ContextQMD
Back to Kestra

kestra

charts/kestra/README.md

1.3.1815.6 KB
Original Source
<p align="center"> <a href="https://www.kestra.io"> </a> </p> <h1 align="center" style="border-bottom: none"> Event-Driven Declarative Orchestrator </h1> <p align="center"> <a href="https://twitter.com/kestra_io"></a> &nbsp; <a href="https://www.linkedin.com/company/kestra/"></a> &nbsp; <a href="https://www.youtube.com/@kestra-io"></a> &nbsp; </p> <p align="center"> <a href="https://go.kestra.io/video/product-overview" target="_blank"> 
</a>
</p> <p align="center" style="color:grey;"><i>Get started with Kestra in 4 minutes.</i></p>

kestra

Infinitely scalable, event-driven, language-agnostic orchestration and scheduling platform to manage millions of workflows declaratively in code.

Homepage: https://kestra.io

Installing the Chart

To install the chart with the release name my-kestra:

console
$ helm repo add kestra https://helm.kestra.io/
$ helm install my-kestra kestra/kestra --version 1.0.53

Migration from 0.x.x to 1.0.0

Breaking changes have been made to the Helm chart in order to support the new features and improvements introduced in Kestra 1.0.0. Please review the following changes carefully before upgrading:

If you need to change the kestra docker repository

Before:

yaml
image:
  image: kestra/kestra

After:

yaml
image:
  repository: kestra/kestra

We changed the way to configure service account

Before:

yaml
serviceAccountName: ""

After:

yaml
serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""

We removed postgres, minio, kafka and elasticsearch from the chart dependencies. You can now use your own managed services or deploy them separately.

Most of the deployment configuration options have been restructured. There is now a common entry in the values.yaml.

Before:

yaml
nodeSelector: {}
tolerations: []
affinity: {}
extraVolumeMounts: []
extraVolumes: []
extraEnv: []
# more...

After:

yaml
common:
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraVolumeMounts: []
  extraVolumes: []
  extraEnv: []
  # more...

You can override all those configuration options in the deployments entry in the values.yaml.

yaml
deployments:
  standalone:
    nodeSelector: {}
    tolerations: []
    affinity: {}
    extraVolumeMounts: []
    extraVolumes: []
    extraEnv: []
    # more...

We changed the way to provide custom configuration files to Kestra. It's now all under configurations entry in the values.yaml.

Before:

yaml
### This creates a config map of the Kestra configuration
configuration: {}
# Example: Setting the plugin defaults for the Docker runner
#   kestra:
#     plugins:
#       configurations:
#         - type:  io.kestra.plugin.scripts.runner.docker.Docker
#           values:
#             volume-enabled: true
### This will create a Kubernetes Secret for the values provided
## This will be appended to kestra-secret with the key application-secrets.yml
secrets: {}
# Example: Store your postgres backend credentials in a secret
#   secrets:
#     kestra:
#       datasources:
#         postgres:
#           username: pguser
#           password: mypass123
#           url: jdbc:postgresql://pghost:5432/db
### Load Kestra configuration from existing secret
## Here this assumes the secret is already deployed and the following apply:
## 1. The secret type is "Opaque"
## 2. The secret has a single key
## 3. The value of the secret is the Kestra configuration.
externalSecret: {}
  #secretName: secret-name
  #key: application-kestra.yml
### configuration files
## This option allows you to reference existing local files to configure Kestra, e.g.
configurationPath:
# configurationPath: /app/application.yml,/app/application-secrets.yml
extraConfigMapEnvFrom:
  # - name: my-existing-configmap-no-prefix
  # - name: my-existing-configmap-with-prefix
  #   prefix: KESTRA_
extraSecretEnvFrom:
  # - name: my-existing-no-prefix
  # - name: my-existing-with-prefix
  #   prefix: SECRET_

After:

yaml
configurations:
  application:
    kestra:
      queue:
        type: h2
      repository:
        type: h2
      storage:
        type: local
        local:
          basePath: "/app/storage"
    datasources:
      h2:
        url: jdbc:h2:mem:public;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
        username: kestra
        password: ""
        driverClassName: org.h2.Driver
  configmaps:
    - name: kestra-others
      key: others.yml
  secrets:
    - name: kestra-basic-auth
      key: basic-auth.yml

No need of taking care of configurationPath:; It's automatically managed by the chart.

If you need to add extra environment variables from existing ConfigMaps or Secrets, you can still use extraEnv and extraEnvFrom under the common entry.

If you want your deployment to restart if configurations.application change, you can enable the option common.configmapReloader.enabled: true (default to false).

We upgrade also the way the dind is managed. It's now under the dind entry in the values.yaml.

We add dind.mode, to choose between rootless and insecure ; rootless is the default and recommended mode.

Usage for enterprise edition workerGroups

yaml
workerGroups:
  test-000:
    enabled: false
  test-001:
    enabled: true
    workerThreads: 128
    serviceAccountName: "kestra-worker-sa-external"
  test-002:
    enabled: true

The workerGroups follow exactly the same pattern you see in deployments key worker."

Values

common settings

KeyTypeDefaultDescription
common.affinityobject{}Affinity rules for pod scheduling.
common.annotationsobject{}Annotations applied to all resources.
common.autoscalerobject{"enabled":false,"extra":{},"maxReplicas":3,"metrics":[],"minReplicas":1}Enabled or not horizontal autoscaling.
common.configmapReloaderobject{"enabled":false}Application configuration reloader if configmap changed.
common.extraContainerslist[]Additional sidecar containers.
common.extraEnvlist[]Extra environment variables for containers.
common.extraEnvFromlist[]Import environment variables from ConfigMaps/Secrets.
common.extraVolumeMountslist[]Extra volume mounts to add to containers.
common.extraVolumeslist[]Extra volumes to add to pods.
common.initContainerslist[]Additional init containers to run before main container.
common.jvm.forceActiveProcessorsobject{"count":"auto","enabled":false,"value":2}Sometimes you can have problems with cgroup and cpu limits, then you can force the JVM to use a specific number of processors.
common.kindstring"Deployment"Kind of deployment (Deployment or StatefulSet).
common.labelsobject{}Labels applied to all resources.
common.livenessProbeobject{"failureThreshold":3,"httpGet":{"path":"/health/liveness","port":"management"},"initialDelaySeconds":0,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}Liveness probe configuration for container health checks.
common.nodeSelectorobject{}Node selector constraints for scheduling pods.
common.podAnnotationsobject{}Annotations applied specifically to pods.
common.podLabelsobject{}Labels applied specifically to pods.
common.podSecurityContextobject{}Security context settings for pods.
common.priorityClassNamestring""Priority class for scheduling pods.
common.readinessProbeobject{"failureThreshold":3,"httpGet":{"path":"/health/readiness","port":"management"},"initialDelaySeconds":0,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}Readiness probe configuration to determine pod availability.
common.replicasint1Number of pod replicas to run.
common.resourcesobject{}Resource requests and limits for containers.
common.revisionHistoryLimitint10Number of old ReplicaSets to retain for rollback.
common.securityContextobject{}Security context settings for containers.
common.startupProbeobject{"failureThreshold":120,"httpGet":{"path":"/health","port":"management"},"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}Startup probe configuration to verify app starts correctly.
common.strategyobject{}Deployment update strategy.
common.terminationGracePeriodSecondsint360Grace period for pod termination.
common.tolerationslist[]Tolerations for scheduling pods on tainted nodes.
common.topologySpreadConstraintslist[]Topology spread constraints for pod scheduling.

kestra configurations

KeyTypeDefaultDescription
configurations.applicationobject{}Application configuration (Kestra settings, DB, storage, etc.).
configurations.configmapslist[]Extra configmaps mounted as configuration files.
configurations.secretslist[]Extra secrets mounted as configuration files.

kestra deployments

KeyTypeDefaultDescription
deployments.executor.enabledboolfalseEnable executor in distributed mode.
deployments.executor.extraArgslist[]Extra arguments to pass to the container.
deployments.indexer.enabledboolfalseEnable indexer in distributed mode.
deployments.indexer.extraArgslist[]Extra arguments to pass to the container.
deployments.scheduler.enabledboolfalseEnable scheduler in distributed mode.
deployments.scheduler.extraArgslist[]Extra arguments to pass to the container.
deployments.standalone.dind.enabledbooltrueEnable dind sidecar in standalone deployment.
deployments.standalone.enabledbooltrueEnable standalone Kestra deployment.
deployments.standalone.extraArgslist[]Extra arguments to pass to the container.
deployments.standalone.workerThreadsint0Number of worker threads for standalone deployment ; "0" to auto-configure based on CPU.
deployments.webserver.enabledboolfalseEnable webserver in distributed mode.
deployments.webserver.extraArgslist[]Extra arguments to pass to the container.
deployments.worker.enabledboolfalseEnable worker in distributed mode.
deployments.worker.extraArgslist[]Extra arguments to pass to the container.
deployments.worker.workerThreadsint0Number of worker threads for worker deployment ; "0" to auto-configure based on CPU.

kestra dind insecure

KeyTypeDefaultDescription
dind.base.insecureobject{"args":["--log-level=fatal"],"image":{"pullPolicy":"IfNotPresent","repository":"docker","tag":"dind-rootless"},"securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN","NET_ADMIN","DAC_OVERRIDE","SETUID","SETGID"]},"privileged":true,"runAsGroup":0,"runAsUser":0}}Insecure dind configuration (privileged).

kestra dind rootless

KeyTypeDefaultDescription
dind.base.rootlessobject{"args":["--log-level=fatal","--group=1000"],"image":{"pullPolicy":"IfNotPresent","repository":"docker","tag":"dind-rootless"},"securityContext":{"privileged":true,"runAsGroup":1000,"runAsUser":1000}}Rootless dind configuration.

kestra dind

KeyTypeDefaultDescription
dind.enabledbooltrueEnable Docker-in-Docker (dind) sidecar.
dind.extraEnvlist[]Extra environment variables for dind container.
dind.modestring"rootless"Dind mode (rootless or insecure).
dind.resourcesobject{}Resource requests and limits for dind sidecar.
dind.socketPathstring"/dind/"Path where dind socket is mounted.
dind.tmpPathstring"/tmp/"Path for temporary storage in dind.

image settings

KeyTypeDefaultDescription
image.pullPolicystring"IfNotPresent"Policy for pulling container images (Always, IfNotPresent, Never).
image.repositorystring"kestra/kestra"Image repository to use for deploying kestra.
image.tagstring""Overrides the image tag (defaults to chart appVersion).
imagePullSecretslist[]References to secrets for pulling images from private registries.

kubernetes ingress

KeyTypeDefaultDescription
ingress.annotationsobject{}Annotations to add to the Ingress.
ingress.classNamestring""IngressClass name to use.
ingress.enabledboolfalseEnable Ingress resource.
ingress.hostslist[]Hosts and paths for Ingress routing.
ingress.tlslist[]TLS configuration for Ingress.

kestra service

KeyTypeDefaultDescription
service.annotationsobject{}Annotations to apply to the Service.
service.labelsobject{}Labels to apply to the Service.
service.ports.httpobject{"containerPort":8080,"port":8080,"protocol":"TCP","targetPort":"http"}HTTP service port mapping.
service.ports.managementobject{"containerPort":8081,"port":8081,"protocol":"TCP","targetPort":"management"}Management (metrics/health) service port mapping.
service.typestring"ClusterIP"Kubernetes Service type (ClusterIP, NodePort, LoadBalancer).

kubernetes serviceAccount

KeyTypeDefaultDescription
serviceAccount.annotationsobject{}Annotations to add to the ServiceAccount.
serviceAccount.automountbooltrueAutomatically mount API credentials to pods.
serviceAccount.createbooltrueSpecifies whether to create a ServiceAccount.
serviceAccount.namestring""Name of the ServiceAccount to use.

kestra workerGroups

KeyTypeDefaultDescription
workerGroupsobject{}EE only - Define additional worker groups with custom settings.

Other Values

KeyTypeDefaultDescription
common.jvm.extraOptsstring""
common.updateStrategyobject{}StatefulSet update strategy.
extraManifestslist[]Extra Kubernetes manifests to deploy with the chart.
fullnameOverridestring""
nameOverridestring""

Documentation

  • Full documentation can be found under kestra.io/docs
  • Deployment on Kubernetes documentation can be found here

License

Apache 2.0 © Kestra Technologies

Stay up to date

We release new versions every month. Give the main repository a star to stay up to date with the latest releases and get notified about future updates.