adutra commented on code in PR #3812: URL: https://github.com/apache/polaris/pull/3812#discussion_r2832369762
########## site/content/in-dev/unreleased/helm-chart/reference.md: ########## @@ -17,476 +17,324 @@ # specific language governing permissions and limitations # under the License. # -Title: Polaris Helm Chart +title: Values Reference +linkTitle: Values Reference type: docs -weight: 675 +weight: 900 --- -## Installation - -The instructions below are for the local Minikube cluster. They assume Minikube and Helm are installed. - -### Installing from the official repository (recommended) - -Start the Minikube cluster, add the official Polaris Helm repository, create the target namespace, and install the chart: -```bash -minikube start -helm repo add polaris https://downloads.apache.org/incubator/polaris/helm-chart -helm repo update -kubectl create namespace polaris -helm install polaris polaris/polaris --namespace polaris --devel -``` - -{{< alert note >}} -The --devel flag is required while Polaris is in the incubation phase. -Helm treats the -incubating suffix as a pre‑release by SemVer rules, and will skip charts that are not in a stable versioning scheme by default. -{{< /alert >}} - -Now the cluster should be up and running. You can run the built-in connection test to verify: -```bash -helm test polaris --namespace polaris -``` - -Default Polaris Helm chart values are for a non-persistent backend. To use a persistent backend, you will need to override default values and create required resources. -Polaris Helm chart package includes a number of files that can be used as a starting point for such configuration. To use them, download the chart into a local directory: -```bash -helm pull polaris \ - --repo https://downloads.apache.org/incubator/polaris/helm-chart \ - --devel \ - --untar \ - --untardir ./helm -``` - -{{< alert warning >}} -The examples below use values files located in the `helm/polaris/ci` directory. -**These files are intended for testing purposes primarily, and may not be suitable for production use**. -For production deployments, create your own values files based on the provided examples. -{{< /alert >}} - -Create required resources: -```bash -kubectl apply --namespace polaris -f helm/polaris/ci/fixtures/ -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=postgres --timeout=120s -``` - -{{< alert warning >}} -The Postgres deployment set up in the fixtures directory is intended for testing purposes only and is not suitable for production use. For production deployments, use a managed Postgres service or a properly configured and secured Postgres instance. -{{< /alert >}} - -Install the chart with a persistent backend: -```bash -helm upgrade --install --namespace polaris \ - --values helm/polaris/ci/persistence-values.yaml \ - polaris helm/polaris -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=polaris --timeout=120s -``` - -Run the catalog bootstrap using the Polaris admin tool to initialize the catalog with the required configuration. -For example, to run it as a new pod in the Minikube cluster (the polaris-admin-tool image will be pulled automatically from Docker Hub): -```bash -kubectl run polaris-bootstrap \ - -n polaris \ - --image=apache/polaris-admin-tool:latest \ - --restart=Never \ - --rm -it \ - --env="quarkus.datasource.username=$(kubectl get secret polaris-persistence -n polaris -o jsonpath='{.data.username}' | base64 --decode)" \ - --env="quarkus.datasource.password=$(kubectl get secret polaris-persistence -n polaris -o jsonpath='{.data.password}' | base64 --decode)" \ - --env="quarkus.datasource.jdbc.url=$(kubectl get secret polaris-persistence -n polaris -o jsonpath='{.data.jdbcUrl}' | base64 --decode)" \ - -- \ - bootstrap -r POLARIS -c POLARIS,root,pass -p -``` - -### Build and install from source (advanced) - -Here it is assumed that you have cloned the Polaris Git repository and set up prerequisites to build the project (see [Quickstart Guide](https://polaris.apache.org/in-dev/unreleased/getting-started/install-dependencies/) for details). - -Start the Minikube cluster, then build and load the image into the Minikube cluster: - -```bash -minikube start -eval $(minikube docker-env) - -./gradlew \ - :polaris-server:assemble \ - :polaris-server:quarkusAppPartsBuild --rerun \ - :polaris-admin:assemble \ - :polaris-admin:quarkusAppPartsBuild --rerun \ - -Dquarkus.container-image.build=true -``` - -Create the target namespace: -```bash -kubectl create namespace polaris -``` - -Create all the required resources in the `polaris` namespace. This usually includes a Postgres -database, Kubernetes secrets, and service accounts. The Polaris chart does not create -these resources automatically, as they are not required for all Polaris deployments. The chart will -fail if these resources are not created beforehand. You can find some examples in the -`helm/polaris/ci/fixtures` directory, but beware that these are primarily intended for tests. For example, you can run the following commands: -```bash -kubectl apply --namespace polaris -f helm/polaris/ci/fixtures/ -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=postgres --timeout=120s -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=mongodb --timeout=120s -``` - -Below are two sample deployment models for installing the chart: one with a non-persistent backend and another with a persistent backend. - -{{< alert warning >}} -The examples below use values files located in the `helm/polaris/ci` directory. -**These files are intended for testing purposes primarily, and may not be suitable for production use**. -For production deployments, create your own values files based on the provided examples. -{{< /alert >}} - -#### Non-persistent backend - -Install the chart with a non-persistent backend. From the Polaris repo root: -```bash -helm upgrade --install --namespace polaris \ - polaris helm/polaris -``` - -#### Persistent backend - -{{< alert warning >}} -The Postgres deployment set up in the fixtures directory is intended for testing purposes only and is not suitable for production use. For production deployments, use a managed Postgres service or a properly configured and secured Postgres instance. -{{< /alert >}} - -Install the chart with a persistent backend. From the Polaris repo root: -```bash -helm upgrade --install --namespace polaris \ - --values helm/polaris/ci/persistence-values.yaml \ - polaris helm/polaris -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=polaris --timeout=120s -``` - -To access Polaris and Postgres locally, set up port forwarding for both services (this is needed for bootstrap processes): -```bash -kubectl port-forward -n polaris $(kubectl get pod -n polaris -l app.kubernetes.io/name=polaris -o jsonpath='{.items[0].metadata.name}') 8181:8181 & - -kubectl port-forward -n polaris $(kubectl get pod -n polaris -l app.kubernetes.io/name=postgres -o jsonpath='{.items[0].metadata.name}') 5432:5432 & -``` - -Run the catalog bootstrap using the Polaris admin tool. This step initializes the catalog with the required configuration: -```bash -container_envs=$(kubectl exec -it -n polaris $(kubectl get pod -n polaris -l app.kubernetes.io/name=polaris -o jsonpath='{.items[0].metadata.name}') -- env) -export QUARKUS_DATASOURCE_USERNAME=$(echo "$container_envs" | grep quarkus.datasource.username | awk -F '=' '{print $2}' | tr -d '\n\r') -export QUARKUS_DATASOURCE_PASSWORD=$(echo "$container_envs" | grep quarkus.datasource.password | awk -F '=' '{print $2}' | tr -d '\n\r') -export QUARKUS_DATASOURCE_JDBC_URL=$(echo "$container_envs" | grep quarkus.datasource.jdbc.url | sed 's/postgres/localhost/2' | awk -F '=' '{print $2}' | tr -d '\n\r') - -java -jar runtime/admin/build/quarkus-app/quarkus-run.jar bootstrap -c POLARIS,root,pass -r POLARIS -``` - -### Using the Gateway API (Advanced) -You may want to use the [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) for more advanced network routing. In most cases this would already be installed by your cluster admins. The following is an example set of commands to run to install the gateway: -```bash -# ref: https://gateway-api.sigs.k8s.io/guides/getting-started/#install-standard-channel -kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml -``` +### Deployment -With that installed, you can enable and configure the `gateway` values. This will make it possible to use the HTTPRoute resource, enable and configure the `httproute` values. - -{{< alert note >}} -Only one of HTTPRoute or Ingress can be defined. Defining both will result in errors. -{{< /alert >}} - -### Uninstalling - -```bash -helm uninstall --namespace polaris polaris - -kubectl delete --namespace polaris -f helm/polaris/ci/fixtures/ - -kubectl delete namespace polaris -``` - -## Development & Testing - -This section is intended for developers who want to run the Polaris Helm chart tests. - -### Prerequisites - -The following tools are required to run the tests: - -* [Helm Unit Test](https://github.com/helm-unittest/helm-unittest) -* [Helm JSON Schema](https://github.com/losisin/helm-values-schema-json) -* [Chart Testing](https://github.com/helm/chart-testing) -* [yamllint](https://github.com/adrienverge/yamllint) +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| replicaCount | int | `1` | The number of replicas to deploy (horizontal scaling). Beware that replicas are stateless; don't set this number > 1 when using in-memory meta store manager. | +| revisionHistoryLimit | string | `nil` | The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). | -Quick installation instructions for these tools: -```bash -make helm-install-plugins -brew install chart-testing -brew install yamllint -``` +### Image -The integration tests also require some fixtures to be deployed. The `ci/fixtures` directory -contains the required resources. To deploy them, run the following command: -```bash -kubectl apply --namespace polaris -f helm/polaris/ci/fixtures/ -kubectl wait --namespace polaris --for=condition=ready pod --selector=app.kubernetes.io/name=postgres --timeout=120s -``` +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"apache/polaris"` | The image repository to pull from. | +| image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | +| image.tag | string | `"latest"` | The image tag. | +| image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file, and other configuration files, if any, should be mounted. | +| imagePullSecrets | list | `[]` | References to secrets in the same namespace to use for pulling any of the images used by this chart. Each entry is a string referring to an existing secret in the namespace. The secret must contain a .dockerconfigjson key with a base64-encoded Docker configuration file. See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ for more information. | -The `helm/polaris/ci` directory contains a number of values files that will be used to install the chart with -different configurations. +### Service Account -### Running the unit tests +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | -Helm unit tests do not require a Kubernetes cluster. To run the unit tests, execute Helm Unit from -the Polaris repo root: -```bash -helm unittest helm/polaris -``` +### Pod Configuration -You can also lint the chart using the Chart Testing tool, with the following command: +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| podAnnotations | object | `{}` | Annotations to apply to polaris pods. | +| podLabels | object | `{}` | Additional Labels to apply to polaris pods. | +| configMapLabels | object | `{}` | Additional Labels to apply to polaris configmap. | +| podDisruptionBudget.enabled | bool | `false` | Specifies whether a pod disruption budget should be created. | +| podDisruptionBudget.minAvailable | int | `0` | The minimum number of pods that should remain available during disruptions. Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). IMPORTANT: Cannot be used simultaneously with maxUnavailable. | +| podDisruptionBudget.maxUnavailable | int | `0` | The maximum number of pods that can be unavailable during disruptions. Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). IMPORTANT: Cannot be used simultaneously with minAvailable. | +| podDisruptionBudget.annotations | object | `{}` | Annotations to add to the pod disruption budget. | +| podSecurityContext | object | `{"fsGroup":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the polaris pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the polaris container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | -```bash -ct lint --charts helm/polaris -``` +### Service -### Running the integration tests +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| service.type | string | `"ClusterIP"` | The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. The default value is ClusterIP. | +| service.ports[0].name | string | `"polaris-http"` | The name of the port. Required. | +| service.ports[0].port | int | `8181` | The port the service listens on. By default, the HTTP port is 8181. | +| service.ports[0].targetPort | int | `0` | Number of the port to access on the pods targeted by the service. If this is not specified or zero, the value of the 'port' field is used. | +| service.ports[0].nodePort | int | `0` | The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. | +| service.ports[0].protocol | string | `"TCP"` | The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. | +| service.sessionAffinity | string | `"None"` | The session affinity for the service. Valid values are: None, ClientIP. The default value is None. ClientIP enables sticky sessions based on the client's IP address. This is generally beneficial to Polaris deployments, but some testing may be required in order to make sure that the load is distributed evenly among the pods. Also, this setting affects only internal clients, not external ones. If Ingress is enabled, it is recommended to set sessionAffinity to None. | +| service.clusterIP | string | `""` | You can specify your own cluster IP address If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is called a headless service. See https://kubernetes.io/docs/concepts/services-networking/service/#headless-services | +| service.internalTrafficPolicy | string | `"Cluster"` | Controls how traffic from internal sources is routed. Valid values are Cluster and Local. The default value is Cluster. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy. | +| service.externalTrafficPolicy | string | `"Cluster"` | Controls how traffic from external sources is routed. Valid values are Cluster and Local. The default value is Cluster. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy. | +| service.trafficDistribution | string | `nil` | The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences such as routing to topologically closer endpoints. The only valid value is: PreferClose. The default value is implementation-specific. | +| service.annotations | object | `{}` | Annotations to add to the service. | -Integration tests require a Kubernetes cluster. See installation instructions above for setting up -a local cluster. +### Management Service -Integration tests are run with the Chart Testing tool: -```bash -ct install --namespace polaris --charts ./helm/polaris -``` +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| managementService.type | string | `"ClusterIP"` | The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. The default value is ClusterIP. | +| managementService.ports[0].name | string | `"polaris-mgmt"` | The name of the management port. Required. | +| managementService.ports[0].port | int | `8182` | The port the management service listens on. By default, the management interface is exposed on HTTP port 8182. | +| managementService.ports[0].targetPort | int | `0` | Number of the port to access on the pods targeted by the service. If this is not specified or zero, the value of the 'port' field is used. | +| managementService.ports[0].nodePort | int | `0` | The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. | +| managementService.ports[0].protocol | string | `"TCP"` | The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. | +| managementService.clusterIP | string | `"None"` | By default, the management service is headless, i.e. it does not have a cluster IP. This is generally the right option for exposing health checks and metrics, e.g. for metrics scraping and service monitoring. | +| managementService.sessionAffinity | string | `"None"` | The session affinity for the service. | +| managementService.internalTrafficPolicy | string | `"Cluster"` | Controls how traffic from internal sources is routed. | +| managementService.externalTrafficPolicy | string | `"Cluster"` | Controls how traffic from external sources is routed. | +| managementService.trafficDistribution | string | `nil` | The traffic distribution field. | +| managementService.annotations | object | `{}` | Annotations to add to the service. | -## Values +### Extra Services | Key | Type | Default | Description | |-----|------|---------|-------------| -| advancedConfig | object | `{}` | Advanced configuration. You can pass here any valid Polaris or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below). Note: values should be strings; avoid using numbers, booleans, or other types. | -| affinity | object | `{}` | Affinity and anti-affinity for polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. | -| authentication | object | `{"authenticator":{"type":"default"},"realmOverrides":{},"tokenBroker":{"maxTokenGeneration":"PT1H","secret":{"name":"","privateKey":"private.pem","publicKey":"public.pem","rsaKeyPair":{"privateKey":"private.pem","publicKey":"public.pem"},"secretKey":"symmetric.pem","symmetricKey":{"secretKey":"symmetric.key"}},"type":"rsa-key-pair"},"tokenService":{"type":"default"},"type":"internal"}` | Polaris authentication configuration. | -| authentication.authenticator | object | `{"type":"default"}` | The `Authenticator` implementation to use. Only one built-in type is supported: default. | -| authentication.authenticator.type | string | `"default"` | The type of authenticator to use. | -| authentication.realmOverrides | object | `{}` | Authentication configuration overrides per realm. | -| authentication.tokenBroker | object | `{"maxTokenGeneration":"PT1H","secret":{"name":"","privateKey":"private.pem","publicKey":"public.pem","rsaKeyPair":{"privateKey":"private.pem","publicKey":"public.pem"},"secretKey":"symmetric.pem","symmetricKey":{"secretKey":"symmetric.key"}},"type":"rsa-key-pair"}` | The `TokenBroker` implementation to use. Two built-in types are supported: rsa-key-pair and symmetric-key. Only relevant when using internal (or mixed) authentication. When using external authentication, the token broker is not used. | -| authentication.tokenBroker.maxTokenGeneration | string | `"PT1H"` | Maximum token generation duration (e.g., PT1H for 1 hour). | -| authentication.tokenBroker.secret | object | `{"name":"","privateKey":"private.pem","publicKey":"public.pem","rsaKeyPair":{"privateKey":"private.pem","publicKey":"public.pem"},"secretKey":"symmetric.pem","symmetricKey":{"secretKey":"symmetric.key"}}` | The secret name to pull the public and private keys, or the symmetric key secret from. | -| authentication.tokenBroker.secret.name | string | `""` | The name of the secret to pull the keys from. If not provided, a key pair will be generated. This is not recommended for production. | -| authentication.tokenBroker.secret.privateKey | string | `"private.pem"` | DEPRECATED: Use `authentication.tokenBroker.secret.rsaKeyPair.privateKey` instead. Key name inside the secret for the private key | -| authentication.tokenBroker.secret.publicKey | string | `"public.pem"` | DEPRECATED: Use `authentication.tokenBroker.secret.rsaKeyPair.publicKey` instead. Key name inside the secret for the public key | -| authentication.tokenBroker.secret.rsaKeyPair | object | `{"privateKey":"private.pem","publicKey":"public.pem"}` | Optional: configuration specific to RSA key pair secret. | -| authentication.tokenBroker.secret.rsaKeyPair.privateKey | string | `"private.pem"` | Key name inside the secret for the private key | -| authentication.tokenBroker.secret.rsaKeyPair.publicKey | string | `"public.pem"` | Key name inside the secret for the public key | -| authentication.tokenBroker.secret.secretKey | string | `"symmetric.pem"` | DEPRECATED: Use `authentication.tokenBroker.secret.symmetricKey.secretKey` instead. Key name inside the secret for the symmetric key | -| authentication.tokenBroker.secret.symmetricKey | object | `{"secretKey":"symmetric.key"}` | Optional: configuration specific to symmetric key secret. | -| authentication.tokenBroker.secret.symmetricKey.secretKey | string | `"symmetric.key"` | Key name inside the secret for the symmetric key | -| authentication.tokenBroker.type | string | `"rsa-key-pair"` | The type of token broker to use. | -| authentication.tokenService | object | `{"type":"default"}` | The token service (`IcebergRestOAuth2ApiService`) implementation to use. Two built-in types are supported: default and disabled. Only relevant when using internal (or mixed) authentication. When using external authentication, the token service is always disabled. | -| authentication.tokenService.type | string | `"default"` | The type of token service to use. | -| authentication.type | string | `"internal"` | The type of authentication to use. Three built-in types are supported: internal, external, and mixed. | -| autoscaling.enabled | bool | `false` | Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using in-memory version store type. | -| autoscaling.maxReplicas | int | `3` | The maximum number of replicas to maintain. | -| autoscaling.minReplicas | int | `1` | The minimum number of replicas to maintain. | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Optional; set to zero or empty to disable. | -| autoscaling.targetMemoryUtilizationPercentage | int | `0` | Optional; set to zero or empty to disable. | -| configMapLabels | object | `{}` | Additional Labels to apply to polaris configmap. | -| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the polaris container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | -| containerSecurityContext.runAsUser | int | `10000` | UID 10000 is compatible with Polaris OSS default images; change this if you are using a different image. | -| cors | object | `{"accessControlAllowCredentials":null,"accessControlMaxAge":"","allowedHeaders":[],"allowedMethods":[],"allowedOrigins":[],"exposedHeaders":[]}` | Polaris CORS configuration. | -| cors.accessControlAllowCredentials | string | `nil` | The `Access-Control-Allow-Credentials` response header. The value of this header will default to `true` if `allowedOrigins` property is set and there is a match with the precise `Origin` header. | -| cors.accessControlMaxAge | string | `""` | The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached. Must be a valid duration. | -| cors.allowedHeaders | list | `[]` | HTTP headers allowed for CORS, ex: X-Custom, Content-Disposition. If this is not set or empty, all requested headers are considered allowed. | -| cors.allowedMethods | list | `[]` | HTTP methods allowed for CORS, ex: GET, PUT, POST. If this is not set or empty, all requested methods are considered allowed. | -| cors.allowedOrigins | list | `[]` | Origins allowed for CORS, e.g. http://polaris.apache.org, http://localhost:8181. In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression. | -| cors.exposedHeaders | list | `[]` | HTTP headers exposed to the client, ex: X-Custom, Content-Disposition. The default is an empty list. | -| extraEnv | list | `[]` | Advanced configuration via Environment Variables. Extra environment variables to add to the Polaris server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps. | -| extraInitContainers | list | `[]` | Add additional init containers to the polaris pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. | -| extraServices | list | `[{"annotations":{},"clusterIP":"","externalTrafficPolicy":"Cluster","internalTrafficPolicy":"Cluster","nameSuffix":"","ports":[{"name":"polaris-extra","nodePort":0,"port":8183,"protocol":"TCP","targetPort":0}],"sessionAffinity":"None","trafficDistribution":null,"type":"LoadBalancer"}]` | Additional service definitions. All service definitions always select all Polaris pods. Use this if you need to expose specific ports with different configurations, e.g. expose polaris-http with an alternate LoadBalancer service instead of ClusterIP. | -| extraServices[0].annotations | object | `{}` | Annotations to add to the extra service. | -| extraServices[0].clusterIP | string | `""` | The cluster IP for the extra service. | -| extraServices[0].externalTrafficPolicy | string | `"Cluster"` | Controls how traffic from external sources is routed. | -| extraServices[0].internalTrafficPolicy | string | `"Cluster"` | Controls how traffic from internal sources is routed. | | extraServices[0].nameSuffix | string | `""` | The suffix to append to the service name. Required. It must be unique. If it does not start with a hyphen, a hyphen will be inserted between the base service name and the suffix. | -| extraServices[0].ports | list | `[{"name":"polaris-extra","nodePort":0,"port":8183,"protocol":"TCP","targetPort":0}]` | The ports the extra service will listen on. | +| extraServices[0].type | string | `"LoadBalancer"` | The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. | | extraServices[0].ports[0].name | string | `"polaris-extra"` | The name of the port. Required. | -| extraServices[0].ports[0].nodePort | int | `0` | The port on each node on which this extra service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. | | extraServices[0].ports[0].port | int | `8183` | The port the extra service listens on. | -| extraServices[0].ports[0].protocol | string | `"TCP"` | The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. | | extraServices[0].ports[0].targetPort | int | `0` | Number of the port to access on the pods targeted by the service. If this is not specified or zero, the value of the 'port' field is used. | +| extraServices[0].ports[0].nodePort | int | `0` | The port on each node on which this extra service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. | +| extraServices[0].ports[0].protocol | string | `"TCP"` | The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. | +| extraServices[0].clusterIP | string | `""` | The cluster IP for the extra service. | | extraServices[0].sessionAffinity | string | `"None"` | The session affinity for the extra service. Valid values are: None, ClientIP. The default value is None. | +| extraServices[0].internalTrafficPolicy | string | `"Cluster"` | Controls how traffic from internal sources is routed. | +| extraServices[0].externalTrafficPolicy | string | `"Cluster"` | Controls how traffic from external sources is routed. | | extraServices[0].trafficDistribution | string | `nil` | The traffic distribution field. | -| extraServices[0].type | string | `"LoadBalancer"` | The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. | -| extraVolumeMounts | list | `[]` | Extra volume mounts to add to the polaris container. See https://kubernetes.io/docs/concepts/storage/volumes/. | -| extraVolumes | list | `[]` | Extra volumes to add to the polaris pod. See https://kubernetes.io/docs/concepts/storage/volumes/. | -| features | object | `{"realmOverrides":{}}` | Polaris features configuration. | -| features.realmOverrides | object | `{}` | Features to enable or disable per realm. This field is a map of maps. The realm name is the key, and the value is a map of feature names to values. If a feature is not present in the map, the default value from the 'defaults' field is used. | -| fileIo | object | `{"type":"default"}` | Polaris FileIO configuration. | -| fileIo.type | string | `"default"` | The type of file IO to use. Two built-in types are supported: default and wasb. The wasb one translates WASB paths to ABFS ones. | -| gateway.addresses | list | `[]` | Optional addresses to request for the Gateway. | +| extraServices[0].annotations | object | `{}` | Annotations to add to the extra service. | + +### Ingress + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ingress.className | string | `""` | Specifies the ingressClassName; leave empty if you don't want to customize it. | +| ingress.enabled | bool | `false` | Specifies whether an ingress should be created. | +| ingress.annotations | object | `{}` | Annotations to add to the ingress. | +| ingress.hosts[0].host | string | `"chart-example.local"` | The host name. Required. | +| ingress.hosts[0].paths[0].path | string | `"/"` | The path to match. | +| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | The type of path. Valid values are: Exact, Prefix, and ImplementationSpecific. | +| ingress.tls[0].secretName | string | `""` | The name of the TLS secret to use to terminate TLS traffic on port 443. Required. | +| ingress.tls[0].hosts | list | `["chart-example1.local","chart-example2.local"]` | A list of hosts in the certificate. | + +### Gateway + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| gateway.enabled | bool | `false` | Specifies whether a Gateway should be created. | | gateway.annotations | object | `{}` | Annotations to add to the Gateway. | | gateway.className | string | `""` | The name of the GatewayClass to use. | -| gateway.enabled | bool | `false` | Specifies whether a Gateway should be created. | -| gateway.listeners | list | `[{"allowedRoutes":{},"hostname":"","name":"http","port":80,"protocol":"HTTP"}]` | Gateway listeners configuration. | -| gateway.listeners[0].allowedRoutes | object | `{}` | AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. | -| gateway.listeners[0].hostname | string | `""` | Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. | | gateway.listeners[0].name | string | `"http"` | The name of the listener. Required. | -| gateway.listeners[0].port | int | `80` | The port number to use for the listener. | | gateway.listeners[0].protocol | string | `"HTTP"` | Protocol specifies the network protocol this listener expects to receive. | -| httproute.annotations | object | `{}` | Annotations to add to the HTTPRoute. | +| gateway.listeners[0].port | int | `80` | The port number to use for the listener. | +| gateway.listeners[0].hostname | string | `""` | Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. | +| gateway.listeners[0].allowedRoutes | object | `{}` | AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. | +| gateway.addresses | list | `[]` | Optional addresses to request for the Gateway. | + +### HTTPRoute + +| Key | Type | Default | Description | +|-----|------|---------|-------------| | httproute.enabled | bool | `false` | Specifies whether an HTTPRoute should be created. | +| httproute.annotations | object | `{}` | Annotations to add to the HTTPRoute. | | httproute.gatewayName | string | `""` | Name of the Gateway resource to attach to. Required. | | httproute.gatewayNamespace | string | `"default"` | Namespace where the Gateway is deployed. Required. | -| httproute.hosts | list | `["chart-example.local"]` | A list of hostnames that the HTTPRoute should match. | | httproute.sectionName | string | `""` | Section name within the gateway to use (optional). | -| image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file, and other configuration files, if any, should be mounted. | -| image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | -| image.repository | string | `"apache/polaris"` | The image repository to pull from. | -| image.tag | string | `"latest"` | The image tag. | -| imagePullSecrets | list | `[]` | References to secrets in the same namespace to use for pulling any of the images used by this chart. Each entry is a string referring to an existing secret in the namespace. The secret must contain a .dockerconfigjson key with a base64-encoded Docker configuration file. See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ for more information. | -| ingress.annotations | object | `{}` | Annotations to add to the ingress. | -| ingress.className | string | `""` | Specifies the ingressClassName; leave empty if you don't want to customize it. | -| ingress.enabled | bool | `false` | Specifies whether an ingress should be created. | -| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}]` | A list of host paths used to configure the ingress. | -| ingress.hosts[0].host | string | `"chart-example.local"` | The host name. Required. | -| ingress.hosts[0].paths | list | `[{"path":"/","pathType":"Prefix"}]` | A list of paths used to configure the ingress. | -| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | The type of path. Valid values are: Exact, Prefix, and ImplementationSpecific. | -| ingress.tls | list | `[{"hosts":["chart-example1.local","chart-example2.local"],"secretName":""}]` | A list of TLS certificates; each entry has a list of hosts in the certificate, along with the secret name used to terminate TLS traffic on port 443. | -| ingress.tls[0].hosts | list | `["chart-example1.local","chart-example2.local"]` | A list of hosts in the certificate. | -| ingress.tls[0].secretName | string | `""` | The name of the TLS secret. Required. | -| livenessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"terminationGracePeriodSeconds":30,"timeoutSeconds":10}` | Configures the liveness probe for polaris pods. | -| livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | +| httproute.hosts | list | `["chart-example.local"]` | A list of hostnames that the HTTPRoute should match. | + +### Resources and Autoscaling + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| resources | object | `{}` | Configures the resources requests and limits for polaris pods. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. | +| autoscaling.enabled | bool | `false` | Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using in-memory version store type. | +| autoscaling.minReplicas | int | `1` | The minimum number of replicas to maintain. | +| autoscaling.maxReplicas | int | `3` | The maximum number of replicas to maintain. | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Optional; set to zero or empty to disable. | +| autoscaling.targetMemoryUtilizationPercentage | int | `0` | Optional; set to zero or empty to disable. | + +### Scheduling + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| priorityClassName | string | `""` | Priority class name for polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority | +| nodeSelector | object | `{}` | Node labels which must match for the polaris pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. | +| tolerations | list | `[]` | A list of tolerations to apply to polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/. | +| affinity | object | `{}` | Affinity and anti-affinity for polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. | +| topologySpreadConstraints | list | `[]` | Topology spread constraints for polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#topologyspreadconstraints-field. | + +### Probes + +| Key | Type | Default | Description | +|-----|------|---------|-------------| | livenessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0. | | livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. Minimum value is 1. | | livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | -| livenessProbe.terminationGracePeriodSeconds | int | `30` | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. | +| livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | | livenessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | -| logging | object | `{"categories":{"org.apache.iceberg.rest":"INFO","org.apache.polaris":"INFO"},"console":{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"threshold":"ALL"},"file":{"enabled":false,"fileName":"polaris.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"},"level":"INFO","mdc":{},"requestIdHeaderName":"X-Request-ID"}` | Logging configuration. | -| logging.categories | object | `{"org.apache.iceberg.rest":"INFO","org.apache.polaris":"INFO"}` | Configuration for specific log categories. Keys are category names (e.g., org.apache.polaris), values are log levels. | -| logging.console | object | `{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"threshold":"ALL"}` | Configuration for the console appender. | +| livenessProbe.terminationGracePeriodSeconds | int | `30` | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. | +| readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0. | +| readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. Minimum value is 1. | +| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | +| readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | +| readinessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | + +### Advanced Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| advancedConfig | object | `{}` | Advanced configuration. You can pass here any valid Polaris or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below). Note: values should be strings; avoid using numbers, booleans, or other types. | +| extraEnv | list | `[]` | Advanced configuration via Environment Variables. Extra environment variables to add to the Polaris server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps. | +| extraVolumes | list | `[]` | Extra volumes to add to the polaris pod. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| extraVolumeMounts | list | `[]` | Extra volume mounts to add to the polaris container. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| extraInitContainers | list | `[]` | Add additional init containers to the polaris pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. | + +### Observability + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| tracing.enabled | bool | `false` | Specifies whether tracing for the polaris server should be enabled. | +| tracing.endpoint | string | `"http://otlp-collector:4317"` | The collector endpoint URL to connect to (required). The endpoint URL must have either the http:// or the https:// scheme. The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). See https://quarkus.io/guides/opentelemetry for more information. | +| tracing.sample | string | `"1.0d"` | Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and "1.0d" (inclusive). E.g. "0.5d" means that 50% of the requests will be sampled. Note: avoid entering numbers here, always prefer a string representation of the ratio. | +| tracing.attributes | object | `{}` | Resource attributes to identify the polaris service among other tracing sources. See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. If left empty, traces will be attached to a service named "Apache Polaris"; to change this, provide a service.name attribute here. | +| metrics.enabled | bool | `true` | Specifies whether metrics for the polaris server should be enabled. | +| metrics.tags | object | `{}` | Additional tags (dimensional labels) to add to the metrics. | +| serviceMonitor.enabled | bool | `true` | Specifies whether a ServiceMonitor for Prometheus operator should be created. | +| serviceMonitor.interval | string | `""` | The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. | +| serviceMonitor.labels | object | `{}` | Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. | +| serviceMonitor.metricRelabelings | list | `[]` | Relabeling rules to apply to metrics. Ref https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config. | + +### Logging + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| logging.level | string | `"INFO"` | The log level of the root category, which is used as the default log level for all categories. | +| logging.requestIdHeaderName | string | `"X-Request-ID"` | The header name to use for the request ID. | | logging.console.enabled | bool | `true` | Whether to enable the console appender. | -| logging.console.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | -| logging.console.json | bool | `false` | Whether to log in JSON format. | | logging.console.threshold | string | `"ALL"` | The log level of the console appender. | -| logging.file | object | `{"enabled":false,"fileName":"polaris.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"}` | Configuration for the file appender. | +| logging.console.json | bool | `false` | Whether to log in JSON format. | +| logging.console.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | | logging.file.enabled | bool | `false` | Whether to enable the file appender. | -| logging.file.fileName | string | `"polaris.log"` | The log file name. | -| logging.file.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | +| logging.file.threshold | string | `"ALL"` | The log level of the file appender. | | logging.file.json | bool | `false` | Whether to log in JSON format. | +| logging.file.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | | logging.file.logsDir | string | `"/deployments/logs"` | The local directory where log files are stored. The persistent volume claim will be mounted here. | -| logging.file.rotation | object | `{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"}` | Log rotation configuration. | -| logging.file.rotation.fileSuffix | string | `nil` | An optional suffix to append to the rotated log files. If present, the rotated log files will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. The suffix must be in a date-time format that is understood by DateTimeFormatter. If the suffix ends with .gz or .zip, the rotated files will also be compressed using the corresponding algorithm. | -| logging.file.rotation.maxBackupIndex | int | `5` | The maximum number of backup files to keep. | +| logging.file.fileName | string | `"polaris.log"` | The log file name. | | logging.file.rotation.maxFileSize | string | `"100Mi"` | The maximum size of the log file before it is rotated. Should be expressed as a Kubernetes quantity. | -| logging.file.storage | object | `{"className":"standard","selectorLabels":{},"size":"512Gi"}` | The log storage configuration. A persistent volume claim will be created using these settings. | +| logging.file.rotation.maxBackupIndex | int | `5` | The maximum number of backup files to keep. | +| logging.file.rotation.fileSuffix | string | `nil` | An optional suffix to append to the rotated log files. If present, the rotated log files will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. The suffix must be in a date-time format that is understood by DateTimeFormatter. If the suffix ends with .gz or .zip, the rotated files will also be compressed using the corresponding algorithm. | | logging.file.storage.className | string | `"standard"` | The storage class name of the persistent volume claim to create. | -| logging.file.storage.selectorLabels | object | `{}` | Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. | | logging.file.storage.size | string | `"512Gi"` | The size of the persistent volume claim to create. | -| logging.file.threshold | string | `"ALL"` | The log level of the file appender. | -| logging.level | string | `"INFO"` | The log level of the root category, which is used as the default log level for all categories. | +| logging.file.storage.selectorLabels | object | `{}` | Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. | +| logging.categories | object | `{}` | Configuration for specific log categories. Keys are category names (e.g., org.apache.polaris), values are log levels. | | logging.mdc | object | `{}` | Configuration for MDC (Mapped Diagnostic Context). Values specified here will be added to the log context of all incoming requests and can be used in log patterns. | -| logging.requestIdHeaderName | string | `"X-Request-ID"` | The header name to use for the request ID. | -| managementService | object | `{"annotations":{},"clusterIP":"None","externalTrafficPolicy":"Cluster","internalTrafficPolicy":"Cluster","ports":[{"name":"polaris-mgmt","nodePort":0,"port":8182,"protocol":"TCP","targetPort":0}],"sessionAffinity":"None","trafficDistribution":null,"type":"ClusterIP"}` | Management service settings. These settings are used to configure liveness and readiness probes, and to configure the dedicated headless service that will expose health checks and metrics, e.g. for metrics scraping and service monitoring. | -| managementService.annotations | object | `{}` | Annotations to add to the service. | -| managementService.clusterIP | string | `"None"` | By default, the management service is headless, i.e. it does not have a cluster IP. This is generally the right option for exposing health checks and metrics, e.g. for metrics scraping and service monitoring. | -| managementService.externalTrafficPolicy | string | `"Cluster"` | Controls how traffic from external sources is routed. | -| managementService.internalTrafficPolicy | string | `"Cluster"` | Controls how traffic from internal sources is routed. | -| managementService.ports | list | `[{"name":"polaris-mgmt","nodePort":0,"port":8182,"protocol":"TCP","targetPort":0}]` | The ports the management service will listen on. At least one port is required; the first port implicitly becomes the HTTP port that the application will use for serving management requests. By default, it's 8182. Note: port names must be unique and no more than 15 characters long. | -| managementService.ports[0].name | string | `"polaris-mgmt"` | The name of the management port. Required. | -| managementService.ports[0].nodePort | int | `0` | The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. | -| managementService.ports[0].port | int | `8182` | The port the management service listens on. By default, the management interface is exposed on HTTP port 8182. | -| managementService.ports[0].protocol | string | `"TCP"` | The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. | -| managementService.ports[0].targetPort | int | `0` | Number of the port to access on the pods targeted by the service. If this is not specified or zero, the value of the 'port' field is used. | -| managementService.sessionAffinity | string | `"None"` | The session affinity for the service. | -| managementService.trafficDistribution | string | `nil` | The traffic distribution field. | -| managementService.type | string | `"ClusterIP"` | The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. The default value is ClusterIP. | -| metrics.enabled | bool | `true` | Specifies whether metrics for the polaris server should be enabled. | -| metrics.tags | object | `{}` | Additional tags (dimensional labels) to add to the metrics. | -| nodeSelector | object | `{}` | Node labels which must match for the polaris pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. | -| oidc | object | `{"authServeUrl":"","client":{"id":"polaris","secret":{"key":"clientSecret","name":""}},"principalMapper":{"idClaimPath":"","nameClaimPath":"","type":"default"},"principalRolesMapper":{"filter":"","mappings":[],"rolesClaimPath":"","type":"default"}}` | Polaris OIDC configuration. Only relevant when at least one realm is configured for external (or mixed) authentication. The currently supported configuration is for a single, default OIDC tenant. For more complex scenarios, including OIDC multi-tenancy, you will need to provide the relevant configuration using the `advancedConfig` section. | + +### Realm Context + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| realmContext.type | string | `"default"` | The type of realm context resolver to use. Two built-in types are supported: default and test; test is not recommended for production as it does not perform any realm validation. | +| realmContext.realms | list | `["POLARIS"]` | List of valid realms, for use with the default realm context resolver. The first realm in the list is the default realm. Realms not in this list will be rejected. | + +### Features Review Comment: @MonkeyCanCode I came up with a different approach: I switched to HTML rendering for the docs, which allows me to easily include examples in the documentation. There is one drawback though: the examples need to be written in HTML and they appear as (garbled) HTML content inside the JSON schema file. Let me know what you think! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
