This document explains how to create your custom values file for the Scalar Admin for Kubernetes chart. For details on the parameters, see the README of the Scalar Admin for Kubernetes chart.

Required configurations

This section explains the required configurations when setting up a custom values file for Scalar Admin for Kubernetes.

Flag configurations

You must specify several flags to scalarAdminForKubernetes.commandArgs as an array to run Scalar Admin for Kubernetes. For more details on the flags, see README of Scalar Admin for Kubernetes.

scalarAdminForKubernetes:
  commandArgs:
    - -r
    - <HELM_RELEASE_NAME>
    - -n
    - <SCALAR_PRODUCT_NAMESPACE>
    - -d
    - <PAUSE_DURATION>
    - -z
    - <TIMEZONE>

Optional configurations

This section explains the optional configurations when setting up a custom values file for Scalar Admin for Kubernetes.

CronJob configurations (optional based on your environment)

By default, the Scalar Admin for Kubernetes chart creates a Job resource to run the Scalar Admin for Kubernetes CLI tool once. If you want to run the Scalar Admin for Kubernetes CLI tool periodically by using CronJob, you can set scalarAdminForKubernetes.jobType to cronjob. Also, you can set some configurations for the CronJob resource.

scalarAdminForKubernetes:
  cronJob:
    timeZone: "Etc/UTC"
    schedule: "0 0 * * *"

To control pod resources by using requests and limits in Kubernetes, you can use scalarAdminForKubernetes.resources.

You can configure requests and limits by using the same syntax as requests and limits in Kubernetes. For more details on requests and limits in Kubernetes, see Resource Management for Pods and Containers.

scalarAdminForKubernetes:
  resources:
    requests:
      cpu: 1000m
      memory: 2Gi
    limits:
      cpu: 2000m
      memory: 4Gi

To set SecurityContext and PodSecurityContext for Scalar Admin for Kubernetes pods, you can use scalarAdminForKubernetes.securityContext and scalarAdminForKubernetes.podSecurityContext.

You can configure SecurityContext and PodSecurityContext by using the same syntax as SecurityContext and PodSecurityContext in Kubernetes. For more details on the SecurityContext and PodSecurityContext configurations in Kubernetes, see Configure a Security Context for a Pod or Container.

scalarAdminForKubernetes:
  podSecurityContext:
    seccompProfile:
      type: RuntimeDefault
  securityContext:
    capabilities:
      drop:
        - ALL
    runAsNonRoot: true
    allowPrivilegeEscalation: false

If you want to change the image repository, you can use scalarAdminForKubernetes.image.repository to specify the container repository information of the Scalar Admin for Kubernetes image that you want to pull.

scalarAdminForKubernetes:
  image:
    repository: <SCALAR_ADMIN_FOR_KUBERNETES_CONTAINER_IMAGE>

Taint and toleration configurations (optional based on your environment)

If you want to control pod deployment by using taints and tolerations in Kubernetes, you can use scalarAdminForKubernetes.tolerations.

You can configure taints and tolerations by using the same syntax as the tolerations in Kubernetes. For details on configuring tolerations in Kubernetes, see the official Kubernetes documentation Taints and Tolerations.

scalarAdminForKubernetes:
  tolerations:
    - effect: NoSchedule
      key: scalar-labs.com/dedicated-node
      operator: Equal
      value: scalardb-analytics-postgresql

TLS configurations (optional based on your environment)

You can enable TLS between Scalar Admin for Kubernetes and the pause targets (ScalarDB Cluster or ScalarDL) by using the following configurations:

scalarAdminForKubernetes:
  commandArgs:
    - (omit other options)
    - --tls
    - --ca-root-cert-path
    - /tls/certs/ca.crt
    - --override-authority
    - cluster.scalardb.example.com

You can mount the /tls/certs/ca.crt file on a pod by using a secret resource. To mount the file, specify the name of the secret resource that includes the root CA certificate file to scalarAdminForKubernetes.tls.caRootCertSecret as follows:

scalarAdminForKubernetes:
  tls:
    caRootCertSecret: "scalar-admin-tls-ca"

In this case, you have to create a secret resource that includes the root CA certificate file for the pause targets (ScalarDB Cluster or ScalarDL) as follows:

kubectl create secret generic scalar-admin-tls-ca --from-file=ca.crt=/path/to/your/ca/certificate/file -n <NAMESPACE>