra labels to the Pod. The value can be set as either an object or a template string.
Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use
brainz.labels.
An object that conforms to Kubernetes’ securityContext definition of a Container.
For example:
server:
securityContext:
runAsUser: 999
This securityContext will be set on the Varnish Controller Brainz container. For setting
securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext
to all containers, see global.securityContext.
An object that conforms to Kubernetes’ resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller Brainz container.
An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.
An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-brainz
app.kubernetes.io/instance: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller Brainz Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.
Sets the username and password for Varnish Controller. If not set, the username will be set to “admin” and password to be auto-generated and stored in the default secret.
To retrieve the autogenerated value, run:
kubectl get secrets -o jsonpath="{.data.varnish-admin-password}" varnish-controller-credentials | base64 --decode
Sets the username for Varnish Controller’s admin account.
Sets the password for Varnish Controller’s admin account.
By default, the password is auto-generated and saved into a secret varnish-controller-credentials in
the varnish-admin-password key.
Sets the password for Varnish Controller’s admin account from external secret.
For example:
brainz:
modAdminUser:
passwordFrom:
name: secret-name
key: nats-password
trueEnables the Varnish Controller UI.
1Specifies the number of replicas to deploy Varnish Controller UI server.
The value is ignored if server.autoscaling.enabled is set to true.
Applies extra labels to the deployment. The value can be set as either an object or a template string.
Labels specified here will be applied to the deployment itself. To apply labels on the Pod, use
ui.podLabels.
Applies extra annotations to the deployment. The value can be set as either an object or a template string.
Deployment annotations can be used to for applying additional metadata or for integrating with external tooling.
Annotations specified here will be applied to the deployment itself. To apply labels on the Pod, use
ui.podAnnotations.
Configures deployment strategy to use to replace existing Pod with a new one
quay.io/varnish-software/varnish-controller-uiSets the repository for Varnish Controller UI image.
IfNotPresentSets the imagePullPolicy for the Varnish Controller UI image. This can be one of Always, Never, or IfNotPreset.
Sets the tag for the Varnish Controller UI image. By default, this is set to the same
application version as in the Varnish Controller Helm Chart. If the tag is set to
non-exact versions (such as “latest”, or “6.0”), make sure to set server.image.pullPolicy
to “Always” to make sure the image is always updated.
An object for configuring HorizontalPodAutoscaling.
falseEnables the HorizontalPodAutoscaling with the Varnish Controller Pod. ui.replicas
is ignored if autoscaling is enabled.
1Sets the minimum number of replicas to always keep running.
100Sets the maximum number of replicas to run at most.
Sets the HorizontalPodAutoscaling metrics. The value can be set as either an object or a template string.
An object for configuring Service.
trueEnables the Service for Varnish Controller.
Applies extra labels to the Service. The value can be set as either an object or a template string.
Applies extra annotations to the Service. The value can be set as either an object or a template string.
NodePortSets the type of the Service. Can be either CluterIP, LoadBalancer, or NodePort.
Sets a custom Service ClusterIP. This value can be set as either an IP address,
or a literal string “None”. Only applicable when server.service.type is set to ClusterIP. When set to
“None”, Kubernetes will create a Headless Service, skipping Kubernetes’ proxying mechanism.
80Sets the port to expose Varnish Controller UI service.
An object for configuring Ingress.
falseEnables the Ingress for Varnish Controller UI.
Applies extra labels to the Ingress. The value can be set as either an object or a template string.
Applies extra annotations to the Ingress. The value can be set as either an object or a template string.
Sets the Ingress Class for selecting Ingress controller to use.
PrefixSets the Ingress Path Type for the Varnish Controller UI endpoint. The value
can be either Prefix, Exact, or ImplementationSpecific. The value to use here depends on the
Ingress controller.
Sets the hostname for the Ingress. This hostname is used for routing traffic.
An array of objects that conforms to Ingress TLS.
Sets the extra environment variables for the Varnish Controller UI.
Applies extra annotations to the Pod. The value can be set as either an object or a template string.
Pod annotations can be used to for applying additional metadata or for integrating with external tooling.
Annotations specified here will be applied to the Pod. To apply labels on the deployment, use
ui.annotations.
Applies extra labels to the Pod. The value can be set as either an object or a template string.
Labels specified here will be applied to the Pod itself. To apply labels on the deployment, use
ui.labels.
An object that conforms to Kubernetes’ securityContext definition of a Container.
For example:
server:
securityContext:
runAsUser: 999
This securityContext will be set on the Varnish Controller UI container. For setting
securityContext on the Pod itself, see global.podSecurityContext. For setting securityContext
to all containers, see global.securityContext.
An object that conforms to the Kubernetes startupProbe definition of a Container
For example:
apigw:
startupProbe:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
An object that confirms to the Kubernetes readinessProbe definition of a Container.
5Sets the initial delay before the first probe is sent to determine if the Varnish Controller UI Pod is ready to accept an incoming connection
10Sets the delay between each probe to determine if the Varnish Controller UI Pod is ready to accept an incoming connection after the initial probe
1Sets the timeout for the probe to wait for a response from the Varnish Controller UI Pod
1Sets the number of times when a consecutive successful response is considered a success and the Varnish Controller UI Pod is considered ready to accept an incoming connection
3Sets the number of times when a consecutive failure response is considered a failure and the Varnish Controller UI Pod is considered unhealthy
An object that confirms to the Kubernetes livenessProbe definition of a Container.
30Sets the initial delay before the first probe is sent to determine if the Varnish Controller UI Pod is still ready to accept an incoming connection (i.e., live)
10Sets the delay between each probe to determine if the Varnish Controller UI Pod is still ready to accept an incoming connection after the initial probe
5Sets the timeout for the probe to wait for a response from the Varnish Controller UI Pod
1Sets the number of times when a consecutive successful response is considered a success and the Varnish Controller UI Pod is considered still ready to accept an incoming connection
3Sets the number of times when a consecutive failure response is considered a failure and the Varnish Controller UI Pod is considered unhealthy (i.e., down)
An object that conforms to the Kubernetes resources definition of a Container, this configuration can be used to limit resources consumed by the Varnish Controller UI container.
An object that conforms to Kubernetes’ nodeSelector definition of a Pod. This configuration is used to select a node to schedule a Pod to. The value can be set as either an object or a template string.
An object that conforms to Kubernetes’ tolerations definition of a Pod. This configuration is used to allow the Pod to be scheduled to nodes with specific taints. The value can be set as either an array of strings or a template string.
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "varnish-controller.name" . }}-ui
app.kubernetes.io/instance: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
This configuration is used to fine-grain control the scheduling of the Pod. By default, this is set to ensure all Varnish Controller UI Pods are always run in a different node. To disable this behavior, set to empty string (""). The value can be set as either an object or a template string.
This section only outlines the default variables set by Varnish Controller Helm Chart.
For more configuration options, see https://artifacthub.io/packages/helm/nats/nats/1.0.3.
trueConfigures NATS subchart. Only deployed if nats.enabled is true.
config:
merge:
max_payload: 104857600
max_pending: 104857600
debug: false
authorization:
user: varnish-controller
password: "<< $VARNISH_CONTROLLER_NATS_PASSWORD >>"
Configure NATS. See https://artifacthub.io/packages/helm/nats/nats/1.0.3 for more information.
When overriding this value, config.merge.authorization object must be included as-is to use
automatic discovery. Password is auto-generated as varnish-controller-credentials secret
in the nats-varnish-password key. The value is then injected into NATS via
VARNISH_CONTROLLER_NATS_PASSWORD environment variable.
falseEnables the NATS Reloader sidecar for automatically reloading NATS configuration files.
Varnish Controller does not make use of this functionality and is disabled by default.
falseEnables the NATS Exporter sidecar for exporting metrics to Prometheus.
Varnish Controller does not make use of this functionality and is disabled by default.
falseEnables the NATS Box sidecar for NATS Streaming.
Varnish Controller does not make use of this functionality and is disabled by default.
This section only outlines the default variables set by Varnish Controller Helm Chart.
For more configuration options, see https://artifacthub.io/packages/helm/bitnami/postgresql/12.2.4.
trueConfigures PostgreSQL subchart. Only deployed if postgresql.enabled is true.
trueConfigures whether to use the debug image for PostgreSQL.
It is recommended to set this to false in production.
falseEnables TLS for PostgreSQL.
It is recommended to set this to true in production.
Sets the secret name containing PostgreSQL TLS certificate. The key names for the certificate
file and the key file can be set via postgresql.tls.certFilename and postgresql.tls.certKeyFilename
respectively.
cert.pemSets the certificate filename for PostgreSQL TLS certificate. This is the key name that needs
to be present in the secret as specified by postgresql.tls.certificatesSecret.
cert.keySets the certificate key filename for PostgreSQL TLS certificate. This is the key name that needs
to be present in the secret as specified by postgresql.tls.certificatesSecret.
trueEnables password for the “postgres” admin user.
Sets the default password for the “postgres” admin user. This value is ignored.
By default, Varnish Controller Helm Chart will auto-generate the password and store
in a secret named varnish-controller-credentials with the key postgresql-admin-password.
To enable setting password via this value, set the following:
postgresql:
auth:
secretKeys:
adminPasswordKey: ""
varnish-controllerSets a username for an extra user to be created during initial PostgreSQL deployment. Note that the Varnish Controller uses this value to configure Brainz when an internal PostgreSQL is used.
dummyPasswordIgnoredByExistingSecretSets the default password for the extra user created during initial PostgreSQL deployment. This value is ignored.
By default, Varnish Controller Helm Chart will auto-generate the password and store
in a secret named varnish-controller-credentials with the key postgresql-varnish-password.
To enable setting password via this value, set the following:
postgresql:
auth:
secretKeys:
userPasswordKey: ""
varnish-controller-credentialsSets the secret name to read PostgreSQL passwords from.
When set to a value other than “varnish-controller-credentials”, Varnish Controller Helm Chart
will no longer auto-generate the password to varnish-controller-credentials secret. In this case, it’s necessary to configure postgresql.auth.secretKeys.
adminPasswordKey: postgreql-admin-password
userPasswordKey: postgresql-varnish-password
replicationPasswordKey: postgresql-replication-password
Sets the secret key to read PostgreSQL passwords from.
varnish_controllerSets a database name for an extra user to be created during initial PostgreSQL deployment. Note that the Varnish Controller uses this value to configure Brainz when an internal PostgreSQL is used.
trueEnables data persistence using PersistentVolumes.
trueEnables connection logging.
trueEnables init container that changes the owner and group of the PersistentVolumes.
An array of objects to attach Kubernetes manifests to the deployment.
For example:
extraManifests:
- name: clusterrole
data: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-clusterrole
# ...
The name of the manifest. Only used if extraManifests[].checksum is true.
Whether to attach the manifest’s checksum to that of workload to force an automatic rollout when the manifest is updated.
The full content of the manifest.