Neptune Helm chart reference#
This page is a complete listing of configuration parameters for the Neptune Helm chart.
The same options are included in the deployment instructions, but for easier reference, we also provide them separately.
For the full usage instructions, see Custom installation.
Global parameters#
There are no global parameters used by the Neptune Helm chart.
Common parameters#
If using MariaDB
To enable MariaDB, set the following values for your Helm deployment:
Name | Description | Default value |
---|---|---|
registry |
The root location of Neptune's container images. Change if you want to proxy them to your own registry. | eu.gcr.io/neptune-distribution/neptune/onprem |
imagePullPolicy |
One of IfNotPresent , Always , Never . This value is shared among all Neptune containers. |
Always |
imagePullSecrets |
An array of strings pointing to image pull Secrets. | [] |
updateStrategy |
Deployment update strategy. One of RollingUpdate , Recreate . |
RollingUpdate |
service.type |
One of ClusterIp , NodePort Use NodePort when going with AWS ingress annotation ALB. |
ClusterIp |
database.host |
The default database hostname. | |
database.port |
The default database port. | |
database.type |
To use MariaDB, set to mariadb . |
|
database.username |
The default database username. | |
database.usernameSecret.key |
The default Secret's key name to use as database username. | |
database.usernameSecret.secret |
The default Secret's name reference to use as database password. | |
database.password |
Database password. | |
database.passwordSecret.key |
The Secret's key name to use as database username. | |
database.passwordSecret.secret |
The Secret's name reference to use as database password. | |
database.parameters |
The default JDBC connection to use. Depending on your setup, different settings are required. The default value matches a VPC-private GCP database and simple, no-SSL MySQL database. For Azure Database for MySQL - Flexible Server, use serverTimezone=UTC&characterEncoding=UTF-8 |
allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC&characterEncoding=UTF-8 |
database.minIdleConnections |
The default minimum active DB connections to keep per component. | 2 |
database.maxConnections |
The default maximum active DB connections to use per component. | 15 |
nodeSelector |
The default node selector to use for all Neptune deployments. This is copied directly into Kubernetes Deployment manifests. | {} |
tolerations |
The default selector to use for all Neptune deployments. This is copied directly into Kubernetes Deployment manifests. | [] |
podSecurityContext |
The default security context added to each Neptune pod. | runAsUser: 1000 |
metrics.enabled |
Enables Prometheus scraping annotations on pods. | false |
extraResources |
A templated string that can be used to create additional Kubernetes manifests together with this chart. | "" |
extraValues |
An arbitrary YAML file with additional values that you can use when rendering custom templates provided through the extraResources option. The Neptune Helm chart uses JSON schema validation to limit and troubleshoot values, but these extra values are not validated. |
{} |
ingress |
Neptune exposition details. See Exposing Neptune. | |
experimental |
Experimental Neptune Helm chart features. This section my change without notice. | |
init.workspaceName |
Name of team workspace to create. Relevant only on first installation. | |
init.administrator.username |
Neptune administrator username. | |
init.administrator.usernameSecret.key |
Neptune administrator username Secret's key name. | |
init.administrator.usernameSecret.secret |
Neptune administrator username Secret's name reference. | |
init.administrator.password |
Neptune administrator password. This value is not updated after initial installation if the user changes the password in the app. | |
init.administrator.passwordSecret.key |
Neptune administrator password Secret's key name. | |
init.administrator.passwordSecret.secret |
Neptune administrator password Secret's name reference. |
Common component parameters#
The chart consists of multiple deployments of different services combined through an Ingress resource.
Component name | Optional | Description |
---|---|---|
keycloak |
No | Authentication service. For details, see the Keycloak documentation. |
backend |
No | Authorization service and organizational structure. Manages roles and privileges. |
frontend |
No | Static file serving, including HTML, JavaScript and images. |
notifications |
No | Notifications and web-socket handling, used in Python client and frontend notifications. |
notebookconverter |
No | Python service for comparing notebooks. |
leaderboard |
No | Run, metadata and visualization service. All data ingestion is handled here. |
kafka |
Yes | Small, single node Kafka with PVC persistence, enabled by default to reduce dependencies. |
The following keys are present in all components mentioned above, as their subkeys.
Name | Description | Default value |
---|---|---|
image |
The image name of the container to use. | {{ .Values.registry }}/component-image-name |
tag |
The container image tag to use. Leave empty to use the same version as that of the Neptune Helm chart. | "" |
replicas |
The amount of pods to spawn per Deployment. The default is not Highly Available. | 1 |
updateStrategy |
If provided, overrides the top-level updateStrategy key for this component. |
"" |
nodeSelector |
If provided, overrides the top-level nodeSelector key for this component. |
{} |
tolerations |
If provided, overrides the top-level tolerations key for this component. |
[] |
affinity |
If provided, copies this key directly into Deployment. | {} |
port |
Component specific, main port that the component exposes via its service. | |
podSecurityContext |
If provided, overrides the top-level podSecurityContext key for this component. |
{} |
serviceAccountName |
Name of the service account to use for this Deployment's pods. | |
terminationGracePeriodSeconds |
Number of seconds to wait before force-killing containers. | |
resources.requests.cpu |
The amount of CPU the component requests for scheduling. For best performance, it should equal the component's limit. | |
resources.requests.memory |
The amount of memory the component requests for scheduling. For best performance, should equal the component's limit. | |
resources.limits.cpu |
The amount of CPU the component is limited to. | |
resources.limits.memory |
The amount of memory the component is limited to. Note: Changing this may require other changes in Java components. | |
extraEnv |
A dictionary of ENV_NAME: "value" environment variables to be added to deployment. |
{} |
extraSecretEnv |
A dictionary of ENV_NAME: <Secret reference> environment variables to be added to the deployment. Example: component: |
{} |
extraContainers |
An array of additional containers to be deployed together with Neptune's containers. Useful for proxy and sidecar containers. | [] |
extraVolumes |
Additional Kubernetes volume references to be added to Neptune's pods. Useful for providing additional CAs or configs. | [] |
extraVolumeMounts |
Additional Kubernetes volume mounts to be added to Neptune's container. References one of the extra volumes. | [] |
You can override database settings per component using the same key schema as in the Common parameters section.
Info
Common parameters are not listed if they are not overridden.
Component-specific parameters#
Keycloak#
If using ArgoCD
You can use https://helm.neptune.ai
as the Helm repository URL in ArgoCD and the neptune
Helm chart.
Due to how ArgoCD handles random secret generation, set the following values for your deployment:
keycloak:
users:
instanceAdmin:
username: admin
password: admin
serviceAccount:
username: neptune
password: neptune
clients:
management:
id: "neptune-management"
secret: "4b84b477-2e60-474e-89e2-e7fc3f5145f8" # random UUID
For added security, you can provide your own secrets and reference them in the values.
Name | Description | Default value |
---|---|---|
keycloak.image |
See Common component parameters. | {{ .Values.registry }}/keycloak |
keycloak.port |
See Common component parameters. | 7070 |
keycloak.resources.requests.cpu |
See Common component parameters. | "0.2" |
keycloak.resources.requests.memory |
See Common component parameters. | "1Gi" |
keycloak.resources.limits.cpu |
See Common component parameters. | "0.5" |
keycloak.resources.limits.memory |
See Common component parameters. | "1536Mi" |
keycloak.database.schema |
Name of database schema for Keycloak's exclusive use. | neptune_keycloak |
keycloak.users.instanceAdmin |
Keycloak Master realm superadmin. Leave empty to auto-generate randomly. | {} |
keycloak.users.serviceAccount |
Keycloak user with elevated privileges used by Backend to manage Keycloak. Leave empty to auto-generate randomly. | {} |
keycloak.clients.management |
Keycloak client to be used by serviceAccount in internal communication. Leave empty to auto-generate randomly. | {} |
Backend#
Name | Description | Default value |
---|---|---|
backend.image |
See Common component parameters. | {{ .Values.registry }}/backend |
backend.port |
See Common component parameters. | 8080 |
backend.adminPort |
Admin API exposition. | 8079 |
backend.authorizationPort |
Internal authorization API. Not exposed externally. | 8085 |
backend.resources.requests.cpu |
See Common component parameters. | "0.2" |
backend.resources.requests.memory |
See Common component parameters. | "1Gi" |
backend.resources.limits.cpu |
See Common component parameters. | "0.5" |
backend.resources.limits.memory |
See Common component parameters. | "1536Mi" |
backend.database.schema |
Name of database schema for Backend to use. | neptune_instance |
backend.hpa.enabled |
Enables HorizonalPodAutoscaler for Backend. | false |
backend.hpa.minReplicas |
When enabled, keep at least this amount of replicas. | 2 |
backend.hpa.maxReplicas |
When enabled, keep at most this amount of replicas. | 3 |
backend.hpa.targetAverageUtilization |
When enabled, autoscale based on CPU metric. | 80 |
Frontend#
Name | Description | Default value |
---|---|---|
frontend.image |
See Common component parameters. | {{ .Values.registry }}/frontend |
frontend.port |
See Common component parameters. | 8080 |
frontend.resources.requests.cpu |
See Common component parameters. | "0.1" |
frontend.resources.requests.memory |
See Common component parameters. | "10Mi" |
frontend.resources.limits.cpu |
See Common component parameters. | "0.1" |
frontend.resources.limits.memory |
See Common component parameters. | "100Mi" |
Notification#
Name | Description | Default value |
---|---|---|
notifications.image |
See Common component parameters. | {{ .Values.registry }}/notifications |
notifications.port |
See Common component parameters. | 8084 |
notifications.resources.requests.cpu |
See Common component parameters. | "0.1" |
notifications.resources.requests.memory |
See Common component parameters. | "1Gi" |
notifications.resources.limits.cpu |
See Common component parameters. | "0.2" |
notifications.resources.limits.memory |
See Common component parameters. | "1Gi" |
notifications.database.schema |
Name of database schema for Notifications' exclusive use. | neptune_notifications |
Notebookconverter#
Name | Description | Default value |
---|---|---|
notebookconverter.image |
See Common component parameters. | {{ .Values.registry }}/notebook-converter |
notebookconverter.port |
See Common component parameters. | 8080 |
notebookconverter.resources.requests.cpu |
See Common component parameters. | "0.1" |
notebookconverter.resources.requests.memory |
See Common component parameters. | "512Mi" |
notebookconverter.resources.limits.cpu |
See Common component parameters. | "0.3" |
notebookconverter.resources.limits.memory |
See Common component parameters. | "1Gi" |
Leaderboard#
Neptune 2.5
supports Elasticsearch 7.17
and 8.x
versions from 8.5.1
.
In Elasticsearch 8, HTTPS is enabled by default, so additional configuration might be needed:
leaderboard:
elasticsearch:
address: "https://elasticsearch-neptune:9200"
username: "elastic"
password: "elastic-password"
clusterName: "elasticsearch"
insecureSSL: false # set to 'true' to accept any SSL certificate from ES
shards: 5
replicas: 0
attributes:
shards: 5
replicas: 0
Advanced leaderboard function separation
For very large deployments designed to handle hundreds of millions of data points per second, Neptune's Leaderboard can be split into several parts that are responsible for handling different aspects of Neptune's traffic with efficiency and without impacting one another.
For most deployments, however, this separation is neither necessary nor recommended. Contact us to discuss this option.
The exact way Leaderboard is split is subject to change without notice.
Name | Description | Default value |
---|---|---|
leaderboard.image |
See Common component parameters. | {{ .Values.registry }}/leaderboard |
leaderboard.port |
See Common component parameters. | 8088 |
leaderboard.resources.requests.cpu |
See Common component parameters. | "0.6" |
leaderboard.resources.requests.memory |
See Common component parameters. | "2Gi" |
leaderboard.resources.limits.cpu |
See Common component parameters. | "2" |
leaderboard.resources.limits.memory |
See Common component parameters. | "4Gi" |
leaderboard.database.schemaVersion |
Experimental. Changing this may irreversibly break your instance. | 1 |
leaderboard.database.main.schema |
Name of the database schema for Leaderboard's exclusive use. | neptune_leaderboard |
leaderboard.database.artifacts.schema |
Name of the database schema for Leaderboard's Artifact features to use. | neptune_artifacts |
leaderboard.elasticsearch.address |
(REQUIRED) Full Elasticsearch service address, for example http://elasticsearch-service.elasticsearch:9200 |
"" |
leaderboard.elasticsearch.clusterName |
The name of the Elasticsearch cluster that Neptune is intended to be used with. The default is usually fine. | "elastic" |
leaderboard.elasticsearch.insecureSSL |
If your Elasticsearch uses HTTPS with a self-signed certificate, set this to true to disable certificate validation by Elasticsearch client. |
false |
leaderboard.elasticsearch.shards |
The amount of Shards for the main index that Neptune uses. Used during the initial installation only. | 5 |
leaderboard.elasticsearch.replicas |
The amount of Shard Replicas for the main index that Neptune uses. Used during the initial installation only. | 0 |
leaderboard.elasticsearch.attributes.shards |
The amount of Shards for the attribute index that Neptune uses. Used during the initial installation only. | 5 |
leaderboard.elasticsearch.attributes.replicas |
The amount of Shard Replicas for the attribute index that Neptune uses. Used during the initial installation only. | 0 |
leaderboard.storage |
Describes the Object Storage that Neptune will use. This configuration is explained in detail in the Configuring storage section. | |
leaderboard.hpa.minReplicas |
When enabled, keep at least this amount of replicas. | 1 |
leaderboard.hpa.maxReplicas |
When enabled, keep at most this amount of replicas. | 3 |
leaderboard.hpa.targetAverageUtilization |
When enabled, autoscale based on CPU metric. | 80 |
Kafka#
Caution
When using the Kafka provided by this chart, do not change the replicas amount.
This Kafka deployment is designed to be single-node.
Name | Description | Default value |
---|---|---|
kafka.enabled |
Set to false to use your own Kafka deployment. This requires setting externalAddress . |
true |
kafka.externalConfig |
A file that can be used as the Kafka config for Java. | |
kafka.image |
See Common component parameters. | {{ .Values.registry }}/kafka |
kafka.tag |
See Common component parameters. | "3.5.1-v4" |
kafka.port |
See Common component parameters. | 9092 |
kafka.resources.requests.cpu |
See Common component parameters. | "0.2" |
kafka.resources.requests.memory |
See Common component parameters. | "1536Mi" |
kafka.resources.limits.cpu |
See Common component parameters. | "0.3" |
kafka.resources.limits.memory |
See Common component parameters. | "1536Mi" |
kafka.persistance |
Set to false to disable persistence. Some Elasticsearch updates may be lost if Kafka restarts. The kafka.storage section is ignored in this case. |
true |
kafka.storage.existingClaim |
Use already existing PVC instead of provisioning one. If this is set, other settings are ignored. | "" |
kafka.storage.storageClass |
Use this StorageClass to provision the PVC. If not given, the default storage class for the target cluster will be used. | |
kafka.storage.size |
Set the size of the disk. | "50Gi" |
kafka.storage.accessMode |
Set the access mode of provisioned PV/PVC. As Kafka is single-node, the default ReadWriteOnce is sufficient. |
ReadWriteOnce |
kafka.storage.annotations |
A dictionary of annotations to be added to the provisioned PVC. Some provisioners may require them. | {} |
kafka.extraEnv |
See Common component parameters. | LOG_RETENTION_HOURS: "24" |
Discussions#
Deprecated
Disabled by default and pending removal.
Collab#
Deprecated
Disabled by default and pending removal.
Storage configuration#
For details, see Installation: Storage configuration.
PersistentVolumeClaim#
Name | Description | Default value |
---|---|---|
leaderboard.storage.existingClaim |
Use already existing PVC instead of provisioning one. If this is set, other settings are ignored. | "" |
leaderboard.storage.storageClass |
Use this StorageClass to provision the PVC. If not given, the default storage class for the target cluster will be used. | |
leaderboard.storage.size |
Set the size of the disk. | 1024 Gi |
leaderboard.storage.accessMode |
Set the access mode of provisioned PV/PVC. Using default ReadWriteOnce prevents scaling up of Leaderboard deployment. Use ReadWriteMany if scaling is required. |
ReadWriteOnce |
leaderboard.storage.annotations |
A dictionary of annotations to be added to the provisioned PVC. Some provisioners may require them. | {} |
S3 compatible service#
Name | Description | Default value |
---|---|---|
leaderboard.storage.s3.bucketName |
The bucket name to use. | |
leaderboard.storage.s3.serviceEndpoint |
The endpoint to use. For GCS, use https://storage.googleapis.com |
|
leaderboard.storage.s3.signingRegion |
The region of bucket. For GCS, use the project name of the bucket. | |
leaderboard.storage.s3.accessKeyId |
The key ID to use when accessing S3 content. Can be empty if your environment supports STS tokens or the VM has proper permissions. Mutually exclusive with the Secret version. | |
leaderboard.storage.s3.accessKeyIdSecret.key |
The key of the Secret where accessKeyId is stored. | |
leaderboard.storage.s3.accessKeyIdSecret.secret |
The name of the Secret where accessKeyId is stored. | |
leaderboard.storage.s3.secretAccessKey |
The access key to use when accessing S3 content. Can be empty if your environment supports STS tokens or the VM has proper permissions. Mutually exclusive with the Secret version. | |
leaderboard.storage.s3.secretAccessKeySecret.key |
The key of the Secret where secretAccessKey is stored. | |
leaderboard.storage.s3.secretAccessKeySecret.secret |
The name of the Secret where secretAccessKey is stored. | |
leaderboard.storage.s3.clientThreadPoolSize |
The number of threads to use when accessing S3 service. |
Azure Blob Storage#
Name | Description | Default value |
---|---|---|
leaderboard.storage.azureBlob.container |
The name of the container within the storage account to use. | |
leaderboard.storage.azureBlob.connectionString |
The connection string, as in Azure Portal. | |
leaderboard.storage.azureBlob.clientThreadPoolSize |
The number of threads to use when access Azure Blob Storage. | 200 |
Post-install/upgrade jobs#
Name | Description | Default value |
---|---|---|
config.image |
See Common component parameters. | {{ .Values.registry }}/config |
config.resources.requests.cpu |
See Common component parameters. | "0.1" |
config.resources.requests.memory |
See Common component parameters. | "10Mi" |
config.resources.limits.cpu |
See Common component parameters. | "0.1" |
config.resources.limits.memory |
See Common component parameters. | "1Gi" |
Experimental Neptune features#
Warning
The features in this section are not considered to be production-ready and may change without notice.
There are currently two experimental features:
- Istio support where
Gateway
andVirtualService
are deployed. - Reverse proxy deployment that allows external access via
kubectl
port-forward.