Helm chart inputs

You can provide following inputs during the helm chart installation with option
--set <key>=<value>
.
For example,
helm install <release-name> <package-name> --set pvc.create=true
.
Helm chart inputs
Sr. No.
Input
Description
1
replicaCount=1
Total number of replicas that you want to have.
2
image.repository=specs-docker.packages.broadcom.com/storageprotection/specs image.pullPolicy=IfNotPresent image.tag="9.0"
Broadcom repository URL of SPE image.
3
imagePullSecrets.- name=specs-cred
Name of the docker registry secret in kubernetes to pull the image from broadcom registry.
4
nameOverride="specs"
Kubernetes resources are named with release name suffixed with specified nameOverride "specs" followed by unique id.
5
pvc.create=false pvc.storageClassName=spe-storage
If installing the SPE helm chart for the first time, Please set pvc.create: true. It creates persistence volume claim if 'create: true' is configured. During subsequent installations please set pvc.create: false. It will reuse previously created persistent volume claim if 'create: false' is configured.
6
podSecurityContext.runAsUser=1000 podSecurityContext.runAsGroup=1000 podSecurityContext.fsGroup=1000
Run SPE Container with non root user id as 1000, group id as 1000.
7
securityContext.runAsNonRoot=true
Run SPE Container as non-root.
8
service.type=LoadBalancer service.port=1344 service.restapiport=8008
When you install SPE helm chart, helm will deploy the SPE Service as a LoadBalancer. Port: SPE container ICAP scanning port. Client can send ICAP file scan requests to this port. restapiport: SPE container RESTAPI scanning port. Client can send RESTAPI file scan requests to this port.
9
resources: {}
If you do want to specify resources, uncomment the following:
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.  
# limits:  
#   memory: 4098Mi  
# requests:  
#  memory: 4097Mi
For each container, you can specify resource limits and requests. For example, resources.limits.memory and resources.requests.memory. It is advisable to configure minimum 4098Mi for file scan load of small / medium sized files in parallel. Please check size of kubernestes cluster and overall resource requests and limits configured before deploying. By default no resource limits are set SPE helm chart and you are advised to configure resource limits.
10
configuration.PolicyApplyRetries=10
Specify number of retry attempts in case of policy apply error, default 10. Retry interval is 30 seconds. policy apply error e.g. - In slow network conditions liveupdate may to take long time and it may result in policy apply timeout error.
11
livenessProbe.initialDelaySeconds=30 livenessProbe.periodSeconds: 30
Kubernetes automatically checks if a container is healthy and also when it is ready to accept traffic. These checks are done using a readiness probe and liveness probe respectively.
Liveness Probe: Kubernetes regularly checks whether a container is still alive or not. Kubernetes sends a request to the configured port of a container (service:port, default port is 1344) and if it receives response the pod is considered healthy. If the probe fails, container is restarted.
12
readinessProbe.initialDelaySeconds=30 readinessProbe.periodSeconds: 30
Readiness Probe: The readiness probe works the same way as the liveness probe except that it is only executed to determine whether a pod is ready to receive traffic after startup.
13
tuning.MallocArenaMax=1 tuning.AutoConfigureInMemoryCacheSize=true
MallocArenaMax - Glibc library uses multiple memory pools and malloc allocates memory from it.
Memory pools help multithreaded programs especially memory intensive ones to speed up the memory allocation.
User can tune the number of pools with environment variable MALLOC_ARENA_MAX. Setting MALLOC_ARENA_MAX can be a trade-off between performance and memory consumption. Default : 1
AutoConfigureInMemoryCacheSize - This parameter auto configures SPE configuration parameters InMemoryFilesystemSize and InMemoryFileScanCacheSize in filtering XML to 40% of the memory of container. 
14
debug.CSAPI_DEBUG_LOG=/tmp/csapi.log debug.CSAPI_DEBUG_LEVEL=0 debug.STARGATE_DEBUG_LEVEL=0
CSAPI_DEBUG_LOG: Name of the CSAPI log file.
CSAPI_DEBUG_LEVEL: CSAPI Logging level.
STARGATE_DEBUG_LEVEL: Stargate logging level.
Logging levels:
  • 0 Logging is disabled.
  • 1 Log level fatal
  • 2 Log level error
  • 3 Log level warning
  • 4 Log level information
  • 5 Log level debug
Make sure you carefully understand and estimate the file size and overall file scan load, and accordingly size the individual containers and number of replicas.