Run Commands
Read the HELM series >

Proxy HCVs

Centralize all traffic on a single port that's safe to expose to the Internet.

About #

Proxy is a service that handles all Pachyderm traffic (S3, Console, OIDC, Dex, GRPC) on a single port; It’s great for exposing directly to the Internet.

Values #

The following section contains a series of tabs for commonly used configurations for this section of your values.yml Helm chart.

Options:
proxy:
  enabled: true
  host: "" # the external hostname (including port if nonstandard) that the proxy will be reachable at.
  replicas: 1 # each replica can handle 50,000 concurrent connections. There is an affinity rule to prefer scheduling the proxy pods on the same node as pachd, so a number here that matches the number of pachd replicas is a fine configuration. (Note that we don't guarantee to keep the proxy<->pachd traffic on-node or even in-region.)
  image:
    repository: "envoyproxy/envoy"
    tag: "v1.22.0"
    pullPolicy: "IfNotPresent"
  resources:
    requests:
      cpu: 100m
      memory: 512Mi
    limits:
      memory: 512Mi # proxy sheds traffic before using 500MB of RAM.
  labels: {}
  annotations: {}
  service:  # configures the service that routes traffic to the proxy.
    type: LoadBalancer # can be ClusterIP, NodePort, or LoadBalancer.
    loadBalancerIP: "" # If the service is a LoadBalancer, you can specify the IP address to use; defaults to 80.
    httpPort: 80  # The port to serve plain HTTP traffic on.
    httpsPort: 443 # The port to serve HTTPS traffic on, if enabled below.
    annotations: {}
    labels: {} # adds labels to the service itself (not the selector!).
  tls: # Incompatible with legacy ports. 
    enabled: false
    secretName: "" # must contain "tls.key" and "tls.crt" keys; generate with  kubectl create secret tls <name> --key=tls.key --cert=tls.cert"
    secret: {} #  generate the secret from values here.  This is intended only for unit tests.