Cloudera Surveyor for Apache Kafka Helm chart configuration reference
A reference listing all configurable properties of the Cloudera Surveyor Helm chart.
Configure these properties during installation in your helm install
command, or update them after installation using helm upgrade. Use the
--values (-f) and --set options to specify properties.
For example:
helm install cloudera-surveyor \
--namespace [***NAMESPACE***] \
--values [***VALUES FILE***] \
--set-file surveyorConfig.surveyor.authentication.keys.active=[***PATH TO AUTHENTICATION KEY FILE***] \
--set 'image.imagePullSecrets=[***CLOUDERA CREDENTIAL SECRET***]' \
--set-file clouderaLicense.fileContent=[***PATH TO LICENSE FILE***] \
oci://container.repository.cloudera.com/cloudera-helm/csm-operator/surveyor \
--version 1.4.0-b199
Properties are grouped into two tables. The General Properties table lists configuration properties for customizing the overall deployment of Cloudera Surveyor, including settings for global Kafka client configurations, authentication, TLS, Ingress, Secret management, and others.
The ClusterConfigs Properties table lists configuration properties that specify which Kafka clusters Cloudera Surveyor connects to and how connections are established. These properties include settings for cluster identification, per-cluster client configuration, alert thresholds, and more.
| Property | Description | Default Value |
|---|---|---|
replicaCount |
The ReplicaSet count. | 2 |
image.registry |
The container image registry where the image is hosted. | container.repository.cloudera.com |
image.repository |
The repository name of the container image. | cloudera |
image.name |
The name of the container image. | surveyor |
image.tag |
The tag of the container image to use. | latest |
image.pullPolicy |
The policy to use when pulling the container image. | IfNotPresent |
image.uiName |
The name of the UI container image. | surveyor-app |
image.uiTag |
The tag of the UI container image. | latest |
service.type |
The type of Kubernetes Service. | NodePort |
service.port |
The port exposed by the Service. | 8080 |
service.targetPort |
The target port for the Service within the container. | 8080 |
service.tlsPort |
The port exposed by the Service for TLS connections. | 8443 |
service.tlsTargetPort |
The target port for TLS connections within the container. | 8443 |
surveyorConfig.* |
Cloudera Surveyor configuration object. | {} |
surveyorConfig.surveyor.commonClientConfig |
Kafka client configuration properties applied to all clients. Must
contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].commonClientConfig to set client
configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.snapshotClientPool.clientCount |
Number of Kafka clients used for snapshotting clusters. Use
clusterConfigs.clusters[*].snapshotClientPool.clientCount to set
the client count on a per-cluster basis. Cloudera recommends using the default value.
Increase the client count if snapshotting data from the cluster is slow. |
5 |
surveyorConfig.surveyor.snapshotClientPool.clientConfig |
Kafka client configuration properties applied to all snapshot
clients. Must contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].snapshotClientPool.clientConfig to set
snapshot client configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.adminClientPool.clientCount |
Number of Kafka clients used for administrative operations.
Administrative operations include actions such as managing topics (create, delete,
alter) and managing consumer groups (delete, reset-offsets). Use
clusterConfigs.clusters[*].adminClientPool.clientCount to set the
client count on a per-cluster basis. |
2 |
surveyorConfig.surveyor.adminClientPool.clientConfig |
Kafka client configuration properties applied to all admin clients.
Must contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].adminClientPool.clientConfig to set
admin client configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.maxGlobalSnapshotParallelism |
Maximum number of usable threads for processing snapshots across all clusters. Note that this does not control the maximum number of threads created rather the number of active threads. This also does not limit the number of threads in use by the kafka clients. Defaults to the number of available processor cores at runtime. | null |
surveyorConfig.surveyor.globalSnapshotInterval |
Interval specifying how frequently snapshots are made for all
clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotInterval to configure snapshot
interval on a per-cluster basis. |
PT3M (3 minutes) |
surveyorConfig.surveyor.globalAclFetchInterval |
Interval specifying how frequently ACLs are fetched and refreshed
for all clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].authorization.aclFetchInterval to
configure the ACL fetching interval on a per-cluster basis. |
PT1M (1 minute) |
surveyorConfig.surveyor.globalSnapshotTimeout |
Interval specifying the timeout of the snapshot operation for all
clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotTimeout to configure the
snapshot operation timeout on a per-cluster basis. |
PT1M (1 minute) |
surveyorConfig.surveyor.globalSnapshotTtl |
Interval specifying how long the last successful snapshot is kept
when subsequent snapshots are failing for all clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotTtl to configure the TTL of the
last successful snapshot on a per-cluster basis. |
PT8M (8 minutes) |
surveyorConfig.surveyor.snapshotMaxJitter |
Interval specifying the maximum initial jitter of snapshotting for all clusters in ISO 8601 representation. | PT10S (10 seconds) |
surveyorConfig.surveyor.authentication.enabled |
Enables or disables authentication. | true |
surveyorConfig.surveyor.authentication.keys.active |
The secure key used to sign authentication tokens. It must be random bytes of at least 32 length. | none |
surveyorConfig.surveyor.authentication.keys.passive |
The secure key used to verify authentication tokens during authentication key rolling. When used, it should be set to the previously active key. | none |
surveyorConfig.surveyor.authentication.principalMappingRule |
Central principal mapping rule used to transform user principals into short names before evaluating authorization permissions. You can specify multiple rules, which are evaluated in order. The first rule that matches a principal name is applied for mapping, subsequent rules are ignored. The supported format is: 'RULE:pattern/replacement/, RULE:pattern/replacement/, DEFAULT'. This property works the same way as the ssl.principal.mapping.rules property in Kafka. | DEFAULT |
surveyorConfig.surveyor.authentication.userSessionTimeout |
Time interval after which users are required to relogin into Cloudera Surveyor in ISO 8601 representation. | P1D (1 day) |
surveyorConfig.surveyor.authentication.inactivityTimeout |
User inactivity timeout in ISO 8601 representation. If users are inactive for the duration of this timeout, they are required to relogin into Cloudera Surveyor. | PT1H (1 hour) |
surveyorConfig.surveyor.authentication.tokenRenewalInterval |
Authentication token renewal interval in ISO 8601 representation. This must be smaller than inactivityTimeout, recommended not to be larger than half of the inactivityTimeout. | PT10M (10 minutes) |
surveyorConfig.quarkus.* |
Quarkus specific configurations. | {} |
tlsConfigs.enabled |
Enables or disables TLS. | true |
tlsConfigs.secretRef |
The name of the Secret containing TLS configuration properties. | "tls-config" |
clouderaLicense.fileContent |
The contents of the Cloudera license. Use with
--set-file to generate a Secret automatically that contains the
Cloudera license. |
none |
clouderaLicense.secretRef |
The name of the Secret containing the Cloudera license file. | none |
ingress.enabled |
Enables or disables external access through Ingress. | false |
ingress.protocol |
The Ingress protocol. | "HTTP" |
ingress.className |
The Ingress controller class. | none |
ingress.rules.host |
The host of the Ingress rule. | "none" |
ingress.rules.path |
The Ingress path. | "/" |
ingress.rules.port |
The port of the Ingress rule. This is the port of the Kubernetes Service that the Ingress forwards requests to. | "8080" |
ingress.tls.enabled |
Enables or disables TLS for Ingress. | true |
ingress.tls.issuer |
The issuer for Ingress TLS certificates. | none |
ingress.tls.secretRef |
The name of the Secret containing Ingress TLS certificates. | "ingress-tls-cert" |
globalTruststore.secretRef.name |
The name of the Secret containing the global Cloudera Surveyor truststore. | none |
globalTruststore.secretRef.key |
The key in the Secret containing the global Cloudera Surveyor truststore. | none |
globalTruststore.type |
The type of the global Cloudera Surveyor truststore. Can be PKCS12 or JKS. | PKCS12 |
globalTruststore.password.secretRef.name |
The name of the Secret containing the global truststore password. | none |
globalTruststore.password.secretRef.key |
The key of the Secret containing the global truststore password. | none |
podSecurityContext |
Security context settings at the pod level. | {} |
containerSecurityContext |
Security context settings at the container level. | {} |
resources |
Resource requests and limits for the Cloudera Surveyor container. | {} |
scheduling.nodeSelector |
Node selector constraints for pod scheduling. | {} |
scheduling.affinity |
Affinity rules for more complex pod scheduling. Includes
nodeAffinity, podAffinity, and
podAntiAffinity. |
{} |
scheduling.tolerations |
Tolerations to allow pod scheduling on nodes with matching taints. | [] |
scheduling.topologySpreadConstraints |
Constraints for distributing pods across the cluster topology. | [] |
env |
List of environment variables to be set in the Cloudera Surveyor container. Can be specified as direct values or references to secrets/configmaps. | See below |
secretsToMount[*] |
List of secrets to mount | [] |
secretsToMount[*].secretRef |
The name of the secret to mount | none |
secretsToMount[*].create |
If set to true a new secret will be created | false |
secretsToMount[*].items[*] |
List of items in the secret to mount. If empty all items will be mounted | [] |
secretsToMount[*].items[*].key |
Key of the item in the secret | none |
secretsToMount[*].items[*].path |
Path of the mounted item relative to /opt/secrets/[***SECRET
NAME***]/ |
none |
secretsToMount[*].items[*].content |
If create is set to true the content of this item
in the newly created secret |
none |
| Property | Description | Default Value |
|---|---|---|
clusterConfigs.clusters[*] |
Array of connected clusters and their client configuration. | [] |
clusterConfigs.clusters[*].clusterName |
The name of the cluster. This name is displayed on the UI. | `` |
clusterConfigs.clusters[*].tags |
A list of arbitrary tags associated with the cluster. Use tags to logically group and organize clusters. For example, by department, geographic location, or environment. Properly tagging clusters makes it easier to filter and organize them on the UI. | [] |
clusterConfigs.clusters[*].bootstrapServers |
A comma-separated list of the bootstrap servers for the Kafka cluster that Cloudera Surveyor connects to. Specify multiple servers for highly available connections. | `` |
clusterConfigs.clusters[*].snapshotInterval |
Interval specifying how frequently snapshots are made for this
cluster in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotInterval. |
null |
clusterConfigs.clusters[*].snapshotTimeout |
Interval specifying the timeout of the snapshot operation in ISO
8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotTimeout. |
null |
clusterConfigs.clusters.[*].snapshotTtl |
Interval specifying how long the last successful snapshot is kept
when subsequent snapshots are failing in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotTtl. |
null |
clusterConfigs.clusters[*].commonClientConfig |
Kafka client configuration properties applied to all clients for
this cluster. Must contain upstream Kafka client properties as a map. Properties
specified here are merged with, and take precedence over, the client configuration
specified in surveyorConfig.surveyor.*. |
{} |
clusterConfigs.clusters[*].snapshotClientPool.clientCount |
Number of Kafka clients used for snapshotting this cluster.
Overrides surveyorConfig.surveyor.snapshotClientPool.clientCount.
Cloudera recommends using the default value. Increase the client count if snapshotting
data from the cluster is slow. |
null |
clusterConfigs.clusters[*].snapshotClientPool.clientConfig |
Kafka client configuration properties applied to all snapshot
clients for this cluster. Must contain upstream Kafka client properties as a map.
Properties specified here are merged with, and take precedence over, the client
configuration specified in surveyorConfig.surveyor.* and
clusterConfigs.clusters[*].commonClientConfig. |
{} |
clusterConfigs.clusters[*].adminClientPool.clientCount |
Number of Kafka clients to use for administrative operations in this
cluster. Administrative operations include actions such as managing topics (create,
delete, alter) and managing consumer groups (delete, reset-offsets). Overrides
surveyorConfig.surveyor.adminClientPool.clientCount. |
null |
clusterConfigs.clusters[*].adminClientPool.clientConfig |
Kafka client configuration properties applied to all admin clients
for this cluster. Must contain upstream Kafka client properties as a map. Properties
specified here are merged with, and take precedence over, the client configuration
specified in surveyorConfig.surveyor.* and
clusterConfigs.clusters[*].commonClientConfig. |
{} |
clusterConfigs.clusters[*].adminOperationTimeout |
Timeout used for administrative operations. | null |
clusterConfigs.clusters[*].allTopicConfigsFetchRetries |
Number of retries when fetching all the available topic configurations in the cluster. | null |
clusterConfigs.clusters[*].alertConfigs.logDirUsageConcerningThresholdPercent |
The percentage of log directory usage that triggers a concerning alert. | null |
clusterConfigs.clusters[*].alertConfigs.logDirUsageCriticalThresholdPercent |
The percentage of log directory usage that triggers a critical alert. | null |
clusterConfigs.clusters[*].alertConfigs.diskVolumeImbalanceThresholdPercent |
The percentage that a log directory's size can differ from the average size of all log directories before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerVolumeImbalancePercent |
The percentage that a broker's total log directory size can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerReplicaImbalancePercent |
The percentage that the number of replicas hosted on a broker can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerLeaderImbalancePercent |
The percentage that the number of leader replicas hosted on a broker can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.totalLagConcerning |
The amount of lag for a consumer group that triggers a concerning alert. | null |
clusterConfigs.clusters[*].alertConfigs.totalLagCritical |
The amount of lag for a consumer group that triggers a critical alert. | null |
clusterConfigs.clusters[*].authorization.enabled |
Enables authorization. | true |
clusterConfigs.clusters.[*].authorization.aclFetchInterval |
Interval specifying how frequently ACLs are fetched and refreshed
for this cluster in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalAclFetchInterval. |
null |
clusterConfigs.clusters[*].authorization.principalMappingRule |
Principal mapping rule. Follows the syntax of Kafka's
ssl.principal.mapping.rules property. |
DEFAULT |
clusterConfigs.clusters[*].authorization.superUsers |
List of superusers. | [] |
clusterConfigs.clusters[*].authorization.defaultResult |
Default result of the authorization. Accepted values are:
DENIED or ALLOWED. |
DENIED |
