Default Pod Settings
This page describes how to configure the default settings for pods spawned by the operator.
There are multiple ways to configure the pods in the kannika Helm chart:
-
operator.config.pod: These settings apply to all Pods spawned by the operator. -
config.backup.pod: These settings apply to all Backup Pods. -
config.restore.pod: These settings apply to all Restore Pods. -
config.schemaRegistryBackup.pod: These settings apply to all SchemaRegistryBackup Pods.
To specify settings for individual pods, check the Backup Pod, Restore Pod and SchemaRegistryBackup Pod pages.
Default Resource Requirements
To set the default resource requirements for all pods spawned by the operator,
override the operator.config.pod.resources object in the kannika Helm chart:
operator: config: pod: resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m"To set the default resource requirements for Backup Pods,
override the operator.config.backup.pod.resources object:
operator: config: backup: pod: resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m"To set the default resource requirements for Restore Pods,
override the operator.config.restore.pod.resources object:
operator: config: restore: pod: resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m"To set the default resource requirements for SchemaRegistryBackup Pods,
override the operator.config.schemaRegistryBackup.pod.resources object:
operator: config: schemaRegistryBackup: pod: resources: requests: memory: "64Mi" cpu: "100m" limits: memory: "1Gi" cpu: "1000m"Default Service Account Name
To set the default service account used by pods spawned by the operator,
override the operator.config.pod.serviceAccountName value in the kannika Helm chart.
operator: config: pod: serviceAccountName: "global-service-account"To set the default service account used by Backup Pods,
override operator.config.backup.pod.serviceAccountName:
operator: config: backup: pod: serviceAccountName: "backup-service-account"To set the default service account used by Restore Pods,
override operator.config.restore.pod.serviceAccountName:
operator: config: restore: pod: serviceAccountName: "restore-service-account"To set the default service account used by SchemaRegistryBackup Pods,
override operator.config.schemaRegistryBackup.pod.serviceAccountName:
operator: config: schemaRegistryBackup: pod: serviceAccountName: "restore-service-account"Default Image Pull Secrets
Normally, image pull secrets are defined using the root imagePullSecrets or global.imagePullSecrets field in the Helm charts,
as documented in the Private image registry support section.
However,
if you wish to set different image pull secrets for pods spawned by the operator,
it is possible to override the operator.config.pod.imagePullSecrets value in the kannika Helm chart.
operator: config: pod: imagePullSecrets: - name: my-secretTo set the default image pull secrets used by Backup Pods,
override operator.config.backup.pod.imagePullSecrets:
operator: config: backup: pod: imagePullSecrets: - name: my-secretTo set the default image pull secrets used by Restore Pods,
override operator.config.restore.pod.imagePullSecrets:
operator: config: restore: pod: imagePullSecrets: - name: my-secretTo set the default image pull secrets used by SchemaRegistryBackup Pods,
override operator.config.schemaRegistryBackup.pod.imagePullSecrets:
operator: config: schemaRegistryBackup: pod: imagePullSecrets: - name: my-secretDefault Pod Security Context
To set the default
security context
for pods spawned by the operator,
override the operator.config.pod.securityContext object in the kannika Helm chart.
Example:
operator: config: pod: securityContext: runAsUser: 1000To set the default security context for Backup Pods,
override operator.config.backup.pod.securityContext:
operator: config: backup: pod: securityContext: runAsUser: 1000To set the default security context for Restore Pods,
override operator.config.restore.pod.securityContext:
operator: config: restore: pod: securityContext: runAsUser: 1000To set the default security context for SchemaRegistryBackup Pods,
override operator.config.schemaRegistryBackup.pod.securityContext:
operator: config: schemaRegistryBackup: pod: securityContext: runAsUser: 1000Container Security Context
To set the default security context for containers spawned by the operator,
override the operator.config.pod.container.securityContext object in the kannika Helm chart.
operator: config: pod: container: securityContext: runAsUser: 1000To set the default security context for backup containers,
override operator.config.backup.pod.container.securityContext:
operator: config: backup: pod: container: securityContext: runAsUser: 1000To set the default security context for restore containers,
override operator.config.restore.pod.container.securityContext:
operator: config: restore: pod: container: securityContext: runAsUser: 1000To set the default security context for SchemaRegistryBackup Containers,
override operator.config.schemaRegistryBackup.pod.container.securityContext:
operator: config: schemaRegistryBackup: pod: container: securityContext: runAsUser: 1000Default Tolerations
To set the default
tolerations
for pods spawned by the operator,
override the operator.config.pod.tolerations array in the kannika Helm chart.
operator: config: pod: tolerations: - key: "key" operator: "Equal" value: "value" effect: "NoSchedule"To set the default tolerations for Backup Pods,
override operator.config.backup.pod.tolerations:
operator: config: backup: pod: tolerations: - key: "key" operator: "Equal" value: "value" effect: "NoSchedule"To set the default tolerations for Restore Pods,
override operator.config.restore.pod.tolerations:
operator: config: restore: pod: tolerations: - key: "key" operator: "Equal" value: "value" effect: "NoSchedule"To set the default tolerations for SchemaRegistryBackup Pods,
override operator.config.schemaRegistryBackup.pod.tolerations:
operator: config: schemaRegistryBackup: pod: tolerations: - key: "key" operator: "Equal" value: "value" effect: "NoSchedule"Default Affinity
To set the default
affinity
for pods spawned by the operator,
override the operator.config.pod.affinity object in the kannika Helm chart.
Example:
operator: config: pod: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - antarctica-east1 - antarctica-west1To set the default affinity for Backup Pods,
override operator.config.backup.pod.affinity:
operator: config: backup: pod:10 collapsed lines
affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - antarctica-east1 - antarctica-west1To set the default affinity for Restore Pods,
override operator.config.restore.pod.affinity:
operator: config: restore: pod:10 collapsed lines
affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - antarctica-east1 - antarctica-west1To set the default affinity for SchemaRegistryBackup Pods,
override operator.config.schemaRegistryBackup.pod.affinity:
operator: config: schemaRegistryBackup: pod:10 collapsed lines
affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - antarctica-east1 - antarctica-west1Default Node Selector
To set the default
node selector
for pods spawned by the operator,
override the operator.config.pod.nodeSelector object in the kannika Helm chart.
operator: config: pod: nodeSelector: location: the-moonTo set the default node selector for Backup Pods,
override config.backup.pod.nodeSelector:
operator: config: backup: pod: nodeSelector: location: the-moonTo set the default node selector for Restore Pods,
override operator.config.restore.pod.nodeSelector:
operator: config: restore: pod: nodeSelector: location: the-moonTo set the default node selector for Schema Registry Backup Pods,
override operator.config.schemaRegistryBackup.pod.nodeSelector:
operator: config: schemaRegistryBackup: pod: nodeSelector: location: the-moonProbes
It is possible to override the default
probes
for backup and restore containers.
By default,
only readiness and liveness probes are configured for the backup and restore containers,
which checks the /metrics path on port 9000 (the metrics port).
operator: config: backup: pod: container: livenessProbe: initialDelaySeconds: 1 periodSeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 httpGet: path: /metrics port: 9000 # readinessProbe: ... # startupProbe: ...
restore: pod: container: livenessProbe: initialDelaySeconds: 1 periodSeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 httpGet: path: /metrics port: 9000 # readinessProbe: ... # startupProbe: ...