deploy/deepflow/values.yaml

# Default values for deepflow-server.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
  image:
    ## ghcr Image repository address: ghcr.io/deepflowys/deepflow-ce
    ## Dockerhub Image repository address: deepflowce
    ## AliyunYun Image repository address: registry.cn-beijing.aliyuncs.com/deepflow-ce
    repository: registry.cn-hongkong.aliyuncs.com/deepflow-ce
    pullPolicy: Always
    imagePullSecrets: []
  hostNetwork: false
  dnsPolicy: ClusterFirst
  password:
    mysql: deepflow
    #grafana: deepflow 
    clickhouse:
  podManagementPolicy: "OrderedReady"
  replicas: 1  ## replicas for deepflow-server and clickhouse
  podAntiAffinityLabelSelector: []
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: []
  nodeAffinityLabelSelector: []
  nodeAffinityTermLabelSelector: []
  timezone: "Asia/Shanghai"
  nodePort: 
    clickhouseTcpPort:
    clickhouseHttpPort: 32509
    deepflowServerIngester: 30033
    deepflowServerGrpc: 30035
    # deepflowServerSslGrpc: 30135
    deepflowServerhealthCheck: 30417
  ntpServer: ntp.aliyun.com
  ## Whether to enable allInone local storage, if enabled, the local /opt directory is used to store data by default, ignoring the node affinity check, and is not responsible for any data persistence
  allInOneLocalStorage: false 
  storageClass: "openebs-hostpath"
  externalClickHouse:
    enabled: false  ## Enable external ClickHouse
    type: ep

    ## External ClickHouse clusterName,The default value is 'default', query method:  'select cluster,host_address,port from system.clusters;'
    clusterName: default 

    ## External ClickHouse storage policy name,The default value is 'default', query method: 'select policy_name from system.storage_policies;'
    storagePolicy: default 
    username: default ## External ClickHouse username
    password: password ## External ClickHouse Password
    
    ## External ClickHouse IP address and port list, DeepFlow writes IP and port information to an svc endpoint, deepflow-server obtains ClickHouse's IP:Port through get&wath&list endpoint.
    ## deepflow-server needs to access the real IP address of ClickHouse, the port is connected using tcp-port, usually 9000, and query IP:Port through 'select host_address,port from system.clusters;'.
    hosts: []
    # - ip: 10.1.2.3
    #   port: 9000
    # - ip: 10.1.2.4
    #   port: 9000
    # - ip: 10.1.2.5
    #   port: 9000

  externalMySQL:
    enabled: false ## Enable external MySQL
    ip: 10.1.2.3 ## External Mysql IP address, Need to allow deepflow-server and clickhouse access
    port: 3306 ## External Mysql port
    username:  ## External Mysql username
    password:  ## External Mysql password

image:
  server:
    repository: "{{ .Values.global.image.repository }}/deepflow-server"
    tag: v6.4
    pullPolicy: "{{ .Values.global.image.pullPolicy }}"
  app:
    repository:  reg.cestong.com.cn/cecf/deepflow-app
    #repository: registry.cn-hongkong.aliyuncs.com/deepflow-ce/deepflow-app
    tag: v6.4.11
    pullPolicy: Always

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

timezone: "{{ .Values.global.timezone }}"
podAnnotations: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

server:
  ## Pod Labels
  podLabels: {}
  replicas: "{{ .Values.global.replicas }}"
  hostNetwork:  "{{ .Values.global.hostNetwork }}"
  dnsPolicy: "{{ .Values.global.dnsPolicy }}"
  nameservers: []
  podManagementPolicy: "{{ .Values.global.podManagementPolicy }}"
  featureFlag: []
  readinessProbe:
    httpGet:
      path: /v1/health/
      port: server
    failureThreshold: 10
    initialDelaySeconds: 15
    periodSeconds: 10
    successThreshold: 1
  livenessProbe:
    failureThreshold: 6
    initialDelaySeconds: 15
    periodSeconds: 20
    successThreshold: 1
    httpGet:
      path: /v1/health/
      port: server
    timeoutSeconds: 1
  service:
    ## Configuration for deepflow-server service
    ##
    annotations: {}
    labels: {}
    clusterIP: ""

    ## Port for deepflow-server Service to listen on
    ##

    ports:
    - name: querier
      port: 20416
      targetPort: 20416
      nodePort:
      protocol: TCP
    - name: profile
      port: 20419
      targetPort: 20419
      nodePort:
      protocol: TCP
    - name: health-check
      port: 20417
      targetPort: 20417
      nodePort: 32514
      protocol: TCP
    - name: grpc
      port: 20035
      targetPort: 20035
      nodePort: 
      protocol: TCP
    - name: grpc-30035
      port: 30035
      targetPort: 20035
      nodePort: "{{ .Values.global.nodePort.deepflowServerGrpc }}"
      protocol: TCP
    - name: ssl-grpc
      port: 20135
      targetPort: 20135
      nodePort: # "{{ .Values.global.nodePort.deepflowServerSslGrpc }}"
      protocol: TCP
    - name: ingester
      port: 20033
      targetPort: 20033
      nodePort:
      protocol: TCP
    - name: ingester-30033
      port: 30033
      targetPort: 20033
      nodePort: "{{ .Values.global.nodePort.deepflowServerIngester }}"
      protocol: TCP
    ## Additional ports to open for server service
    additionalPorts: []

    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
  
    externalTrafficPolicy: Cluster

    ## Service type
    ##
    type: NodePort

  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi

  nodeSelector: {}

  podAntiAffinityLabelSelector:
    - labelSelector:
      - key: app
        operator: In
        values: deepflow
      - key: component
        operator: In
        values: deepflow-server
      topologyKey: "kubernetes.io/hostname"
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: []
  nodeAffinityLabelSelector: []
  nodeAffinityTermLabelSelector: []
  extraVolumeMounts: []
  #   - name: extra-volume-0
  #     mountPath: /mnt/volume0
  #     readOnly: true
  #     existingClaim: volume-claim
  #   - name: extra-volume-1
  #     mountPath: /mnt/volume1
  #     readOnly: true
  #     hostPath: /usr/shared/

app:
  replicas: "1"
  ## Pod Labels
  podLabels: {}
  hostNetwork:  "{{ .Values.global.hostNetwork }}"
  dnsPolicy: "{{ .Values.global.dnsPolicy }}"
  readinessProbe:
    tcpSocket:
      port: app
    failureThreshold: 3
    initialDelaySeconds: 15
    periodSeconds: 10
    successThreshold: 1
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 15
    periodSeconds: 20
    successThreshold: 1
    tcpSocket:
      port: app
    timeoutSeconds: 1
  service:
    ## Configuration for deepflow querier service
    ##
    annotations: {}
    labels: {}
    clusterIP: ""

    ## Port for deepflow querier service to listen on
    ##
    ports:
    - name: app
      port: 20418
      targetPort: 20418
      ## Port to expose on each node
      ## Only used if service.type is 'NodePort'
      ##
      nodePort: 
      protocol: TCP

    ## Additional ports to open for deepflow querier service
    additionalPorts: []

    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
    ##
    externalTrafficPolicy: Cluster

    ## Service type
    ##
    type: ClusterIP
  resources: {}
  nodeSelector: {}
  podAntiAffinityLabelSelector: []
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: []
  nodeAffinityLabelSelector: []
  nodeAffinityTermLabelSelector: []

tolerations: []
# - key: "key1"
#   operator: "Equal"
#   value: "value1"
#   effect: "NoSchedule"


config:
  tridentTypeForUnkonwVtap: 3
configmap:
  server.yaml:
    # logfile path
    log-file: /var/log/deepflow/server.log
    # loglevel: "debug/info/warn/error"
    log-level: info
    controller:
      # controller http listenport
      listen-port: 20417
      # grpc server port
      grpc-port: 20035
      # grpc max message lenth default 100M
      grpc-max-message-length: 104857600
      # kubeconfig
      kubeconfig:
      # election
      election-namespace: "{{ $.Release.Namespace }}"
      election-name: "{{ $.Release.Name }}-server"
      mysql:
        database: deepflow
        user-name: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.username}}{{ else }}root{{end}}"
        user-password: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.password}}{{ else }}{{ .Values.global.password.mysql }}{{end}}"
        #Please ignore this
        host: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.ip}}{{ else }}{{ $.Release.Name }}-mysql{{end}}"
        port: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.port}}{{ else }}30130{{end}}"
        timeout: 30
      clickhouse:
        database: flow_tag
        user-name: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.username }}{{ else }}default{{end}}"
        port: 9000
        host: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Release.Name }}-external-clickhouse{{ else }}{{ $.Release.Name }}-clickhouse{{end}}"
        user-password: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.password }}{{ else }}{{ .Values.global.password.clickhouse }}{{end}}"
      trisolaris:
        chrony:
          host: "{{ tpl .Values.global.ntpServer . }}"
          port: 123
          timeout: 1
        trident-type-for-unkonw-vtap: "{{ .Values.config.tridentTypeForUnkonwVtap }}"
    querier:
      # querier http listenport
      listen-port: 20416
      clickhouse:
        database: flow_tag
        user-name: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.username }}{{ else }}default{{end}}"
        port: 9000
        host: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Release.Name }}-external-clickhouse{{ else }}{{ $.Release.Name }}-clickhouse{{end}}"
        user-password: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.password }}{{ else }}{{ .Values.global.password.clickhouse }}{{end}}"
        timeout: 60
      deepflow-app:
        host: "{{ $.Release.Name }}-app"
        port: 20418
    ingester:
      ckdb:
        # use internal or external ckdb
        external: "{{ $.Values.global.externalClickHouse.enabled }}"
        host: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Release.Name }}-external-clickhouse{{ else }}{{ $.Release.Name }}-clickhouse{{end}}"
        port: 9000
        # if `external` is 'true', default value is 'default', else 'df_cluster'
        cluster-name: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.clusterName}}{{end}}"
        # if `external` is 'true', default value 'default', else 'df_storage'
        storage-policy:  "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.storagePolicy}}{{end}}"
      ckdb-auth:
        username: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.username }}{{ else }}default{{end}}"
        # '#','@' special characters are not supported in passwords
        password: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.password }}{{ else }}{{ .Values.global.password.clickhouse }}{{end}}"
      es-syslog: false

  app.yaml:
    app:
      # logfile path
      log-file: /var/log/deepflow/app.log
      # loglevel: "debug/info/warn/error"
      log-level: info
      # app http listenport
      listen-port: 20418
      # http request/response timeout
      http_request_timeout: 600
      http_response_timeout: 600
      querier:
        host: '{{ include "deepflow.fullname" . }}-server'
        port: 20416
        timeout: 60
      controller:
        host: '{{ include "deepflow.fullname" . }}-server'
        port: 20417
        timeout: 60
      spec:
        l7_tracing_limit: 100

clickhouse:
  enabled: true
  # Default values for clickhouse.
  # This is a YAML-formatted file.
  # Declare variables to be passed into your templates.

  replicas: "{{ .Values.global.replicas }}"
  hostNetwork:  "{{ .Values.global.hostNetwork }}"
  dnsPolicy: "{{ .Values.global.dnsPolicy }}"
  podManagementPolicy: "{{ .Values.global.podManagementPolicy }}"
  image:
    ## ClickHouse Dockerhub Image repository: clickhouse/clickhouse-server
    repository: "{{ .Values.global.image.repository }}/clickhouse-server"
    pullPolicy: Always
    # Overrides the image tag whose default is the chart appVersion.
    tag: 23.8.7.24

  timezone: "{{ .Values.global.timezone }}"
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""

  podAnnotations: {}

  podSecurityContext: {}
    # fsGroup: 2000

  securityContext: {}
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000
  storageConfig:
    ## persistentVolumeClaim/hostPath
    ## If you use hostPath, you must configure nodeAffinityLabelSelector, otherwise your data will be lost when Pod drifts, ignored allInOneLocalStorage=true 
    ## 如果使用hostPath存储clickhouse数据，则必须配置nodeAffinityLabelSelector，避免pod漂移导致数据丢失，allInOneLocalStorage=true 时忽略
    type: persistentVolumeClaim
    generateType: "{{ if $.Values.global.allInOneLocalStorage }}hostPath{{ else }}{{$.Values.storageConfig.type}}{{end}}" #Please ignore this
    hostPath: /opt/deepflow-clickhouse
    persistence:
      - name: clickhouse-path
        accessModes:
        - ReadWriteOnce
        size: 100Gi
        annotations: 
        storageClass: "{{ .Values.global.storageClass }}"
        # selector:
        #   matchLabels:
        #     app.kubernetes.io/name: clickhouse
      - name: clickhouse-storage-path
        accessModes:
        - ReadWriteOnce
        size: 200Gi
        annotations: 
        storageClass: "{{ .Values.global.storageClass }}"
        # selector:
        #   matchLabels:
        #     app.kubernetes.io/name: clickhouse
    s3StorageEnabled: false

  clickhouse:
    interserverHttpPort: 9009
    maxConcurrentQueries: 2000
    ## 单次查询最大内存 (bytes)
    maxMemoryUsage: 10000000000
    maxQuerySize: 10737418240
    maxAstElements: 2000000
    maxExpandedAstElements: 2000000
    connectTimeout: 500
    backgroudPoolSize: 32
  service:
    ## Configuration for ClickHouse service
    ##
    annotations: {}
    labels: {}
    clusterIP: ""

    ## Port for ClickHouse Service to listen on
    ##

    ports:
    - name: http-port
      port: 8123
      targetPort: 8123
      nodePort: "{{ .Values.global.nodePort.clickhouseHttpPort }}"
      protocol: TCP
    - name: tcp-port
      port: 9000
      targetPort: 9000
      nodePort: "{{ .Values.global.nodePort.clickhouseTcpPort }}"
      protocol: TCP
    - name: interserver-http-port
      port: 9009
      targetPort: 9009
      nodePort:
      protocol: TCP

    ## Additional ports to open for server service
    additionalPorts: []

    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
  
    externalTrafficPolicy: Cluster

    ## Service type
    ##
    type: NodePort


  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi

  nodeSelector: {}

  tolerations: []

  podAntiAffinityLabelSelector:
    - labelSelector:
      - key: app
        operator: In
        values: deepflow
      - key: component
        operator: In
        values: clickhouse
      topologyKey: "kubernetes.io/hostname"
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: 
    - topologyKey: kubernetes.io/hostname
      weight: 10
      labelSelector:
      - key: app
        operator: In
        values: deepflow
      - key: component
        operator: In
        values: deepflow-server
  nodeAffinityLabelSelector: []
    ## If you use hostPath, you must configure nodeAffinityLabelSelector, otherwise your data will be lost when Pod drifts
    ## 如果使用hostPath存储mysql数据，则必须配置nodeAffinityLabelSelector，避免pod漂移导致数据丢失
    # - matchExpressions:
    #     - key: kubernetes.io/hostname
    #       operator: In
    #       values: controller
  nodeAffinityTermLabelSelector: []

mysql:
  enabled: true
  hostNetwork: "false"
  dnsPolicy: ClusterFirst
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  password: "{{ .Values.global.password.mysql }}"
  timezone: "{{ .Values.global.timezone }}"
  podAnnotations: {}

  image:
    ## MySQL Dockerhub Image repository: mysql
    repository: "{{ .Values.global.image.repository }}/mysql"
    pullPolicy: Always
    # Overrides the image tag whose default is the chart appVersion.
    tag: 8.0.31

  podSecurityContext: {}
    # fsGroup: 2000

  securityContext:
    ## If your mysql cannot start with hostPath, please open Privileged
    ## 如果你的mysql使用hostPath无法启动，请打开privileged
    # privileged: true
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: false
    # runAsNonRoot: false
    # runAsUser: 0
  storageConfig:
    ## persistentVolumeClaim/hostPath
    ## If you use hostPath, you must configure nodeAffinityLabelSelector, otherwise your data will be lost when Pod drifts
    ## 如果使用hostPath存储mysql数据，则必须配置nodeAffinityLabelSelector，避免pod漂移导致数据丢失
    type: persistentVolumeClaim
    generateType: "{{ if $.Values.global.allInOneLocalStorage }}hostPath{{ else }}{{$.Values.storageConfig.type}}{{end}}" #Please ignore this
    hostPath: /opt/deepflow-mysql
    hostPathChownContainerEnabled: true
    persistence:
      storageClass: "{{ .Values.global.storageClass }}"
      annotations:
        "helm.sh/resource-policy": keep
      # existingClaim: your-claim-pvc-name
      accessMode: ReadWriteOnce
      size: 50Gi 

  service:
    ## Configuration for ClickHouse service
    ##
    annotations: {}
    labels: {}
    clusterIP: ""

    ## Port for ClickHouse Service to listen on
    ##

    ports:
    - name: tcp
      port: 30130
      targetPort: 30130
      nodePort: 
      protocol: TCP
    ## Additional ports to open for server service
    additionalPorts: []

    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
  
    externalTrafficPolicy: Cluster

    ## Service type
    ##
    type: ClusterIP


  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi

  nodeSelector: {}

  tolerations: []

  podAntiAffinityLabelSelector: []
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: []
  nodeAffinityLabelSelector: []
    ## If you use hostPath, you must configure nodeAffinityLabelSelector, otherwise your data will be lost when Pod drifts
    ## 如果使用hostPath存储mysql数据，则必须配置nodeAffinityLabelSelector，避免pod漂移导致数据丢失
    # - matchExpressions:
    #     - key: kubernetes.io/hostname
    #       operator: In
    #       values: controller
  nodeAffinityTermLabelSelector: []


deepflow-agent:
  enabled: true
  image:
    repository: "{{ .Values.global.image.repository }}/deepflow-agent"
    pullPolicy: "{{ .Values.global.image.pullPolicy }}"
    # Overrides the image tag whose default is the chart appVersion.
    tag: v6.4

  imagePullSecrets: []
  nameOverride: ""
  agentFullnameOverride: "deepflow-agent"
  timezone: "{{ .Values.global.timezone }}"

  deployComponent: 
  - "daemonset"
  # - "watcher"
  # 
  tke_sidecar: false

  podAnnotations: {}
  nodeIPInjection: true
  podSecurityContext: {}
    # fsGroup: 2000
  hostNetwork: "false"
  ## Mount the netns hostPath directory read-only 
  netns:
    mount: false
  extraVolumeMounts: []
  securityContext: 
    # privileged: true
    capabilities:
      add:
      - SYS_ADMIN ## Permission required for collecting K8s information and eBPF data
      - SYS_RESOURCE ## Permissions required to collect eBPF data
      - SYS_PTRACE ## Permission required for collecting K8s information
      - NET_ADMIN ## Indicates the permission for collecting AF_PACKET traffic
      - NET_RAW ## Indicates the permission for collecting AF_PACKET traffic
      - IPC_LOCK ## optional MAP_LOCKED MAP_NORESERVE: Indicates the permission for collecting AF_PACKET traffic, It can significantly degrade performance when not available
      - SYSLOG
      #- BPF      ## Optionally, eBPF does not require SYS_ADMIN in kernel Linux 5.8+ and uses a combination of BPF and PERFMON instead
      #- PERFMON  ## Optionally, eBPF does not require SYS_ADMIN in kernel Linux 5.8+ and uses a combination of BPF and PERFMON instead
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000

  ## File read and write permissions required for collecting eBPF data (Optional. If you do not have the permission and the content does not meet expectations, the performance will be significantly reduced. You can set the content in advance.)
  ## sysctl -w net.core.bpf_jit_enable=1
  sysctlInitContainer:
    enabled: true

  service:
    ## Configuration for ClickHouse service
    ##
    annotations: {}
    labels: {}
    clusterIP: ""

    ## Port for ClickHouse Service to listen on
    ##

    ports:
    - name: receive
      port: 80
      targetPort: receive
      nodePort: 
      protocol: TCP

    ## Additional ports to open for server service
    additionalPorts: []

    externalIPs: []
    loadBalancerIP: ""
    loadBalancerSourceRanges: []

    ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
  
    externalTrafficPolicy: Cluster

    ## Service type
    ##
    type: ClusterIP

  deepflowServerNodeIPS:
  - '{{ include "deepflow.fullname" . }}-server'
  kubernetesClusterId: 
  agentGroupID: 
  ## This command takes effect when agent-group-config external_agent_http_proxy_enabled=1 is configured using deepflow-ctl
  ## Set the port to the agent-group-config port
  externalAgentHttpProxyPort: 38086

  resources:
    limits:
      cpu: 1000m
      memory: 768Mi
    requests:
      cpu: 100m
      memory: 128Mi


  nodeSelector: {}

  tolerations: []

  podAntiAffinityLabelSelector: []
  podAntiAffinityTermLabelSelector: []
  podAffinityLabelSelector: []
  podAffinityTermLabelSelector: []
  nodeAffinityLabelSelector: []
  nodeAffinityTermLabelSelector: []


grafana:
  enabled: true
  namespaceOverride: ""

  ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
  ##
  forceDeployDatasources: false

  ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled
  ##
  forceDeployDashboards: false

  ## Deploy default dashboards
  ##
  defaultDashboardsEnabled: true

  ## Timezone for the default dashboards
  ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
  ##
  defaultDashboardsTimezone: utc
  adminPassword: deepflow

  containerSecurityContext: []

  image:
    registry: registry.cn-beijing.aliyuncs.com/deepflow-ce
    ## Grafana aliyun Image repository: registry.cn-beijing.aliyuncs.com/deepflow-ce/grafana
    repository: grafana
    # Overrides the Grafana image tag whose default is the chart appVersion
    tag: ""
    sha: ""
    pullPolicy: Always

  service:
    enabled: true
    type: NodePort

  rbac:
    create: true
  ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true)
  # useExistingRole: name-of-some-(cluster)role
    pspEnabled: false
    namespaced: true

  grafana.ini:
    paths:
      plugins: /var/lib/grafana/plugins
    analytics:
      check_for_updates: true
    log:
      mode: console
    database:
      type: mysql
      host: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.ip}}{{ else }}{{ $.Release.Name }}-mysql{{end}}:{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.port}}{{ else }}30130{{end}}"
      name: grafana
      user: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.username}}{{ else }}root{{end}}"
      password: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.password}}{{ else }}{{ .Values.global.password.mysql }}{{end}}"
    plugins:
      allow_loading_unsigned_plugins: deepflow-querier-datasource,deepflow-apptracing-panel,deepflow-topo-panel,deepflowio-tracing-panel,deepflowio-deepflow-datasource,deepflowio-topo-panel

  extraInitContainers:
    - name: init-custom-plugins
      image: "{{ .Values.global.image.repository }}/deepflowio-init-grafana:v6.4"
      imagePullPolicy: "{{ tpl .Values.global.image.pullPolicy . }}"
      volumeMounts:
      - name: custom-plugins
        mountPath: /var/lib/grafana/plugins
    - name: init-grafana-ds-dh
      image: "{{ .Values.global.image.repository }}/deepflowio-init-grafana-ds-dh:latest"
      imagePullPolicy: "{{ tpl .Values.global.image.pullPolicy . }}"
      volumeMounts:
      - name: deepflow-dashboards
        mountPath: /tmp/dashboards
      - name: grafana-dashboards-config
        mountPath: /etc/grafana/provisioning/dashboards
      - name: grafana-datasources-config
        mountPath: /etc/grafana/provisioning/datasources

  extraEmptyDirMounts: 
    - name: custom-plugins
      mountPath: /var/lib/grafana/plugins
    - name: deepflow-dashboards
      mountPath: /tmp/dashboards
    - name: grafana-dashboards-config
      mountPath: /etc/grafana/provisioning/dashboards
    - name: grafana-datasources-config
      mountPath: /etc/grafana/provisioning/datasources

  env:
    TZ: "Asia/Shanghai"
    DEEPFLOW_REQUEST_URL: 'http://{{ include "deepflow.fullname" . }}-server:20416'
    DEEPFLOW_TRACEURL: 'http://{{ include "deepflow.fullname" . }}-app:20418'
    MYSQL_URL: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.ip}}{{ else }}{{ $.Release.Name }}-mysql{{end}}:{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.port}}{{ else }}30130{{end}}"
    MYSQL_USER: "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.username}}{{ else }}root{{end}}"
    MYSQL_PASSWORD:  "{{ if $.Values.global.externalMySQL.enabled }}{{$.Values.global.externalMySQL.password}}{{ else }}{{ .Values.global.password.mysql }}{{end}}"
    CLICKHOUSE_SERVER: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Release.Name }}-external-clickhouse{{ else }}{{ $.Release.Name }}-clickhouse{{end}}"
    CLICKHOUSE_USER: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.username }}{{ else }}default{{end}}"
    CLICKHOUSE_PASSWORD: "{{ if $.Values.global.externalClickHouse.enabled }}{{ $.Values.global.externalClickHouse.password }}{{ else }}{{ .Values.global.password.clickhouse }}{{end}}"

  ingress:
    enabled: true
    # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
    # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
    ingressClassName: nginx
    # Values can be templated
    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    labels: {}
    path: /

    # pathType is only for k8s >= 1.1=
    pathType: Prefix

    hosts:
      - deepflow.cestong.com.cn
    ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
    extraPaths: []
    # - path: /*
    #   backend:
    #     serviceName: ssl-redirect
    #     servicePort: use-annotation
    ## Or for k8s > 1.19
    # - path: /*
    #   pathType: Prefix
    #   backend:
    #     service:
    #       name: ssl-redirect
    #       port:
    #         name: use-annotation


    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  assertNoLeakedSecrets: false