## Default values for Redash. ## This is a YAML-formatted file. global: disableRequestsLimits: false deploymentMode: development name: redash exporter: name: redash-exporter image: masahata/redash-exporter monitoring: namespace: openshift-monitoring prometheusScrapePath: /metrics jobLabel: app port: 9295 citus: secrets: secret: pgsecret_name: operational-pguser-postgres user_name: user pgsecret_key: password rolesSecrets: secret: pgsecret_name: citus-roles-secrets auditRolePass: anRolePass adminRolePass: anAdmPass ## Roles roles: auditor: name: auditor secrets: users: redash-users-secrets redashAdmin: redash-admin-secret redashViewer: redash-viewer-secret image: # image.repository -- Redash image name used for server and worker pods name: nexus-docker-hosted.apps.cicd2.mdtu-ddm.projects.epam.com/mdtu-ddm-edp-cicd/redash-chart-master # image.tag -- Redash image [tag](https://hub.docker.com/r/redash/redash/tags) version: 1.5.0-SNAPSHOT.94 # image.pullPolicy - Image pull policy pullPolicy: IfNotPresent redashPublisher: report-publisher-master:1.7.0.13 # imagePullSecrets -- Name(s) of secrets to use if pulling images from a private registry imagePullSecrets: [] # nameOverride - Override the autogenerated release name based chart name nameOverride: "" fullnameOverride: "" # env -- Redash global envrionment variables - applied to both server and worker containers. env: PYTHONUNBUFFERED: 0 ## Service account and security context configuration serviceAccount: # serviceAccount.create -- Specifies whether a service account should be created create: true # serviceAccount.annotations -- Annotations to add to the service account annotations: {} # serviceAccount.name -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: redash-chart ## Redash application configuration redash: system: admin: secret: redash-system-admin-creds basePath: reports version: 10.1.0 setup: true instance: name: admin: redash-admin viewer: redash-viewer keycloakRealms: admin: admin viewer: officer-portal #Customized service: redash-admin:5000 ## Start primary Redash configuration ## Note that we document the Redash defaults, but don't explicitly set them. ## This allows multiple versions of Redash (which may have different defaults) to be more easily used # -- REQUIRED `REDASH_SECRET_KEY` value. Secret key used for data encryption. Stored as a Secret value. secretKey: "" # -- `REDASH_SAML_SCHEME_OVERRIDE` value. This setting will allow you to override the saml auth url scheme that gets constructed by flask. this is a useful feature if, for example, you're behind a proxy protocol enabled tcp load balancer (aws elb that terminates ssl) and your nginx proxy or similar adds a x-forwarded-proto of http even though your redash url for saml auth is https.. samlSchemeOverride: "https" # -- `REDASH_PROXIES_COUNT` value. # @default -- 1 proxiesCount: "" # -- `REDASH_STATSD_HOST` value. # @default -- 127.0.0.1 statsdHost: "" # -- `REDASH_STATSD_PORT` value. # @default -- 8125 statsdPort: "" # -- `REDASH_STATSD_PREFIX` value. # @default -- redash statsdPrefix: "" # -- `REDASH_STATSD_USE_TAGS` value. Whether to use tags in statsd metrics (influxdb’s format). # @default -- false statsdUseTags: "" # -- `REDASH_CELERY_BROKER` value. # @default -- REDIS_URL celeryBroker: "" # -- `REDASH_CELERY_BACKEND` value. # @default -- CELERY_BROKER celeryBackend: "" # -- `REDASH_CELERY_TASK_RESULT_EXPIRES` value. How many seconds to keep celery task results in cache (in seconds). # @default -- 3600 \* 4 celeryTaskResultExpires: "" # -- `REDASH_QUERY_RESULTS_CLEANUP_ENABLED` value. # @default -- true queryResultsCleanupEnabled: "" # -- `REDASH_QUERY_RESULTS_CLEANUP_COUNT` value. # @default -- 100 queryResultsCleanupCount: "" # -- `REDASH_QUERY_RESULTS_CLEANUP_MAX_AGE` value. # @default -- 7 queryResultsCleanupMaxAge: "" # -- `REDASH_SCHEMAS_REFRESH_QUEUE` value. The celery queue for refreshing the data source schemas. # @default -- celery schemasRefreshQueue: "" # -- `REDASH_SCHEMAS_REFRESH_SCHEDULE` value. How often to refresh the data sources schemas (in minutes). # @default -- 30 schemasRefreshSchedule: "" # -- `REDASH_AUTH_TYPE` value. # @default -- api_key authType: "" # -- `REDASH_ENFORCE_HTTPS` value. # @default -- false enforceHttps: "" # -- `REDASH_INVITATION_TOKEN_MAX_AGE` value. # @default -- 60 _ 60 _ 24 \* 7 invitationTokenMaxAge: "" # -- `REDASH_MULTI_ORG` value. # @default -- false multiOrg: "" # -- `REDASH_GOOGLE_CLIENT_ID` value. googleClientId: "" # -- `REDASH_GOOGLE_CLIENT_SECRET` value. Stored as a Secret value. googleClientSecret: "" # -- `REDASH_REMOTE_USER_LOGIN_ENABLED` value. # @default -- false remoteUserLoginEnabled: "" # -- `REDASH_REMOTE_USER_HEADER` value. # @default -- X-Forwarded-Remote-User remoteUserHeader: "" # -- `REDASH_LDAP_LOGIN_ENABLED` value. # @default -- false ldapLoginEnabled: "" # -- `REDASH_LDAP_URL` value. # @default -- None ldapUrl: "" # -- `REDASH_LDAP_BIND_DN` value. # @default -- None ldapBindDn: "" # -- `REDASH_LDAP_BIND_DN_PASSWORD` value. Stored as a Secret value. ldapBindDnPassword: "" # -- `REDASH_LDAP_DISPLAY_NAME_KEY` value. # @default -- displayName ldapDisplayNameKey: "" # -- `REDASH_LDAP_EMAIL_KEY` value. # @default -- mail ldapEmailKey: "" # -- `REDASH_LDAP_CUSTOM_USERNAME_PROMPT` value. # @default -- LDAP/AD/SSO username: ldapCustomUsernamePrompt: "" # -- `REDASH_LDAP_SEARCH_TEMPLATE` value. # @default -- (cn=%(username)s) ldapSearchTemplate: "" # -- `REDASH_LDAP_SEARCH_DN` value. # @default -- REDASH_SEARCH_DN ldapSearchDn: "" # -- `REDASH_STATIC_ASSETS_PATH` value. # @default -- ”../client/dist/” staticAssetsPath: "" # -- `REDASH_JOB_EXPIRY_TIME` value. # @default -- 3600 \* 12 jobExpiryTime: "" # -- REQUIRED `REDASH_COOKIE_SECRET` value. Stored as a Secret value. cookieSecret: "" # -- `REDASH_LOG_LEVEL` value. # @default -- INFO logLevel: "" # -- `REDASH_MAIL_SERVER` value. # @default -- localhost mailServer: "" # -- `REDASH_MAIL_PORT` value. # @default -- 25 mailPort: "" # -- `REDASH_MAIL_USE_TLS` value. # @default -- false mailUseTls: "" # -- `REDASH_MAIL_USE_SSL` value. # @default -- false mailUseSsl: "" # -- `REDASH_MAIL_USERNAME` value. # @default -- None mailUsername: "" # -- `REDASH_MAIL_PASSWORD` value. Stored as a Secret value. # @default -- None mailPassword: "" # -- `REDASH_MAIL_DEFAULT_SENDER` value. # @default -- None mailDefaultSender: "" # -- `REDASH_MAIL_MAX_EMAILS` value. # @default -- None mailMaxEmails: "" # -- `REDASH_MAIL_ASCII_ATTACHMENTS` value. # @default -- false mailAsciiAttachments: "" # -- `REDASH_HOST` value. host: "" # -- `REDASH_ALERTS_DEFAULT_MAIL_SUBJECT_TEMPLATE` value. # @default -- ({state}) {alert_name} alertsDefaultMailSubjectTemplate: "" # -- `REDASH_THROTTLE_LOGIN_PATTERN` value. # @default -- 50/hour throttleLoginPattern: "" # -- `REDASH_LIMITER_STORAGE` value. # @default -- REDIS_URL limiterStorage: "" # -- `REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN` value. corsAccessControlAllowOrigin: "" # -- `REDASH_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS` value. # @default -- false corsAccessControlAllowCredentials: "" # -- `REDASH_CORS_ACCESS_CONTROL_REQUEST_METHOD` value. # @default -- GET, POST, PUT corsAccessControlRequestMethod: "" # -- `REDASH_CORS_ACCESS_CONTROL_ALLOW_HEADERS` value. # @default -- Content-Type corsAccessControlAllowHeaders: "" # -- `REDASH_ENABLED_QUERY_RUNNERS` value. # @default -- ”,”.join(default_query_runners) enabledQueryRunners: "" # -- `REDASH_ADDITIONAL_QUERY_RUNNERS` value. additionalQueryRunners: "" # -- `REDASH_DISABLED_QUERY_RUNNERS` value. disabledQueryRunners: "" # -- `REDASH_SCHEDULED_QUERY_TIME_LIMIT` value. Time limit for scheduled queries (in seconds). # @default -- None scheduledQueryTimeLimit: "" # -- `REDASH_ADHOC_QUERY_TIME_LIMIT` value. Time limit for adhoc queries (in seconds). # @default -- None adhocQueryTimeLimit: "" # -- `REDASH_ENABLED_DESTINATIONS` value. # @default -- ”,”.join(default_destinations) enabledDestinations: "" # -- `REDASH_ADDITIONAL_DESTINATIONS` value. additionalDestinations: "" # -- `REDASH_EVENT_REPORTING_WEBHOOKS` value. eventReportingWebhooks: "" # -- `REDASH_SENTRY_DSN` value. sentryDsn: "" # -- `REDASH_ALLOW_SCRIPTS_IN_USER_INPUT` value. Disable sanitization of text input, allowing full html. # @default -- false allowScriptsInUserInput: "" # -- `REDASH_DASHBOARD_REFRESH_INTERVALS` value. # @default -- 60,300,600,1800,3600,43200,86400 dashboardRefreshIntervals: "" # -- `REDASH_QUERY_REFRESH_INTERVALS` value. # @default -- 60, 300, 600, 900, 1800, 3600, 7200, 10800, 14400, 18000, 21600, 25200, 28800, 32400, 36000, 39600, 43200, 86400, 604800, 1209600, 2592000 queryRefreshIntervals: "" # -- `REDASH_PASSWORD_LOGIN_ENABLED` value. # @default -- true passwordLoginEnabled: true # -- `REDASH_SAML_METADATA_URL` value. samlMetadataUrl: "" # -- `REDASH_SAML_ENTITY_ID` value. samlEntityId: admin: "redash-admin" viewer: "redash-viewer" # -- `REDASH_SAML_NAMEID_FORMAT` value. samlNameidFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" # -- `REDASH_DATE_FORMAT` value. # @default -- DD/MM/YY dateFormat: "" # -- `REDASH_JWT_LOGIN_ENABLED` value. # @default -- false jwtLoginEnabled: "" # -- `REDASH_JWT_AUTH_ISSUER` value. jwtAuthIssuer: "" # -- `REDASH_JWT_AUTH_PUBLIC_CERTS_URL` value. jwtAuthPublicCertsUrl: "" # -- `REDASH_JWT_AUTH_AUDIENCE` value. jwtAuthAudience: "" # -- `REDASH_JWT_AUTH_ALGORITHMS` value. # @default -- HS256,RS256,ES256 jwtAuthAlgorithms: "" # -- `REDASH_JWT_AUTH_COOKIE_NAME` value. jwtAuthCookieName: "" # -- `REDASH_JWT_AUTH_HEADER_NAME` value. jwtAuthHeaderName: "" # -- `REDASH_FEATURE_SHOW_QUERY_RESULTS_COUNT` value. Disable/enable showing count of query results in status. # @default -- true featureShowQueryResultsCount: "" # -- `REDASH_VERSION_CHECK` value. # @default -- true versionCheck: "" # -- `REDASH_FEATURE_DISABLE_REFRESH_QUERIES` value. Disable scheduled query execution. # @default -- false featureDisableRefreshQueries: "" # -- `REDASH_FEATURE_SHOW_PERMISSIONS_CONTROL` value. # @default -- false featureShowPermissionsControl: "" # -- `REDASH_FEATURE_ALLOW_CUSTOM_JS_VISUALIZATIONS` value. # @default -- false featureAllowCustomJsVisualizations: "" # -- `REDASH_FEATURE_DUMB_RECENTS` value. # @default -- false featureDumbRecents: "" # -- `REDASH_FEATURE_AUTO_PUBLISH_NAMED_QUERIES` value. # @default -- true featureAutoPublishNamedQueries: "" # -- `REDASH_BIGQUERY_HTTP_TIMEOUT` value. # @default -- 600 bigqueryHttpTimeout: "" # -- `REDASH_SCHEMA_RUN_TABLE_SIZE_CALCULATIONS` value. # @default -- false schemaRunTableSizeCalculations: "" # -- `REDASH_WEB_WORKERS` value. How many processes will gunicorn spawn to handle web requests. # @default -- 4 webWorkers: "" ## End primary Redash configuration # redash.existingSecret -- Name of existing secret to use instead of either the values above ## This secret must contain keys matching the items marked "Stored as a Secret value" above. existingSecretAdmin: redash-admin-secret existingSecretViewer: redash-viewer-secret ## Configuration for Redash web server server: # server.httpPort -- Server container port (only useful if you are using a customized image) httpPort: 5000 # server.env -- Redash server specific envrionment variables # Don't use this for variables that are in the configuration above, however. env: {} # server.replicaCount -- Number of server pods to run replicaCount: 1 # server.resources -- Server resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) resources: limits: cpu: '1' requests: cpu: '1' memory: 1Gi # server.podSecurityContext -- Security contexts for server pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) podSecurityContext: {} securityContext: {} # server.nodeSelector -- Node labels for server pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) nodeSelector: {} # server.tolerations -- Tolerations for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) tolerations: [] # server.affinity -- Affinity for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) affinity: {} # server.podAnnotations -- Annotations for server pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) podAnnotations: sidecar.istio.io/inject: "false" service: # service.annotations -- Annotations to add to the service annotations: {} # service.loadBalancerIP -- Specific IP address to use for cloud providers such as Azure Kubernetes Service [ref](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) loadBalancerIP: # service.type -- Kubernetes Service type type: ClusterIP # service.port -- Service external port port: 80 ingress: # ingress.enabled -- Enable ingress controller resource enabled: false # ingress.annotations -- Ingress annotations configuration annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # ingress.hosts -- Ingress resource hostnames and path mappings hosts: - host: chart-example.local paths: [] # ingress.tls -- Ingress TLS configuration tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local ## Configuration for Redash ad-hoc workers adhocWorker: # adhocWorker.env -- Redash ad-hoc worker specific envrionment variables. env: {} # adhocWorker.replicaCount -- Number of ad-hoc worker pods to run replicaCount: 1 # adhocWorker.resources -- Ad-hoc worker resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) resources: # limits: # cpu: 500m # memory: 3Gi # requests: # cpu: 100m # memory: 500Mi # adhocWorker.podSecurityContext -- Security contexts for ad-hoc worker pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) podSecurityContext: {} securityContext: {} # adhocWorker.nodeSelector -- Node labels for ad-hoc worker pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) nodeSelector: {} # adhocWorker.tolerations -- Tolerations for ad-hoc worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) tolerations: [] # adhocWorker.affinity -- Affinity for ad-hoc worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) affinity: {} # adhocWorker.podAnnotations -- Annotations for adhoc worker pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) podAnnotations: sidecar.istio.io/inject: "false" ## Configuration for Redash scheduled workers scheduler: env: {} # scheduler.replicaCount -- Number of scheduler pods to run replicaCount: 1 # scheduler.resources -- Scheduler resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) resources: # limits: # cpu: 500m # memory: 3Gi # requests: # cpu: 100m # memory: 500Mi # scheduler.podSecurityContext -- Security contexts for scheduler pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) podSecurityContext: {} securityContext: {} # scheduler.nodeSelector -- Node labels for scheduler pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) nodeSelector: {} # scheduler.tolerations -- Tolerations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) tolerations: [] # scheduler.affinity -- Affinity for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) affinity: {} # scheduler.podAnnotations -- Annotations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) podAnnotations: sidecar.istio.io/inject: "false" # externalPostgreSQL -- External PostgreSQL configuration. To use an external PostgreSQL instead of the automatically deployed postgresql chart: set postgresql.enabled to false then uncomment and configure the externalPostgreSQL connection URL (e.g. postgresql://user:pass@host:5432/database) externalPostgreSQL: # externalPostgreSQLSecret -- Read external PostgreSQL configuration from a secret. This should point at a secret file with a single key which specifyies the connection string. externalPostgreSQLSecret: {} # name: redash-postgres # key: connectionString # envSecretName -- DEPRECIATED, use externalPostgreSQLSecret/externalRedisSecret instead. Contents of this secret will be loaded as environment variables into the container. Useful e.g. to set to set PostgreSQL password in externalPostgreSQL parameter: postgresql://user:$(POSTGRESQL_PASSWORD)@host:5432/database [ref](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) # envSecretName: ## Configuration values for the postgresql dependency. This PostgreSQL instance is used by default for all Redash state storage [ref](https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md) postgresql: # postgresql.enabled -- Whether to deploy a PostgreSQL server to satisfy the applications database requirements. To use an external PostgreSQL set this to false and configure the externalPostgreSQL parameter. enabled: true image: # postgresql.image.tag -- Bitnami supported version close to the one specified in Redash [setup docker-compose.yml](https://github.com/getredash/setup/blob/master/data/docker-compose.yml) tag: "14.5.0-debian-11-r28" # postgresql.postgresqlUsername -- PostgreSQL username for redash user (when postgresql chart enabled) postgresqlUsername: redash # postgresql.postgresqlPassword -- REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) postgresqlPassword: "" # postgresql.postgresqlDatabase -- PostgreSQL database name (when postgresql chart enabled) postgresqlDatabase: redash service: type: ClusterIP port: 5432 persistence: # postgresql.persistence.enabled -- Use a PVC to persist PostgreSQL data (when postgresql chart enabled) enabled: true # postgresql.persistence.storageClass - Storage Class for PostgreSQL backing PVC. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack). storageClass: "" # postgresql.persistence.accessMode -- Use PostgreSQL volume as ReadOnly or ReadWrite accessMode: ReadWriteOnce # postgresql.persistence.size -- PVC Storage Request size for PostgreSQL volume size: 5Gi # postgresql.persistence.existingClaim -- Provide an existing PostgreSQL PersistentVolumeClaim # existingClaim: "" volumePermissions: securityContext: runAsUser: 0 securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 metrics: securityContext: enabled: true runAsUser: 1001 # externalRedis -- External Redis configuration. To use an external Redis instead of the automatically deployed redis chart: set redis.enabled to false then uncomment and configure the externalRedis connection URL (e.g. redis://user:pass@host:6379/database). externalRedis: # externalRedisSecret -- Read external Redis configuration from a secret. This should point at a secret file with a single key which specifyies the connection string. externalRedisSecret: {} # name: redash-redis # key: connectionString ## Configuration values for the redis dependency. This Redis instance is used by default for caching and temporary storage [ref](https://github.com/kubernetes/charts/blob/master/stable/redis/README.md) redis: # redis.enabled -- Whether to deploy a Redis server to satisfy the applications database requirements. To use an external Redis set this to false and configure the externalRedis parameter. enabled: true # redis.password -- If the password is not specified, a random password will be generated (when redis chart enabled) # password: # redis.databaseNumber -- Redis database number to use (when redis chart enabled) databaseNumber: 0 connectionParams: "health_check_interval=10" master: # redis.master.port -- Redis master port to use (when redis chart enabled) port: 6379 cluster: # redis.databaseNumber -- Enable Redis clustering (when redis chart enabled) enabled: false volumePermissions: securityContext: runAsUser: 0 securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 metrics: securityContext: enabled: true runAsUser: 1001 podSecurityContext: runAsUser: 0 edpComponent: description: "Користувацький інтерфейс для створення та налаштування аналітичних звітів та дашбордів." displayName: "Веб-інтерфейс моделювання звітів (Redash Admin)" operationalZone: "registry-administration-zone"