values.yaml

config:
  # licenseKey: d564eb9f-a52c-445b-90df-c2676e0111e4
  licenseKeySecretName: my-salsa
  licenseKeySecretKey: license-key
  useInsecureCookies: true
  # Timeout for queries, in ms.
  # dbConnectorTimeout: 120000
  auth:
    # google:
      # clientId:
      # clientSecret:
      # clientSecretSecretName:
      # clientSecretSecretKey:
      domain:
  # encryptionKey: LjU3mEWmZxpjGv4@Db8A
  encryptionKeySecretName: my-salsa
  encryptionKeySecretKey: encryption-key
  # jwtSecret: LjU3mEWmZxpjGv4@Db8A
  jwtSecretSecretName: my-salsa
  jwtSecretSecretKey: jwt-secret

  postgresql:
    host: host.docker.internal
    port: 5432
    db: example_db
    user: example_user
    # password: example_password
    ssl_enabled: false
    passwordSecretName: my-salsa
    passwordSecretKey: pg-password

image:
  repository: 'tryretool/backend'
  # You need to pick a specific tag here, this chart will not make a decision for you
  tag: '3.16.14'
  pullPolicy: 'IfNotPresent'

commandline:
  args: []

env:
  # POSTGRES_PASSWORD: example_password

dbconnector:
  java:
    enabled: false


# Optionally specify additional environment variables to be populated from Kubernetes secrets.
# Useful for passing in SCIM_AUTH_TOKEN or other secret environment variables from Kubernetes secrets.
environmentSecrets:
  []
  # - name: SCIM_AUTH_TOKEN
  #   secretKeyRef:
  #     name: retool-scim-auth-token
  #     key: auth-token
  # - name: GITHUB_APP_PRIVATE_KEY
  #   secretKeyRef:
  #     name: retool-github-app-private-key
  #     key: private-key

# Optionally specify environmental variables. Useful for variables that are not key-value, as env: {} above requires.
# Can also include environment secrets here instead of in environmentSecrets
environmentVariables:
  []
  #   - name: SCIM_AUTH_TOKEN
  #     valueFrom:
  #       secretKeyRef:
  #         name: retool-scim-auth-token
  #         key: auth-token
  #   - name: GITHUB_APP_PRIVATE_KEY
  #     valueFrom:
  #       secretKeyRef:
  #         name: retool-github-app-private-key
  #         key: private-key
  #   - name: POD_HOST_IP
  #     valueFrom:
  #       fieldRef:
  #         fieldPath: status.hostIP

# Enables support for the legacy external secrets (enabled) and the modern External Secrets Operator (externalSecretsOperator.enabled).
# These are mutually exclusive as both enable reading in environments variables via External Secrets.
externalSecrets:
  # Support for legacy external secrets, note this is deprecated in favour of External Secrets Operator: https://github.com/godaddy/kubernetes-external-secrets
  # This mode only allows a single secret name to be provided.
  enabled: false
  name: retool-config
  # Array of secrets to be use as env variables. (Optional)
  secrets:
    []
    # - name: retool-config
    # - name: retool-db
  # Support for External Secrets Operator: https://github.com/external-secrets/external-secrets
  externalSecretsOperator:
    enabled: false
    # External Secrets Operator Backend Types: https://github.com/external-secrets/external-secrets#supported-backends
    # Default set to AWS Secrets Manager.
    backendType: secretsManager
    # Array of name/path key/value pairs to use for the External Secrets Objects.
    secretRef:
      []
      # - name: retool-config
      #   path: global-retool-config
      # - name: retool-db
      #   path: global-retool-db-config

files: {}

deployment:
  annotations: {}

service:
  type: NodePort
  selector: {}
  annotations: {}
  labels: {}
  ports:
    - port: 3000
    - nodePort: 30007

ingress:
  enabled: false
  # For k8s 1.18+
  ingressClassName: some-ingress
  labels: {}
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  # hosts:
  # - host: localhost
  # paths:
  # - path: /
  # pathType: ImplementationSpecific
  # tls:
  # - secretName: retool.example.com
  #   hosts:
  #     - retool.example.com
  # servicePort: service-port

postgresql:
  # We highly recommend you do NOT use this subchart as is to run Postgres in a container
  # for your production instance of Retool; it is a default. Please use a managed Postgres,
  # or self-host more permanantly. Use enabled: false and set in config above to do so.
  enabled: false
  diagnosticMode:
    enabled: true
  ssl_enabled: false
  auth:
    # existingSecret: postgresql-password
    database: hammerhead_production
    username: postgres
    password: retool
    # IMPORTANT: When setting username to `postgres` a random password will be generated unless the postgresPassword field is uncommented
    postgresPassword: retool
  service:
    port: 5432
  # Use the offical docker image rather than bitnami/docker
  # since Retool depends on the uuid-ossp extension
  image:
    repository: 'postgres'
    tag: '13'
  postgresqlDataDir: '/data/pgdata'
  primary:
    volumePermissions:
      enabled: true
    persistence:
      enabled: true
      mountPath: '/data/pgdata'

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  # If set and create is false, the service account must be existing
  name:
  annotations: {}

livenessProbe:
  enabled: false
  path: /api/checkHealth
  initialDelaySeconds: 120
  timeoutSeconds: 10
  failureThreshold: 3

readinessProbe:
  enabled: false
  path: /api/checkHealth
  initialDelaySeconds: 120
  timeoutSeconds: 10
  periodSeconds: 10
  successThreshold: 5

# To avoid increasing livenessProbe initialDelaySeconds the good practice is to use a startupProbe.
startupProbe:
  enabled: false
  path: /api/checkHealth
  initialDelaySeconds: 80
  timeoutSeconds: 10
  periodSeconds: 10
  successThreshold: 1

extraContainers: []

extraVolumeMounts: []

extraVolumes: []

resources:
  # If you have more than 1 replica, the minimum recommended resources configuration is as follows:
  # - cpu: 2048m
  # - memory: 4096Mi
  # If you only have 1 replica, please double the above numbers.
  limits:
    cpu: 2000m
    memory: 4000Mi
  requests:
    cpu: 1024m
    memory: 2048Mi

priorityClassName: ''

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: 'app.kubernetes.io/name'
                operator: In
                values:
                  - retool
          topologyKey: 'kubernetes.io/hostname'

# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []

# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

# Common annotations for all pods (backend and job runner).
podAnnotations:
  # rollme: '{{ randAlphaNum 5 | quote }}'

# Increasing replica count will deploy a separate pod for backend and jobs
# Example: with 3 replicas, you will end up with 3 backends + 1 jobs pod
replicaCount: 1
revisionHistoryLimit: 3

# Optional pod disruption budget, for ensuring higher availability of the
# Retool application.  Specify either minAvailable or maxUnavailable, as
# either an integer pod count (1) or a string percentage ("50%").
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
#
# Example:
# podDisruptionBudget:
#   maxUnavailable: 1

# Common labels for all pods (backend and job runner) for pod assignment
podLabels: {}

jobRunner:
  # Annotations for job runner pods
  annotations: {}

  # Labels for job runner pods
  labels: {}

backend:
  # Annotations for backendpods
  annotations: {}

  # Labels for backend pods
  labels: {}

workflows:
  # enabled by default from Chart version 6.0.2 and Retool image 3.6.11 onwards
  # explicitly set other fields as needed

  enabled: false
  # A replicaCount of 1 will launch 6 pods -- 1 workflow backend, 1 workflow worker, and 4 pods that make up the executor temporal cluster
  # Scaling this number will increase the number of workflow workers, e.g. a replicaCount of 4
  # will launch 9 pods -- 1 workflow backend, 4 workflow workers, and 4 for temporal cluster

  # ADVANCED: The temporal cluster can be scaled separately in the subchart (charts/retool-temporal-services-helm/values.yaml)
  # If your needs require scaling temporal, reach out to us for guidance -- it is likely the bottleneck is DB or worker replicaCount
  replicaCount: 1

  # Timeout for queries, in ms. This will set the timeout for workflows-related pods only
  # If this value is not set but config.dbConnectorTimeout is, we will set workflows pod timeouts
  # to .Values.config.dbConnectorTimeout
  # dbConnectorTimeout: 120000

  # Annotations for workflows worker pods
  annotations: {}

  # Labels for workflows worker pods
  labels: {}

  # IMPORTANT: Incompatible with retool-temporal-services-helm subchart
  # This allows configuring a Retool Workflows deployment that uses your own Temporal cluster
  # instead of deploying a new one. Set enabled to true and add the config variables.
  # NOTE: Temporal Frontend with required TLS or mTLS not currently supported
  temporal:
    # set enabled to true if using a pre-existing temporal cluster
    enabled: false
    # discoverable service name for the temporal frontend service
    # host:
    # discoverable service port for the temporal frontend service
    # port:
    # temporal namespace to use for Temporal Workflows related to Retool
    # namespace:
    # whether to use TLS/SSL when connecting to Temporal
    # sslEnabled: false
    # base64 encoded string of TLS/SSL client certificate to use for mTLS
    # sslCert:
    # base64 encoded string of TLS/SSL client certificate secret key to use for mTLS
    # sslKey:
    # recommended alternative to sslKey. Name and key of k8s secret containing base64 encoded sslKey
    # sslKeySecretName:
    # sslKeySecretKey

  # Config for workflows worker pods. Node heap size limits can be overridden here
  # otelCollector can be set to an OpenTelemetry Collector in your k8s cluster. This will configure Temporal metrics collection which
  # provides observability into Workflows worker performance, particularly useful in high QPS use-cases
  # environmentVariables will only be set on the workflows worker
  # only change the CONCURRENT_*_LIMIT values if you have higher load usecases and deploy
  # code_executor. Otherwise, the worker may OOM if the Workflows blocks use too much memory.
  config: {}
  # config: {
  #   nodeOptions: --max_old_space_size=1024
  #   otelCollector: {
  #     enabled: true
  #     endpoint: http://$(HOST_IP):4317
  #   }
  #   environmentVariables: []
  #   - name: WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT
  #     value: "100"
  #   - name: WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT
  #     value: "100"
  # }

  # Resources for the workflow worker - these are sane inputs that bias towards stability
  # Can adjust but may see OOM errors if memory too low for heavy workflow load
  resources:
    limits:
      cpu: 2000m
      memory: 5000Mi
    requests:
      cpu: 1000m
      memory: 2048Mi

codeExecutor:
  # Enable this for Python support and running code more securely within a separate
  # sandboxed environment
  enabled: false

  replicaCount: 1

  # Annotations for code executor pods
  annotations: {}

  # Labels for code executor pods
  labels: {}

  # Config for code executor. Node heap size limits can be overridden here
  config: {}
  # config: {
  #   nodeOptions: --max_old_space_size=1024
  # }

  # Resources for the code executor. Most common issues will be seen with CPU usage as this will
  # most likely be CPU bound. Adjust the CPU if latency increases under load.
  resources:
    limits:
      cpu: 2000m
      memory: 2048Mi
    requests:
      cpu: 1000m
      memory: 1024Mi

  image:
    repository: tryretool/code-executor-service
    tag:
    pullPolicy: IfNotPresent

retool-temporal-services-helm:
  # Enable to spin up a new Temporal Cluster alongside Retool
  enabled: false
  server:
    # Defines image to be used for temporal server
    image:
      repository: tryretool/one-offs
      tag: retool-temporal-1.1.3
      pullPolicy: IfNotPresent
    # this configures grpc_health_probe (https://github.com/grpc-ecosystem/grpc-health-probe)
    # for healthchecks instead of native k8s.
    # Set this to true if deploying in a k8s cluster on version <1.24
    useLegacyHealthProbe: false
    config:
      # the below values specify the database for temporal internals and workflow state
      # both can point to the same db, and even the same as retool main above, although throughput
      # will be limited. We strongly suggest using two total DBs: one for retool-main and one
      # for default and visibility below
      persistence:
        default:
          sql:
            # host:
            # port:
            # the dbname used for temporal
            # database: temporal
            # user:
            # password:
            # existingSecret is the name of the secret where password is stored
            # existingSecret:
            # secretKey is the key in the k8s secret
            # secretKey:
            # options for SSL connections to database
            # tls:
            #   enabled: true
            #   сaFile:
            #   certFile:
            #   keyFile:
            #   enableHostVerification: false
            #   serverName:
        visibility:
          sql:
            # host:
            # port:
            # the dbname used for temporal visibility
            # database: temporal_visibility
            # user:
            # password:
            # existingSecret is the name of the secret where password is stored
            # existingSecret:
            # secretKey is the key in the k8s secret
            # secretKey:
            # options for SSL connections to database
            # tls:
            #   enabled: true
            #   сaFile:
            #   certFile:
            #   keyFile:
            #   enableHostVerification: false
            #   serverName:

      # use-cases with very high throughput demands (>10k workflow blocks/sec) can modify
      # below value to be higher, such as 512 or 1024
      numHistoryShards: 128

    # define resources for each temporal service -- these are sane starting points that allow
    # for scaling to ~3 workflow workers without hitting bottlenecks
    resources:
      limits:
        cpu: 500m
        memory: 1024Mi
      requests:
        cpu: 100m
        memory: 128Mi
    # example of setting service-specific resources, here we increase memory limit for history server
    history:
      resources:
        limits:
          cpu: 500m
          memory: 2Gi
        requests:
          cpu: 100m
          memory: 128Mi

  # Set environment variables for temporal pods, e.g. skipping DB creation step at startup
  # environmentVariables:
  #   - name: SKIP_DB_CREATE
  #     value: "true"

  # Setting this value to true will spin up the temporal web UI, admintools,
  # along with prometheus and grafana clusters for debugging performance
  # TODO: define this in _helpers.tpl
  # visibilityDebugMode: false
  # DEBUGGING: below pods can be used for debugging and watching metrics
  # launches prometheus pods and listeners on temporal services and worker
  prometheus:
    enabled: false
  # launches a grafana pod with helpful workflows executor metrics and graphs
  grafana:
    enabled: false
  # launches the temporal web UI, which allows you to see which workflows are currently running
  web:
    enabled: false
  # launches the temporal admintools pod, which allows you to manage your cluster, e.g. terminate workflows
  admintools:
    enabled: false
persistentVolumeClaim:
  # set to true to use pvc
  enabled: false
  # set to the name of the existing pvc
  existingClaim: ''
  annotations: {}
  accessModes:
    - ReadWriteOnce
  size: '15Gi'
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass: ''
  mountPath: /retool_backend/pv-data

# default security context
securityContext:
  enabled: false
  allowPrivilegeEscalation: false
  runAsUser: 1000
  fsGroup: 2000

extraConfigMapMounts: []

initContainers: {}

extraManifests: []
# extraManifests:
#  - apiVersion: cloud.google.com/v1beta1
#    kind: BackendConfig
#    metadata:
#      name: "{{ .Release.Name }}-testing"
#    spec:
#      securityPolicy:
#        name: "my-gcp-cloud-armor-policy"

# Support for AWS Security groups for pods
# Ref: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
securityGroupPolicy:
  enabled: false
  groupIds: []

hostAliases: {}
# Support hostAliases on the backend deployment
# hostAliases:
#   - ip: 1.1.1.1
#     hostnames:
#     - test.com
#     - anothertest.com