charts/prefect-server/values.yaml

## Common parameters
# -- partially overrides common.names.name
nameOverride: ""
# -- fully override common.names.fullname
fullnameOverride: "prefect-server"
# -- fully override common.names.namespace
namespaceOverride: ""
# -- labels to add to all deployed objects
commonLabels: {}
# -- annotations to add to all deployed objects
commonAnnotations: {}

## Global Deployment Configuration
global:
  prefect:
    image:
      # -- prefect image repository
      repository: prefecthq/prefect
      ## prefect tag is pinned to the latest available image tag at packaging time.  Update the value here to
      ## override pinned tag
      # -- prefect image tag (immutable tags are recommended)
      prefectTag: 3-latest
      # -- prefect image pull policy
      pullPolicy: IfNotPresent
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ## e.g:
      ## pullSecrets:
      ##   - myRegistryKeySecretName
      # -- prefect image pull secrets
      pullSecrets: []

    # -- sets PREFECT_API_URL
    prefectApiUrl: http://localhost:4200/api

    # -- sets PREFECT_SERVER_API_HOST
    prefectApiHost: 0.0.0.0

    # see here for a full list of possible environment variables - https://docs.prefect.io/latest/api-ref/prefect/settings/
    # -- array with environment variables to add to all deployments
    env: []
    ## env:
    ##   - name: PREFECT_API_ENABLE_HTTP2
    ##     value: false

## Server Deployment Configuration
server:
  # ref: https://docs.prefect.io/v3/develop/settings-and-profiles#security-settings
  basicAuth:
    # -- enable basic auth for the server, for an administrator/password combination
    enabled: false
    # -- basic auth credentials in the format admin:<your-password> (no brackets)
    authString: "admin:pass"
    # -- name of existing secret containing basic auth credentials. takes precedence over authString. must contain a key `auth-string` with the value of the auth string
    existingSecret: ""

  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
  # -- priority class name to use for the server pods; if the priority class is empty or doesn't exist, the server pods are scheduled without a priority class
  priorityClassName: ""

  # -- enable server debug mode
  debug: false

  # sets PREFECT_LOGGING_SERVER_LEVEL
  loggingLevel: WARNING

  ## If you want to run the UI seperately from the server, you will need to set the UI-specific URLs below
  uiConfig:
    # -- set PREFECT_UI_ENABLED; enable the UI on the server
    enabled: true
    # -- sets PREFECT_UI_API_URL
    prefectUiApiUrl: ""
    # -- sets PREFECT_UI_URL
    prefectUiUrl: ""
    # -- sets PREFECT_UI_STATIC_DIRECTORY
    prefectUiStaticDirectory: "/ui_build"

  # see here for a full list of possible environment variables - https://docs.prefect.io/latest/api-ref/prefect/settings/
  # -- array with environment variables to add to server deployment
  env: []
  ## env:
  ##   - name: PREFECT_API_ENABLE_HTTP2
  ##     value: false

  # -- the number of old ReplicaSets to retain to allow rollback
  revisionHistoryLimit: 10

  # Autoscaling configuration
  # requests MUST be specified if using an HPA, otherwise the HPA will not know when to trigger a scale event
  autoscaling:
    # -- enable autoscaling for server
    enabled: false
    # -- minimum number of server replicas
    minReplicas: 1
    # -- maximum number of server replicas
    maxReplicas: 100
    # -- target CPU utilization percentage
    targetCPU: 80
    # -- target Memory utilization percentage
    targetMemory: 80

  # -- number of server replicas to deploy
  replicaCount: 1

  # requests MUST be specified if using an HPA, otherwise the HPA will not know when to trigger a scale event
  resources:
    # -- the requested resources for the server container
    requests:
      cpu: 500m
      memory: 512Mi
    # -- the requested limits for the server container
    limits:
      cpu: "1"
      memory: 1Gi

  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  livenessProbe:
    enabled: false
    config:
      # -- The number of seconds to wait before starting the first probe.
      initialDelaySeconds: 10
      # -- The number of seconds to wait between consecutive probes.
      periodSeconds: 10
      # -- The number of seconds to wait for a probe response before considering it as failed.
      timeoutSeconds: 5
      # -- The number of consecutive failures allowed before considering the probe as failed.
      failureThreshold: 3
      # -- The minimum consecutive successes required to consider the probe successful.
      successThreshold: 1
  readinessProbe:
    enabled: false
    config:
      # -- The number of seconds to wait before starting the first probe.
      initialDelaySeconds: 10
      # -- The number of seconds to wait between consecutive probes.
      periodSeconds: 10
      # -- The number of seconds to wait for a probe response before considering it as failed.
      timeoutSeconds: 5
      # -- The number of consecutive failures allowed before considering the probe as failed.
      failureThreshold: 3
      # -- The minimum consecutive successes required to consider the probe successful.
      successThreshold: 1

  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  podSecurityContext:
    # -- set server pod's security context runAsUser
    runAsUser: 1001
    # -- set server pod's security context runAsNonRoot
    runAsNonRoot: true
    # -- set server pod's security context fsGroup
    fsGroup: 1001
    # -- set server pod's seccomp profile
    seccompProfile:
      type: RuntimeDefault
      # -- in case of Localhost value in seccompProfile.type, set seccompProfile.localhostProfile value below
      # localhostProfile: /my-path.json

  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  containerSecurityContext:
    # -- set server containers' security context runAsUser
    runAsUser: 1001
    # -- set server containers' security context runAsNonRoot
    runAsNonRoot: true
    # -- set server containers' security context readOnlyRootFilesystem
    readOnlyRootFilesystem: true
    # -- set server containers' security context allowPrivilegeEscalation
    allowPrivilegeEscalation: false
    # -- set server container's security context capabilities
    capabilities: {}

  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  # -- extra labels for server pod
  podLabels: {}

  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  # -- extra annotations for server pod
  podAnnotations: {}

  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  # -- affinity for server pods assignment
  affinity: {}

  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  # -- node labels for server pods assignment
  nodeSelector: {}

  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  # -- tolerations for server pods assignment
  tolerations: []

  # -- name of existing ConfigMap containing extra env vars to add to server nodes
  extraEnvVarsCM: ""

  # -- name of existing Secret containing extra env vars to add to server nodes
  extraEnvVarsSecret: ""

  # -- additional sidecar containers
  extraContainers: []

  # -- array with extra volumes for the server pod
  extraVolumes: []

  # -- array with extra volumeMounts for the server pod
  extraVolumeMounts: []

  # -- array with extra Arguments for the server container to start with
  extraArgs: []

## Background Services Deployment Configuration
backgroundServices:
  # https://github.com/PrefectHQ/prefect/tree/main/src/prefect/server/services
  # This can help with:
  # - Separate scaling of web server and background services
  # - Independent connection pools for better database management
  # - More granular monitoring and resource control
  # - Run background services (like scheduling) in a separate deployment.
  runAsSeparateDeployment: false

  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
  # -- priority class name to use for the background-services pods; if the priority class is empty or doesn't exist, the background-services pods are scheduled without a priority class
  priorityClassName: ""

  # -- enable background-services debug mode
  debug: false

  # sets PREFECT_LOGGING_SERVER_LEVEL
  loggingLevel: WARNING

  # see here for a full list of possible environment variables - https://docs.prefect.io/latest/api-ref/prefect/settings/
  # -- array with environment variables to add to background-services container
  env: []
  ## env:
  ##   - name: PREFECT_API_ENABLE_HTTP2
  ##     value: false

  # -- the number of old ReplicaSets to retain to allow rollback
  revisionHistoryLimit: 10

  resources:
    # -- the requested resources for the background-services container
    requests:
      cpu: 500m
      memory: 512Mi
    # -- the requested limits for the background-services container
    limits:
      cpu: "1"
      memory: 1Gi

  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  livenessProbe:
    enabled: false
    config:
      # -- The number of seconds to wait before starting the first probe.
      initialDelaySeconds: 10
      # -- The number of seconds to wait between consecutive probes.
      periodSeconds: 10
      # -- The number of seconds to wait for a probe response before considering it as failed.
      timeoutSeconds: 5
      # -- The number of consecutive failures allowed before considering the probe as failed.
      failureThreshold: 3
      # -- The minimum consecutive successes required to consider the probe successful.
      successThreshold: 1
  readinessProbe:
    enabled: false
    config:
      # -- The number of seconds to wait before starting the first probe.
      initialDelaySeconds: 10
      # -- The number of seconds to wait between consecutive probes.
      periodSeconds: 10
      # -- The number of seconds to wait for a probe response before considering it as failed.
      timeoutSeconds: 5
      # -- The number of consecutive failures allowed before considering the probe as failed.
      failureThreshold: 3
      # -- The minimum consecutive successes required to consider the probe successful.
      successThreshold: 1

  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  podSecurityContext:
    # -- set background-services pod's security context runAsUser
    runAsUser: 1001
    # -- set background-services pod's security context runAsNonRoot
    runAsNonRoot: true
    # -- set background-services pod's security context fsGroup
    fsGroup: 1001

  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  containerSecurityContext:
    # -- set background-services containers' security context runAsUser
    runAsUser: 1001
    # -- set background-services containers' security context runAsNonRoot
    runAsNonRoot: true
    # -- set background-services containers' security context readOnlyRootFilesystem
    readOnlyRootFilesystem: true
    # -- set background-services containers' security context allowPrivilegeEscalation
    allowPrivilegeEscalation: false
    # -- set background-services container's security context capabilities
    capabilities: {}

  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  # -- extra labels for background-services pod
  podLabels: {}

  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  # -- extra annotations for background-services pod
  podAnnotations: {}

  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  # -- affinity for background-services pod assignment
  affinity: {}

  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  # -- node labels for background-services pod assignment
  nodeSelector: {}

  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  # -- tolerations for background-services pod assignment
  tolerations: []

  # -- name of existing ConfigMap containing extra env vars to add to background-services pod
  extraEnvVarsCM: ""

  # -- name of existing Secret containing extra env vars to add to background-services pod
  extraEnvVarsSecret: ""

  # -- additional sidecar containers
  extraContainers: []

  # -- array with extra volumes for the background-services pod
  extraVolumes: []

  # -- array with extra volumeMounts for the background-services pod
  extraVolumeMounts: []

  ## Background Services Service Account configuration
  serviceAccount:
    # -- specifies whether a service account should be created
    create: true
    # -- the name of the service account to use. if not set and create is true, a name is generated using the common.names.fullname template with "-background-services" appended
    name: ""
    # -- additional service account annotations (evaluated as a template)
    annotations: {}

## Server Service Account configuration
serviceAccount:
  # -- specifies whether a service account should be created
  create: true
  # -- the name of the service account to use. if not set and create is true, a name is generated using the common.names.fullname template
  name: ""
  # -- additional service account annotations (evaluated as a template)
  annotations: {}

## Service configuration
service:
  # -- service port
  port: 4200
  # -- target port of the server pod; also sets PREFECT_SERVER_API_PORT
  targetPort: 4200
  # -- service port if defining service as type nodeport
  nodePort: ""

  extraPorts: []
    # # example extra ports
    # - name: sample-svc-port
    #   # -- service port
    #   port: 8080
    #   # -- target port
    #   targetPort: 8080
    #   # -- service port if defining service as type nodeport
    #   nodePort: ""

  # -- service type
  type: ClusterIP
  # -- service Cluster IP
  clusterIP: ""


  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  # -- service external traffic policy
  externalTrafficPolicy: Cluster
  ## -- additional custom annotations for server service
  annotations: {}

# Ingress configuration
ingress:
  # -- enable ingress record generation for server
  enabled: false

  # -- port for the ingress' main path
  servicePort: server-svc-port

  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  # -- IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
  className: ""
  host:
    # -- default host for the ingress record
    hostname: prefect.local
    # -- default path for the ingress record
    path: /
    # -- ingress path type
    pathType: ImplementationSpecific

  ## Use this parameter to set the required annotations for cert-manager, see
  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
  # -- additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  annotations: {}
  ## annotations:
  ##   kubernetes.io/ingress.class: nginx
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name

  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.host.hostname }}`
  ## You can:
  ##   - Create this secret manually within your cluster
  ##   - Rely on cert-manager to create it by setting the corresponding annotations
  ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
  # -- enable TLS configuration for the host defined at `ingress.host.hostname` parameter
  tls: false
  # -- create a TLS secret for this ingress record using self-signed certificates generated by Helm
  selfSigned: false

  # -- an array with additional hostname(s) to be covered with the ingress record
  extraHosts: []
  ## extraHosts:
  ##   - name: server.local
  ##     path: /

  # -- an array with additional arbitrary paths that may need to be added to the ingress under the main host
  extraPaths: []
  ## extraPaths:
  ## - path: /*
  ##   backend:
  ##     serviceName: ssl-redirect
  ##     servicePort: use-annotation

  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  # -- an array with additional tls configuration to be added to the ingress record
  extraTls: []
  ## extraTls:
  ## - hosts:
  ##     - server.local
  ##   secretName: server.local-tls

  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
  # -- additional rules to be covered with this ingress record
  extraRules: []
  ## extraRules:
  ## - host: example.local
  ##     http:
  ##       path: /
  ##       backend:
  ##         service:
  ##           name: example-svc
  ##           port:
  ##             name: http

# Secret configuration
secret:
  # -- whether to create a Secret containing the PostgreSQL connection string
  create: true
  # -- name for the Secret containing the PostgreSQL connection string
  # To provide an existing Secret, provide a name and set `create=false`
  name: ""
  # -- username for the PostgreSQL connection string
  username: ""
  # -- password for the PostgreSQL connection string
  password: ""
  # -- host for the PostgreSQL connection string
  host: ""
  # -- port for the PostgreSQL connection string
  port: ""
  # -- database for the PostgreSQL connection string
  database: ""

# SQLite configuration
# Recommended for lightweight, single-server deployments.
sqlite:
  # -- enable use of the embedded SQLite database
  enabled: false

  persistence:
    # -- enable SQLite data persistence using PVC
    enabled: true
    # -- size for the PVC
    size: 1Gi
    # -- storage class name for the PVC
    storageClassName: ""

# PostgreSQL subchart - default overrides
postgresql:
  # -- enable use of bitnami/postgresql subchart
  enabled: true
  auth:
    # -- determines whether an admin user is created within postgres
    enablePostgresUser: false
    # -- name for a custom database
    database: server
    # -- name for a custom user
    username: prefect
    ## This is the password for `username` and will be set within the secret `{fullnameOverride}-postgresql` at the key `password`.
    ## This argument is only relevant when using the Postgres database included in the chart.
    ## For an external postgres connection, you must create and use `existingSecret` instead.
    # -- password for the custom user. Ignored if `auth.existingSecret` with key `password` is provided
    password: prefect-rocks

  ## Initdb configuration
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#specifying-initdb-arguments
  primary:
    initdb:
      # -- specify the PostgreSQL username to execute the initdb scripts
      user: postgres

    ## persistence enables a PVC that stores the database between deployments. If making changes to the database deployment, this
    ## PVC will need to be deleted for database changes to take effect. This is especially notable when the authentication password
    ## changes on redeploys. This is disabled by default because we do not recommend using the subchart deployment for production deployments.
    persistence:
      # -- enable PostgreSQL Primary data persistence using PVC
      enabled: false

  image:
    # -- Version tag, corresponds to tags at https://hub.docker.com/r/bitnami/postgresql/
    tag: 14.13.0