Skip to content

Neptune Helm chart reference#

This page is a complete listing of configuration parameters for the Neptune Helm chart.

The same options are included in the deployment instructions, but for easier reference, we also provide them separately.

For the full usage instructions, see Custom installation.

Global parameters#

There are no global parameters used by the Neptune Helm chart.

Common parameters#

If using MariaDB

To enable MariaDB, set the following values for your Helm deployment:

database:
  type: mariadb
  host: your.mariadb.address
Name Description Default value
registry The root location of Neptune's container images. Change if you want to proxy them to your own registry. eu.gcr.io/neptune-distribution/neptune/onprem
imagePullPolicy One of IfNotPresent, Always, Never. This value is shared among all Neptune containers. Always
imagePullSecrets An array of strings pointing to image pull Secrets. []
updateStrategy Deployment update strategy. One of RollingUpdate, Recreate. RollingUpdate
service.type One of ClusterIp, NodePort Use NodePort when going with AWS ingress annotation ALB. ClusterIp
database.host The default database hostname.
database.port The default database port.
database.type To use MariaDB, set to mariadb.
database.username The default database username.
database.usernameSecret.key The default Secret's key name to use as database username.
database.usernameSecret.secret The default Secret's name reference to use as database password.
database.password Database password.
database.passwordSecret.key The Secret's key name to use as database username.
database.passwordSecret.secret The Secret's name reference to use as database password.
database.parameters The default JDBC connection to use. Depending on your setup, different settings are required. The default value matches a VPC-private GCP database and simple, no-SSL MySQL database. For Azure Database for MySQL - Flexible Server, use serverTimezone=UTC&characterEncoding=UTF-8 allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC&characterEncoding=UTF-8
database.minIdleConnections The default minimum active DB connections to keep per component. 2
database.maxConnections The default maximum active DB connections to use per component. 15
nodeSelector The default node selector to use for all Neptune deployments. This is copied directly into Kubernetes Deployment manifests. {}
tolerations The default selector to use for all Neptune deployments. This is copied directly into Kubernetes Deployment manifests. []
podSecurityContext The default security context added to each Neptune pod.
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsNonRoot: true
metrics.enabled Enables Prometheus scraping annotations on pods. false
extraResources A templated string that can be used to create additional Kubernetes manifests together with this chart. ""
extraValues An arbitrary YAML file with additional values that you can use when rendering custom templates provided through the extraResources option. The Neptune Helm chart uses JSON schema validation to limit and troubleshoot values, but these extra values are not validated. {}
ingress Neptune exposition details. See Exposing Neptune.
experimental Experimental Neptune Helm chart features. This section my change without notice.
init.workspaceName Name of team workspace to create. Relevant only on first installation.
init.administrator.username Neptune administrator username.
init.administrator.usernameSecret.key Neptune administrator username Secret's key name.
init.administrator.usernameSecret.secret Neptune administrator username Secret's name reference.
init.administrator.password Neptune administrator password. This value is not updated after initial installation if the user changes the password in the app.
init.administrator.passwordSecret.key Neptune administrator password Secret's key name.
init.administrator.passwordSecret.secret Neptune administrator password Secret's name reference.

Common component parameters#

The chart consists of multiple deployments of different services combined through an Ingress resource.

Component name Optional Description
keycloak No Authentication service. For details, see the Keycloak documentation.
backend No Authorization service and organizational structure. Manages roles and privileges.
frontend No Static file serving, including HTML, JavaScript and images.
notifications No Notifications and web-socket handling, used in Python client and frontend notifications.
notebookconverter No Python service for comparing notebooks.
leaderboard No Run, metadata and visualization service. All data ingestion is handled here.
kafka Yes Small, single node Kafka with PVC persistence, enabled by default to reduce dependencies.

The following keys are present in all components mentioned above, as their subkeys.

Name Description Default value
image The image name of the container to use. {{ .Values.registry }}/component-image-name
tag The container image tag to use. Leave empty to use the same version as that of the Neptune Helm chart. ""
replicas The amount of pods to spawn per Deployment. The default is not Highly Available. 1
updateStrategy If provided, overrides the top-level updateStrategy key for this component. ""
nodeSelector If provided, overrides the top-level nodeSelector key for this component. {}
tolerations If provided, overrides the top-level tolerations key for this component. []
affinity If provided, copies this key directly into Deployment. {}
port Component specific, main port that the component exposes via its service.
podSecurityContext If provided, overrides the top-level podSecurityContext key for this component. {}
serviceAccountName Name of the service account to use for this Deployment's pods.
terminationGracePeriodSeconds Number of seconds to wait before force-killing containers.
resources.requests.cpu The amount of CPU the component requests for scheduling. For best performance, it should equal the component's limit.
resources.requests.memory The amount of memory the component requests for scheduling. For best performance, should equal the component's limit.
resources.limits.cpu The amount of CPU the component is limited to.
resources.limits.memory The amount of memory the component is limited to. Note: Changing this may require other changes in Java components.
extraEnv A dictionary of ENV_NAME: "value" environment variables to be added to deployment. {}
extraSecretEnv A dictionary of ENV_NAME: <Secret reference> environment variables to be added to the deployment. Example:
component:
extraSecretEnv:
ENV_NAME:
secret: "name_of_the_secret"
key: "name_of_key_in_secret"
{}
extraContainers An array of additional containers to be deployed together with Neptune's containers. Useful for proxy and sidecar containers. []
extraVolumes Additional Kubernetes volume references to be added to Neptune's pods. Useful for providing additional CAs or configs. []
extraVolumeMounts Additional Kubernetes volume mounts to be added to Neptune's container. References one of the extra volumes. []

You can override database settings per component using the same key schema as in the Common parameters section.

Info

Common parameters are not listed if they are not overridden.

Component-specific parameters#

Keycloak#

If using ArgoCD

You can use https://helm.neptune.ai as the Helm repository URL in ArgoCD and the neptune Helm chart.

Due to how ArgoCD handles random secret generation, set the following values for your deployment:

keycloak:
  users:
    instanceAdmin:
      username: admin
      password: admin
    serviceAccount:
      username: neptune
      password: neptune
clients:
  management:
    id: "neptune-management"
    secret: "4b84b477-2e60-474e-89e2-e7fc3f5145f8" # random UUID

For added security, you can provide your own secrets and reference them in the values.

Name Description Default value
keycloak.image See Common component parameters. {{ .Values.registry }}/keycloak
keycloak.port See Common component parameters. 7070
keycloak.resources.requests.cpu See Common component parameters. "0.2"
keycloak.resources.requests.memory See Common component parameters. "1Gi"
keycloak.resources.limits.cpu See Common component parameters. "0.5"
keycloak.resources.limits.memory See Common component parameters. "1536Mi"
keycloak.database.schema Name of database schema for Keycloak's exclusive use. neptune_keycloak
keycloak.users.instanceAdmin Keycloak Master realm superadmin. Leave empty to auto-generate randomly. {}
keycloak.users.serviceAccount Keycloak user with elevated privileges used by Backend to manage Keycloak. Leave empty to auto-generate randomly. {}
keycloak.clients.management Keycloak client to be used by serviceAccount in internal communication. Leave empty to auto-generate randomly. {}

Backend#

Name Description Default value
backend.image See Common component parameters. {{ .Values.registry }}/backend
backend.port See Common component parameters. 8080
backend.adminPort Admin API exposition. 8079
backend.authorizationPort Internal authorization API. Not exposed externally. 8085
backend.resources.requests.cpu See Common component parameters. "0.2"
backend.resources.requests.memory See Common component parameters. "1Gi"
backend.resources.limits.cpu See Common component parameters. "0.5"
backend.resources.limits.memory See Common component parameters. "1536Mi"
backend.database.schema Name of database schema for Backend to use. neptune_instance
backend.hpa.enabled Enables HorizonalPodAutoscaler for Backend. false
backend.hpa.minReplicas When enabled, keep at least this amount of replicas. 2
backend.hpa.maxReplicas When enabled, keep at most this amount of replicas. 3
backend.hpa.targetAverageUtilization When enabled, autoscale based on CPU metric. 80

Frontend#

Name Description Default value
frontend.image See Common component parameters. {{ .Values.registry }}/frontend
frontend.port See Common component parameters. 8080
frontend.resources.requests.cpu See Common component parameters. "0.1"
frontend.resources.requests.memory See Common component parameters. "10Mi"
frontend.resources.limits.cpu See Common component parameters. "0.1"
frontend.resources.limits.memory See Common component parameters. "100Mi"

Notification#

Name Description Default value
notifications.image See Common component parameters. {{ .Values.registry }}/notifications
notifications.port See Common component parameters. 8084
notifications.resources.requests.cpu See Common component parameters. "0.1"
notifications.resources.requests.memory See Common component parameters. "1Gi"
notifications.resources.limits.cpu See Common component parameters. "0.2"
notifications.resources.limits.memory See Common component parameters. "1Gi"
notifications.database.schema Name of database schema for Notifications' exclusive use. neptune_notifications

Notebookconverter#

Name Description Default value
notebookconverter.image See Common component parameters. {{ .Values.registry }}/notebook-converter
notebookconverter.port See Common component parameters. 8080
notebookconverter.resources.requests.cpu See Common component parameters. "0.1"
notebookconverter.resources.requests.memory See Common component parameters. "512Mi"
notebookconverter.resources.limits.cpu See Common component parameters. "0.3"
notebookconverter.resources.limits.memory See Common component parameters. "1Gi"

Leaderboard#

Neptune 2.5 supports Elasticsearch 7.17 and 8.x versions from 8.5.1.

In Elasticsearch 8, HTTPS is enabled by default, so additional configuration might be needed:

neptune.yaml
leaderboard:
  elasticsearch:
    address: "https://elasticsearch-neptune:9200"
    username: "elastic"
    password: "elastic-password"
    clusterName: "elasticsearch"
    insecureSSL: false  # set to 'true' to accept any SSL certificate from ES
    shards: 5
    replicas: 0
    attributes:
      shards: 5
      replicas: 0
Advanced leaderboard function separation

For very large deployments designed to handle hundreds of millions of data points per second, Neptune's Leaderboard can be split into several parts that are responsible for handling different aspects of Neptune's traffic with efficiency and without impacting one another.

For most deployments, however, this separation is neither necessary nor recommended. Contact us to discuss this option.

The exact way Leaderboard is split is subject to change without notice.

Name Description Default value
leaderboard.image See Common component parameters. {{ .Values.registry }}/leaderboard
leaderboard.port See Common component parameters. 8088
leaderboard.resources.requests.cpu See Common component parameters. "0.6"
leaderboard.resources.requests.memory See Common component parameters. "2Gi"
leaderboard.resources.limits.cpu See Common component parameters. "2"
leaderboard.resources.limits.memory See Common component parameters. "4Gi"
leaderboard.database.schemaVersion Experimental. Changing this may irreversibly break your instance. 1
leaderboard.database.main.schema Name of the database schema for Leaderboard's exclusive use. neptune_leaderboard
leaderboard.database.artifacts.schema Name of the database schema for Leaderboard's Artifact features to use. neptune_artifacts
leaderboard.elasticsearch.address (REQUIRED) Full Elasticsearch service address, for example http://elasticsearch-service.elasticsearch:9200 ""
leaderboard.elasticsearch.clusterName The name of the Elasticsearch cluster that Neptune is intended to be used with. The default is usually fine. "elastic"
leaderboard.elasticsearch.insecureSSL If your Elasticsearch uses HTTPS with a self-signed certificate, set this to true to disable certificate validation by Elasticsearch client. false
leaderboard.elasticsearch.shards The amount of Shards for the main index that Neptune uses. Used during the initial installation only. 5
leaderboard.elasticsearch.replicas The amount of Shard Replicas for the main index that Neptune uses. Used during the initial installation only. 0
leaderboard.elasticsearch.attributes.shards The amount of Shards for the attribute index that Neptune uses. Used during the initial installation only. 5
leaderboard.elasticsearch.attributes.replicas The amount of Shard Replicas for the attribute index that Neptune uses. Used during the initial installation only. 0
leaderboard.storage Describes the Object Storage that Neptune will use. This configuration is explained in detail in the Configuring storage section.
leaderboard.hpa.minReplicas When enabled, keep at least this amount of replicas. 1
leaderboard.hpa.maxReplicas When enabled, keep at most this amount of replicas. 3
leaderboard.hpa.targetAverageUtilization When enabled, autoscale based on CPU metric. 80

Kafka#

Caution

When using the Kafka provided by this chart, do not change the replicas amount.

This Kafka deployment is designed to be single-node.

Name Description Default value
kafka.enabled Set to false to use your own Kafka deployment. This requires setting externalAddress. true
kafka.externalConfig A file that can be used as the Kafka config for Java.
kafka.image See Common component parameters. {{ .Values.registry }}/kafka
kafka.tag See Common component parameters. "3.5.1-v4"
kafka.port See Common component parameters. 9092
kafka.resources.requests.cpu See Common component parameters. "0.2"
kafka.resources.requests.memory See Common component parameters. "1536Mi"
kafka.resources.limits.cpu See Common component parameters. "0.3"
kafka.resources.limits.memory See Common component parameters. "1536Mi"
kafka.persistance Set to false to disable persistence. Some Elasticsearch updates may be lost if Kafka restarts. The kafka.storage section is ignored in this case. true
kafka.storage.existingClaim Use already existing PVC instead of provisioning one. If this is set, other settings are ignored. ""
kafka.storage.storageClass Use this StorageClass to provision the PVC. If not given, the default storage class for the target cluster will be used.
kafka.storage.size Set the size of the disk. "50Gi"
kafka.storage.accessMode Set the access mode of provisioned PV/PVC. As Kafka is single-node, the default ReadWriteOnce is sufficient. ReadWriteOnce
kafka.storage.annotations A dictionary of annotations to be added to the provisioned PVC. Some provisioners may require them. {}
kafka.extraEnv See Common component parameters. LOG_RETENTION_HOURS: "24"

Discussions#

Deprecated

Disabled by default and pending removal.

Collab#

Deprecated

Disabled by default and pending removal.

Storage configuration#

For details, see Installation: Storage configuration.

PersistentVolumeClaim#

Name Description Default value
leaderboard.storage.existingClaim Use already existing PVC instead of provisioning one. If this is set, other settings are ignored. ""
leaderboard.storage.storageClass Use this StorageClass to provision the PVC. If not given, the default storage class for the target cluster will be used.
leaderboard.storage.size Set the size of the disk. 1024 Gi
leaderboard.storage.accessMode Set the access mode of provisioned PV/PVC. Using default ReadWriteOnce prevents scaling up of Leaderboard deployment. Use ReadWriteMany if scaling is required. ReadWriteOnce
leaderboard.storage.annotations A dictionary of annotations to be added to the provisioned PVC. Some provisioners may require them. {}

S3 compatible service#

Name Description Default value
leaderboard.storage.s3.bucketName The bucket name to use.
leaderboard.storage.s3.serviceEndpoint The endpoint to use. For GCS, use https://storage.googleapis.com
leaderboard.storage.s3.signingRegion The region of bucket. For GCS, use the project name of the bucket.
leaderboard.storage.s3.accessKeyId The key ID to use when accessing S3 content. Can be empty if your environment supports STS tokens or the VM has proper permissions. Mutually exclusive with the Secret version.
leaderboard.storage.s3.accessKeyIdSecret.key The key of the Secret where accessKeyId is stored.
leaderboard.storage.s3.accessKeyIdSecret.secret The name of the Secret where accessKeyId is stored.
leaderboard.storage.s3.secretAccessKey The access key to use when accessing S3 content. Can be empty if your environment supports STS tokens or the VM has proper permissions. Mutually exclusive with the Secret version.
leaderboard.storage.s3.secretAccessKeySecret.key The key of the Secret where secretAccessKey is stored.
leaderboard.storage.s3.secretAccessKeySecret.secret The name of the Secret where secretAccessKey is stored.
leaderboard.storage.s3.clientThreadPoolSize The number of threads to use when accessing S3 service.

Azure Blob Storage#

Name Description Default value
leaderboard.storage.azureBlob.container The name of the container within the storage account to use.
leaderboard.storage.azureBlob.connectionString The connection string, as in Azure Portal.
leaderboard.storage.azureBlob.clientThreadPoolSize The number of threads to use when access Azure Blob Storage. 200

Post-install/upgrade jobs#

Name Description Default value
config.image See Common component parameters. {{ .Values.registry }}/config
config.resources.requests.cpu See Common component parameters. "0.1"
config.resources.requests.memory See Common component parameters. "10Mi"
config.resources.limits.cpu See Common component parameters. "0.1"
config.resources.limits.memory See Common component parameters. "1Gi"

Experimental Neptune features#

Warning

The features in this section are not considered to be production-ready and may change without notice.

There are currently two experimental features:

  1. Istio support where Gateway and VirtualService are deployed.
  2. Reverse proxy deployment that allows external access via kubectl port-forward.