You are viewing the RapidMiner Hub documentation for version 9.10 - Check here for latest version
Kubernetes deployment with Helm
Following some internal experiments at RapidMiner, we have attempted to reduce the complexity of Kubernetes configuration by introducing Helm Charts, but the results are still not what you would call “plug and play”.
Nevertheless, in the interest of progress, knowing that some of our users are already experienced with Kubernetes, we have decided to release some skeletal documentation – “skeletal” in the sense that it is not complete, but perhaps adequate for experienced users who know how to fill in the gaps.
For a simpler, single-host deployment of RapidMiner AI Hub, see Docker-compose deployment or the cloud images.
For RapidMiner AI Hub 9.10, our Docker Images have been improved to meet the latest security guidelines, including those of OpenShift and Rootless Docker. We tested our example configuration with the following Kubernetes services:
To deploy RapidMiner AI Hub with Kubernetes / Helm:
- [Download] the Helm Chart, and follow instructions.
Version 9.10.3 (and later) of the Helm chart addresses the vulnerabilities in Apache log4j described by CVE-2021-44228 and CVE-2021-45046, commonly referred to as Log4Shell.
Table of contents
Before you begin
To deploy the Helm chart, you need basic Kubernetes infrastructure. This documentation will not explain Kubernetes infrastructure setup. The links below are intended as hints for getting started.
Create Kubernetes infrastructure.
As part of your Kubernetes setup, create NFS storage with a root folder:
- (Amazon) Amazon Elastic File System
- (Amazon) Creating an NFS file share
whose name we recommend you set to
<NAMESPACE-PLACEHOLDER>
, the same as your namespace, so that you can support multiple deployments on the same cluster, with the same NFS storage -- seeproductNS
andnfsPath
in values.yaml. To enable non-root container users to read and write files in this folder that is dedicated to your RapidMiner stack, set the following permissions:chown -R 2011.root <NAMESPACE-PLACEHOLDER> chmod g+w <NAMESPACE-PLACEHOLDER>
Create a namespace, also with name
<NAMESPACE-PLACEHOLDER>
.- (Kubernetes) Namespaces
- (Amazon) Multi-tenant design considerations for Amazon EKS clusters
- (Amazon) Tenant Isolation
Have your server certificate ready. Alternatively, use the built-in Let's Encrypt.
Introduction to Helm
Helm is a package manager for Kubernetes. A Helm Chart bundles the Kubernetes YAML files as templates, which you then configure via the file values.yaml. The details of this configuration depend on the details of your Kubernetes deployment. You and I may share the same templates, but our configurations (values.yaml) will differ. A typical Chart is a folder resembling the following:
mychart/
Chart.yaml
values.yaml
charts/
templates/
- Chart.yaml
- The Chart.yaml file contains a description of the chart. You can access it from within a template.
- values.yaml
- The file that defines your configuration, it contains the default values for a chart. These values may be overridden during
helm install
orhelm upgrade
. - charts/
- The charts/ directory may contain other charts, called subcharts.
- templates/
- This folder contains the Kubernetes YAML files, as templates. When Helm evaluates a chart, it will send all of the files in the templates/ directory through the template rendering engine. It then collects the results of those templates and sends them on to Kubernetes. The placeholders in the YAML files are defined by values.yaml.
Read more:
Introductory videos:
- What is Helm in Kubernetes? Helm and Helm Charts explained (TechWorld with Nana)
- What is Helm? (IBM Cloud)
- Introduction to Helm | Kubernetes Tutorial | Beginners Guide (That DevOps Guy)
Instructions
To simplify the configuration of the Kubernetes YAML files, we use Helm, the package manager for Kubernetes.
Make sure that your Kubernetes infrastructure is in place, including Helm.
Download the Helm archive, and extract values.yaml, renaming it to custom-values.yaml:
helm show values ./rapidminer-aihub-9.10.15-gen2.tgz > custom-values.yaml
Edit custom-values.yaml and define your configuration by setting the appropriate values.
Then apply the following command to the Kubernetes cluster:
helm upgrade -n <NAMESPACE-PLACEHOLDER> --install rapidminer-aihub --values custom-values.yaml ./rapidminer-aihub-9.10.15-gen2.tgz
Note that the value <NAMESPACE-PLACEHOLDER>
is the same as the one
you gave in custom-values.yaml for the key productNS
.
EBS volumes are sensitive to multi-attach errors during rolling updates. It is best to scale down all the deployments before the update.
The HELM configuration file (values.yaml)
common:
# This value is necessary only if you plan to use the certbot client in the letsencrypt container
domain: "<FQDN-PLACEHOLDER>"
# The public facing URL of your deployment
# If you need to obtain LetsEncrypt certificate first, please temporarly change the protocol to http://
public_url: "https://<FQDN-PLACEHOLDER>"
# The public facing URL of your deployment's Keycloak service
sso_public_url: "https://<FQDN-PLACEHOLDER>"
# The namespace of the deployment
productNS: "<NAMESPACE-PLACEHOLDER>"
# The docker image tag
mainVersion: "9.10.15-gen2"
# The docker image tag for Coding Environment Storage
cesVersion: "9.10.15-gen2"
# Docker registry prefix rapidminer/ references our public docker registry, but that can be changed to the fqdn of your internal registry
dockerURL: "rapidminer/"
# The TZ database name of the deployment's timezone, for example "America/New_York"
# See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
timeZone: "<TIMEZONE-PLACEHOLDER>"
# platform related Values, please choose one from:
# "OpenShift" : OpenShift related security and other infrastructure settings
# "EKS" : Amazon Elastic Kubernetes related security and other infrastructure settings
# 'AKS' : Azure Kubernetes related security and other infrastructure settings
# 'Other' : Other (like on-prem installations)
platform: "EKS"
# Platform Specifications
platformSpec:
openshift:
createRoute: True
# With the nodeSelectors you can instruct the kubernetes scheduer to start your pods on nodes having the provided labels.
# Any label of the worker nodes can be used, if there are no matching nodes, the pod will remain in Pending state
# nodeSelector:
# <NODE-LABEL-1-NAME-PLACEHOLDER>: "<NODE-LABEL-1-VALUE-PLACEHOLDER>"
# <NODE-LABEL-2-NAME-PLACEHOLDER>: "<NODE-LABEL-2-VALUE-PLACEHOLDER>"
nodeSelector: {}
# If not empthy, this image pull secret name will be referenced at the deployments
# creating the secret itself is out of scope of this chart, it shall be created manually
imagePullSecret: []
# The name of the kubernetes secret, which contains the RapidMiner License
# If empty, the default admin user can provide it on the webui
licenseSecret: ""
# the key of the license in the Kubernetes secret, default value is "SERVER_LICENSE"
licenSecretKey: "SERVER_LICENSE"
# This will be the initial user, which will have admin permission in the deployment.
initialUser: "admin"
# Initial password for the initial user
initialPass: "<ADMIN-PASS-PLACEHOLDER>"
# The built in OIDC server realm, this realm will be used by the components in the SSO communication (KeyCloak)
defaultSSORealm: "master"
# Default SSL requirement to access KeyCloak SSO
ssoSSL: "external"
# Default velero backup label is not activated\
# It requires the velero is installed and managed on the Kubernates cluster
velero:
restic: "false"
storage:
# To disable PVC creation set this to false
# (requires pre-provisioned PVCs)
createPVCs: "true"
# Default storageclass, for one POD (single mount)
defaultStorageClassRWO: "<STORAGECLASS-PLACEHOLDER_RWO>"
# Default storageclass, for serveral PODS (multiple mounts)
defaultStorageClassRWX: "<STORAGECLASS-PLACEHOLDER_RWX>"
proxy:
serviceName: "proxy-svc-pub"
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-proxy"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "proxy-config"
dataUploadLimit: "1024M"
dhparamPvcName: "rapidminer-dhparam-pvc"
# You can overwrite the defaultStorageClassRBX value for this component
# dhparamStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
dhparamStorageSize: "100M"
# You can overwrite the defaultStorageClassRWO value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "proxy-pvc"
storageSize: "10Gi"
debug: "false"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
letsEncrypt:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rm-letsencrypt-client"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "letsencrypt-client-config"
allowLetsEncrypt: "true"
certsHome: "/certificates/"
webMasterEmail: "<WEBMASTER-EMAIL-PLACEHOLDER>"
resources:
requests:
memory: "128M"
cpu: "0.2"
limits:
memory: "128M"
cpu: "0.2"
landingPage:
serviceName: "landing-page-svc-priv"
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-deployment-landing-page"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "landing-page-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "landing-page-uploaded-pvc"
storageSize: "100M"
ssoClientId: "urn:rapidminer:landing-page"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<LANDING-PAGE-OIDC-CLIENT-SECRET-PLACEHOLDER>"
debug: "false"
resources:
requests:
memory: "128M"
cpu: "0.2"
limits:
memory: "128M"
cpu: "0.5"
securityContext:
runAsUser: 33
runAsGroup: 33
fsGroup: 33
serverDB:
serviceName: "rapidminer-server-postgres-svc-priv"
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "postgres-10"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "rapidminer-server-postgres-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "rapidminer-server-postgres-pvc"
storageSize: "10Gi"
dbType: "pgsql"
dbName: "<SERVER-DB-NAME-PLACEHOLDER>"
dbUser: "<SERVER-DB-USER-PLACEHOLDER>"
dbPass: "<SERVER-DB-PASS-PLACEHOLDER>"
# Postgres initdb args
# The last parameter is the DB container mountPath
initdbArgs: "--encoding UTF8 --locale=C /var/lib/postgresql/data"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 26
runAsGroup: 0
fsGroup: 0
server:
serviceName: "rapidminer-server-svc-priv"
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-server"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "rapidminer-server-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "rapidminer-server-home-pvc"
storageSize: "500Gi"
activeMQServiceName: "rapidminer-server-amq-svc-priv"
activeMQUser: "<SERVER-AMQ-USER-NAME-PLACEHOLDER>"
activeMQPass: "<SERVER-AMQ-PASS-PLACEHOLDER>"
ssoClientId: "urn:rapidminer:server"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<SERVER-OIDC-CLIENT-SECRET-PLACEHOLDER>"
memLimit: "2048M"
platformAdminSyncDebug: "False"
legacyRESTBasicAuth: "false"
resources:
requests:
memory: "4G"
cpu: "2"
limits:
memory: "4G"
cpu: "2"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
jobagent:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-execution-jobagent"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "job-agents-config"
# You can overwrite the SC where JA store its config
# configStorageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
configStorageSize: "100Mi"
configPvcName: "ja-config-pvc"
# You can overwrite the SC where JA store its jobs' logs
# jobsLogsStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
jobsLogsStorageSize: 5Gi
jobLogsPvcName: "ja-job-logs-pvc"
# You can overwrite the SC where JA store its logs
# logsStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
logsStorageSize: 5Gi
logsPvcName: "ja-logs-pvc"
# You can overwrite the SC where JA store its extensions
# extensionStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
extensionStorageSize: 5Gi
extensionPvcName: "ja-extension-pvc"
# AiHub and JA authenticates using this shared secret, which shall be a random string in base64 encoded format
# echo $RANDOM | md5sum | head -c 20; echo | base64;
authSecret: "<SERVER-AMQ-SECRET-PLACEHOLDER>"
jobQueue: "DEFAULT"
containerCount: "1"
containerMemLimit: "2048"
containerJavaOpts: ""
javaOpts: "-Djobagent.container.jvmCustomProperties=Dlogging.level.com.rapidminer=INFO"
resources:
requests:
memory: "4G"
cpu: "2"
limits:
memory: "4G"
cpu: "2"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
keycloak:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "keycloak-svc-priv"
imageName: "rapidminer-keycloak"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "keycloak-config"
proxyAddrForward: "true"
resources:
requests:
memory: "1G"
cpu: "0.5"
limits:
memory: "1G"
cpu: "0.5"
securityContext:
runAsUser: 1000
runAsGroup: 0
fsGroup: 0
keycloakDB:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "keycloak-postgres-svc-priv"
imageName: "postgres-10"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "keycloak-postgres-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "keycloak-postgres-pvc"
storageSize: "10Gi"
vendor: "POSTGRES"
dbName: "<KEYCLOAK-DB-NAME-PLACEHOLDER>"
dbUser: "<KEYCLOAK-DB-USER-PLACEHOLDER>"
dbPass: "<KEYCLOAK-DB-PASS-PLACEHOLDER>"
# Postgres initdb args
# The last parameter is the DB container mountPath
initdbArgs: "--encoding UTF8 --locale=C /var/lib/postgresql/data"
dbSchema: "public"
useSSL: "false"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 26
runAsGroup: 0
fsGroup: 0
rmInit:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-deployment-init"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "rm-deployment-init-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "rm-deployment-init-pvc"
storageSize: "100M"
debug: "false"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
#runAsUser: 1000
#runAsGroup: 3000
fsGroup: 0
platformAdmin:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "platform-admin-webui-svc-priv"
imageName: "rapidminer-platform-admin-webui"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "platform-admin-webui-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "platform-admin-webui-uploaded-pvc"
storageSize: "10Gi"
# You can overwrite the defaultstorageClass value for this component
# rtsStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
rtsLicensePvcName: "rapidminer-rts-license"
rtsStorageSize: "100M"
proxyURLSuffix: "/platform-admin"
proxyRTSWebUISuffix: "/rts-admin"
ssoClientId: "urn:rapidminer:platform-admin"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<PLATFORM-ADMIN-OIDC-CLIENT-SECRET-PLACEHOLDER>"
disablePython: "false"
disableRTS: "false"
debug: "false"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
ces:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-coding-environment-storage"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "rapidminer-coding-environment-storage-config"
pythonPackageLink: "git+https://github.com/rapidminer/python-rapidminer.git@9.10.0.0"
pvcName: "coding-environment-storage"
pvcSubPath: "coding-shared"
storageSize: 250Gi
#sharedStorageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
ubuntuUid: "9999"
ubuntuGid: "9999"
debug: "False"
rapidMinerUser: "rapidminer"
resources:
requests:
memory: "256M"
cpu: "0.1"
limits:
memory: "5G"
cpu: "1"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
rts:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "rts-agent-svc-priv"
imageName: "rapidminer-execution-scoring"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "rts-agent-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWX>"
pvcName: "rts-deployment-pvc"
storageSize: "10Gi"
licensesPvcName: "rts-licenses-pvc"
proxyURLSuffix: "/rts"
waitForLicenses: "1"
basicAuth: "true"
rtsServerLicense: "false"
useJAExtVolume: "false"
resources:
requests:
memory: "1G"
cpu: "1"
limits:
memory: "4G"
cpu: "2"
securityContext:
runAsUser: 2011
runAsGroup: 0
fsGroup: 0
jupyterDB:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "rm-jupyterhub-db-svc"
imageName: "rapidminer-jupyterhub-postgres"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "jupyterhub-postgres-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "jupyterhub-postgres-pvc"
storageSize: "10Gi"
vendor: "POSTGRES"
dbName: "<JUPYTERHUB-DB-NAME-PLACEHOLDER>"
dbUser: "<JUPYTERHUB-DB-USER-PLACEHOLDER>"
dbPass: "<JUPYTERHUB-DB-PASS-PLACEHOLDER>"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 26
runAsGroup: 0
fsGroup: 0
jupyterHub:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
proxyServiceName: "jupyterhub-proxy-svc-priv"
proxyAPIServiceName: "jupyterhub-proxy-api-svc-priv"
serviceName: "jupyterhub-hub-svc-priv"
imageName: "rapidminer-jupyterhub-jupyterhub"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "jupyterhub-config"
createServiceAccount: "true"
initRBAC: "true"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
proxyURLSuffix: "/jupyter"
# Jupyterhub crypt key can be generated with the command: openssl rand -hex 32
cryptKey: "<JUPYTERHUB-CRYPT-KEY-PLACEHOLDER>"
debug: "False"
tokenDebug: "False"
proxyDebug: "False"
dbDebug: "False"
spawnerDebug: "False"
stackName: "default"
ssoClientId: "urn:rapidminer:jupyterhub"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<JUPYTERHUB-OIDC-CLIENT-SECRET-PLACEHOLDER>"
ssoUserNameKey: "preferred_username"
ssoResourceAccKey: "resource_access"
spawner: "kubespawner"
apiProtocol: "http"
k8sCMD: "/entrypoint.sh"
k8sArgs: "[]"
proxyPort: "8000"
apiPort: "8001"
appPort: "8081"
envVolumeName: "rm-coding-shared-vol"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "0.5"
securityContext:
runAsUser: 33
runAsGroup: 0
fsGroup: 0
jupyterNoteBook:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
imageName: "rapidminer-jupyter_notebook"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
memLimit: "2G"
cpuLimit: "100"
ssoUidKey: "X_NB_UID"
ssoGidKey: "X_NB_GID"
ssoCustomBindMountsKey: "X_NB_CUSTOM_BIND_MOUNTS"
customBindMounts: ""
storageAccessMode: "ReadWriteOnce"
storageSize: "5Gi"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
# For kubernetes environments imagePullAtStartup shall be false
imagePullAtStartup: "False"
# nodeSelector:
# key: "<NODE-LABEL-1-NAME-PLACEHOLDER>"
# value: "<NODE-LABEL-1-VALUE-PLACEHOLDER>"
nodeSelector: {}
grafanaProxy:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "grafana-proxy-svc-priv"
imageName: "rapidminer-grafana-proxy"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "grafana-proxy-config"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "1"
securityContext:
runAsUser: 1000
runAsGroup: 0
fsGroup: 0
grafanaAnonProxy:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "grafana-anonymous-proxy-svc-priv"
imageName: "rapidminer-grafana-proxy"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "grafana-anonymous-proxy-config"
resources:
requests:
memory: "256M"
cpu: "0.5"
limits:
memory: "256M"
cpu: "1"
securityContext:
runAsUser: 1000
runAsGroup: 0
fsGroup: 0
grafana:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "grafana-svc-priv"
imageName: "rapidminer-grafana"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "grafana-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "grafana-home-pvc"
storageSize: "10Gi"
proxyURLSuffix: "/grafana"
ssoClientId: "urn:rapidminer:grafana"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<GRAFANA-OIDC-CLIENT-SECRET-PLACEHOLDER>"
disableSanitizeHTML: "true"
resources:
requests:
memory: "256M"
cpu: "1"
limits:
memory: "2048M"
cpu: "2"
securityContext:
runAsUser: 472
runAsGroup: 472
fsGroup: 472
tokenTool:
# You can overwrite the Docker registry prefix rapidminer/ if you have on own repository, but that can be changed to the fqdn of your internal registry
# repoName: "<registry.example.com/> or <customedockerhubreponame/>"
serviceName: "token-tool-svc-priv"
imageName: "rapidminer-deployment-landing-page"
# You can overwrite the mainVersion value for this component
# version: "9.10.15-gen2"
configName: "token-tool-config"
# You can overwrite the defaultstorageClass value for this component
# storageClass: "<STORAGECLASS-PLACEHOLDER_RWO>"
pvcName: "token-tool-uploaded-pvc"
storageSize: "100M"
proxyURLSuffix: "/get-token"
ssoClientId: "urn:rapidminer:token-tool"
# keycloak client secrets can be generated with the uuidgen command from the uuid package or
# with using openssl library: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
ssoClientSecret: "<TOKEN-TOOL-OIDC-CLIENT-SECRET-PLACEHOLDER>"
ssoCustomScope: "openid offline_access"
customContent: "get-token"
debug: "false"
resources:
requests:
memory: "128M"
cpu: "0.2"
limits:
memory: "128M"
cpu: "0.5"
securityContext:
runAsUser: 33
runAsGroup: 33
fsGroup: 33