This document explains how to create your custom values file for the ScalarDL Ledger chart. If you want to know the details of the parameters, please refer to the README of the ScalarDL Ledger chart.
Scalar Envoy configurations
You must set the Scalar Envoy configurations in the custom values file for ScalarDL Ledger. This is because client requests are sent to ScalarDL Ledger via Scalar Envoy as the load balancer of gRPC requests if you deploy ScalarDL Ledger on a Kubernetes environment.
Please refer to the document Configure a custom values file for Scalar Envoy for more details on the Scalar Envoy configurations.
envoy: configurationsForScalarEnvoy: ... ledger: configurationsForScalarDLLedger: ...
You must set
ledger.image.repository. Be sure to specify the ScalarDL Ledger container image so that you can pull the image from the container repository.
ledger: image: repository: <SCALARDL_LEDGER_CONTAINER_IMAGE>
If you’re using AWS or Azure, please refer to the following documents for more details:
- How to install Scalar products through AWS Marketplace
- How to install Scalar products through Azure Marketplace
You must set
ledger.ledgerProperties. Please set your
ledger.properties to this parameter. Please refer to the ledger.properties for more details on the configuration of ScalarDL Ledger.
ledger: ledgerProperties: | scalar.db.contact_points=localhost scalar.db.username=cassandra scalar.db.password=cassandra scalar.db.storage=cassandra scalar.dl.ledger.proof.enabled=true scalar.dl.ledger.auditor.enabled=true scalar.dl.ledger.proof.private_key_path=/keys/ledger-key-file
If you set
true (this configuration is required if you use ScalarDL Auditor), you must set a private key file to
In this case, you must mount the private key file on the ScalarDL Ledger pod.
For more details on how to mount the private key file, refer to Mount key and certificate files on a pod in ScalarDL Helm Charts.
Resource configurations (Recommended in the production environment)
If you want to control pod resources using the requests and limits of Kubernetes, you can use
Note that the resources for one pod of Scalar products are limited to 2vCPU / 4GB memory from the perspective of the commercial license. Also, when you get the pay-as-you-go containers provided from AWS Marketplace, you cannot run those containers with more than 2vCPU / 4GB memory configuration in the
resources.limits. When you exceed this limitation, pods are automatically stopped.
You can configure them using the same syntax as the requests and limits of Kubernetes. So, please refer to the official document Resource Management for Pods and Containers for more details on the requests and limits of Kubernetes.
ledger: resources: requests: cpu: 2000m memory: 4Gi limits: cpu: 2000m memory: 4Gi
Secret configurations (Recommended in the production environment)
If you want to use environment variables to set some properties (e.g., credentials) in the
ledger.ledgerProperties, you can use
ledger.secretName to specify the Secret resource that includes some credentials.
For example, you can set credentials for a backend database (
scalar.db.password) using environment variables, which makes your pods more secure.
Please refer to the document How to use Secret resources to pass the credentials as the environment variables into the properties file for more details on how to use a Secret resource.
ledger: secretName: "ledger-credentials-secret"
Affinity configurations (Recommended in the production environment)
If you want to control pod deployment using the affinity and anti-affinity of Kubernetes, you can use
You can configure them using the same syntax as the affinity of Kubernetes. So, please refer to the official document Assigning Pods to Nodes for more details on the affinity configuration of Kubernetes.
ledger: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - scalardl - key: app.kubernetes.io/app operator: In values: - ledger topologyKey: kubernetes.io/hostname weight: 50
Prometheus/Grafana configurations (Recommended in the production environment)
If you want to monitor ScalarDL Ledger pods using kube-prometheus-stack, you can deploy a ConfigMap, a ServiceMonitor, and a PrometheusRule resource for kube-prometheus-stack using
ledger: grafanaDashboard: enabled: true namespace: monitoring serviceMonitor: enabled: true namespace: monitoring interval: 15s prometheusRule: enabled: true namespace: monitoring
SecurityContext configurations (Default value is recommended)
If you want to set SecurityContext and PodSecurityContext for ScalarDL Ledger pods, you can use
You can configure them using the same syntax as SecurityContext and PodSecurityContext of Kubernetes. So, please refer to the official document Configure a Security Context for a Pod or Container for more details on the SecurityContext and PodSecurityContext configurations of Kubernetes.
ledger: podSecurityContext: seccompProfile: type: RuntimeDefault securityContext: capabilities: drop: - ALL runAsNonRoot: true allowPrivilegeEscalation: false
Replica configurations (Optional based on your environment)
You can specify the number of replicas (pods) of ScalarDL Ledger using
ledger: replicaCount: 3
Logging configurations (Optional based on your environment)
If you want to change the log level of ScalarDL Ledger, you can use
ledger: scalarLedgerConfiguration: ledgerLogLevel: INFO
Taint and toleration configurations (Optional based on your environment)
If you want to control pod deployment by using the taints and tolerations in Kubernetes, you can use
You can configure taints and tolerations by using the same syntax as the tolerations in Kubernetes. For details on configuring tolerations in Kubernetes, see the official Kubernetes documentation Taints and Tolerations.
ledger: tolerations: - effect: NoSchedule key: scalar-labs.com/dedicated-node operator: Equal value: scalardl-ledger