Cloudera Surveyor for Apache Kafka Helm chart configuration reference
A reference listing all configurable properties of the Cloudera Surveyor Helm chart.
Configure these properties during installation in your helm install
command, or update them after installation using helm upgrade. Use the
--values (-f) and --set options to specify properties.
For example:
helm install cloudera-surveyor \
--namespace [***NAMESPACE***] \
--values [***VALUES FILE***] \
--set-file surveyorConfig.surveyor.authentication.keys.active=[***PATH TO AUTHENTICATION KEY FILE***] \
--set 'image.imagePullSecrets=[***CLOUDERA CREDENTIAL SECRET***]' \
--set-file clouderaLicense.fileContent=[***PATH TO LICENSE FILE***] \
oci://container.repository.cloudera.com/cloudera-helm/csm-operator/surveyor \
--version 1.6.0-b99
Properties are grouped into two tables. The General Properties table lists configuration properties for customizing the overall deployment of Cloudera Surveyor, including settings for global Kafka client configurations, authentication, TLS, Ingress, Secret management, and others.
The ClusterConfigs Properties table lists configuration properties that specify which Kafka clusters Cloudera Surveyor connects to and how connections are established. These properties include settings for cluster identification, per-cluster client configuration, alert thresholds, and more.
| Property | Description | Default Value |
|---|---|---|
replicaCount |
The ReplicaSet count. | 2 |
fipsMode |
Enable FIPS mode | false |
securityProviders[*] |
List of security providers to load | [] |
securityProviders[*].providerClassName |
Class name of the provider | none |
securityProviders[*].argument |
Argument to pass to provider | none |
securityProviders[*].classpath[*] |
List of filesystem paths that should be added to the classpath in order for this provider to function. | [] |
image.registry |
The container image registry where the image is hosted. | container.repository.cloudera.com |
image.repository |
The repository name of the container image. | cloudera |
image.name |
The name of the container image. | surveyor |
image.tag |
The tag of the container image to use. | latest |
image.pullPolicy |
The policy to use when pulling the container image. | IfNotPresent |
image.uiName |
The name of the UI container image. | surveyor-app |
image.uiTag |
The tag of the UI container image. | latest |
image.imagePullSecrets |
The name of the Secret containing credentials that provide access to the registry where Cloudera Surveyor images are hosted. To specify multiple Secrets, provide an array of objects where each object has a name property: [{name: "secret1"}, {name: "secret2"}]. | none |
service.type |
The type of Kubernetes Service. | NodePort |
service.port |
The port exposed by the Service. | 8080 |
service.tlsPort |
The port exposed by the Service for TLS connections. | 8443 |
surveyorConfig.* |
Cloudera Surveyor configuration object. | {} |
surveyorConfig.surveyor.commonClientConfig |
Kafka client configuration properties applied to all clients. Must
contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].commonClientConfig to set client
configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.globalHiddenTopicNamePattern |
Regular expression to specify which topic should be hidden. Use
clusterConfigs.clusters[*].hiddenTopicNamePattern to configure it
on a per-cluster basis. The default expression filters topic names that follow common
internal topic naming conventions. |
^(__.+|ATLAS_.+) |
surveyorConfig.surveyor.snapshotClientPool.clientCount |
Number of Kafka clients used for snapshotting clusters. Use
clusterConfigs.clusters[*].snapshotClientPool.clientCount to set
the client count on a per-cluster basis. Cloudera recommends using the default value.
Increase the client count if snapshotting data from the cluster is slow. |
5 |
surveyorConfig.surveyor.snapshotClientPool.clientConfig |
Kafka client configuration properties applied to all snapshot
clients. Must contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].snapshotClientPool.clientConfig to set
snapshot client configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.adminClientPool.clientCount |
Number of Kafka clients used for administrative operations.
Administrative operations include actions such as managing topics (create, delete,
alter) and managing consumer groups (delete, reset-offsets). Use
clusterConfigs.clusters[*].adminClientPool.clientCount to set the
client count on a per-cluster basis. |
2 |
surveyorConfig.surveyor.adminClientPool.clientConfig |
Kafka client configuration properties applied to all admin clients.
Must contain upstream Kafka client properties as a map. Use
clusterConfigs.clusters[*].adminClientPool.clientConfig to set
admin client configuration on a per-cluster basis. |
{} |
surveyorConfig.surveyor.maxGlobalSnapshotParallelism |
Maximum number of usable threads for processing snapshots across all clusters. Note that this does not control the maximum number of threads created rather the number of active threads. This also does not limit the number of threads in use by the kafka clients. Defaults to the number of available processor cores at runtime. | null |
surveyorConfig.surveyor.globalSnapshotInterval |
Interval specifying how frequently snapshots are made for all
clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotInterval to configure snapshot
interval on a per-cluster basis. |
PT3M (3 minutes) |
surveyorConfig.surveyor.globalAclFetchInterval |
Interval specifying how frequently ACLs are fetched and refreshed
for all clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].authorization.aclFetchInterval to
configure the ACL fetching interval on a per-cluster basis. |
PT1M (1 minute) |
surveyorConfig.surveyor.globalSnapshotTimeout |
Interval specifying the timeout of the snapshot operation for all
clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotTimeout to configure the
snapshot operation timeout on a per-cluster basis. |
PT1M (1 minute) |
surveyorConfig.surveyor.globalSnapshotTtl |
Interval specifying how long the last successful snapshot is kept
when subsequent snapshots are failing for all clusters in ISO 8601 representation. Use
clusterConfigs.clusters[*].snapshotTtl to configure the TTL of the
last successful snapshot on a per-cluster basis. |
PT8M (8 minutes) |
surveyorConfig.surveyor.snapshotMaxJitter |
Interval specifying the maximum initial jitter of snapshotting for all clusters in ISO 8601 representation. | PT10S (10 seconds) |
surveyorConfig.surveyor.authentication.enabled |
Enables or disables authentication. | true |
surveyorConfig.surveyor.authentication.keys.active |
The secure key used to sign authentication tokens. It must be random bytes of at least 32 length. | crptographically secure random 128 bytes (only in non-FIPS mode) |
surveyorConfig.surveyor.authentication.keys.passive |
The secure key used to verify authentication tokens during authentication key rolling. When used, it should be set to the previously active key. | none |
surveyorConfig.surveyor.authentication.principalMappingRule |
Central principal mapping rule used to transform user principals into short names before evaluating authorization permissions. You can specify multiple rules, which are evaluated in order. The first rule that matches a principal name is applied for mapping, subsequent rules are ignored. The supported format is: 'RULE:pattern/replacement/, RULE:pattern/replacement/, DEFAULT'. This property works the same way as the ssl.principal.mapping.rules property in Kafka. | DEFAULT |
surveyorConfig.surveyor.authentication.userSessionTimeout |
Time interval after which users are required to relogin into Cloudera Surveyor in ISO 8601 representation. | P1D (1 day) |
surveyorConfig.surveyor.authentication.inactivityTimeout |
User inactivity timeout in ISO 8601 representation. If users are inactive for the duration of this timeout, they are required to relogin into Cloudera Surveyor. | PT1H (1 hour) |
surveyorConfig.surveyor.authentication.tokenRenewalInterval |
Authentication token renewal interval in ISO 8601 representation. This must be smaller than inactivityTimeout, recommended not to be larger than half of the inactivityTimeout. | PT10M (10 minutes) |
surveyorConfig.quarkus.* |
Quarkus specific configurations. | {} |
tlsConfigs.enabled |
Enables or disables TLS. | true |
tlsConfigs.secretRef |
The name of the Secret containing TLS configuration properties. | "tls-config" |
clouderaLicense.fileContent |
The contents of the Cloudera license. Use with
--set-file to generate a Secret automatically that contains the
Cloudera license. |
none |
clouderaLicense.secretRef |
The name of the Secret containing the Cloudera license file. | none |
ingress.enabled |
Enables or disables external access through Ingress. | false |
ingress.className |
The Ingress controller class. | none |
ingress.extraAnnotations.* |
Extra annotations to apply to the Ingress. | {nginx.ingress.kubernetes.io/backend-protocol:
"HTTPS"}1 |
ingress.rules.host |
The host of the Ingress rule. | "none" |
ingress.rules.path |
The Ingress path. | "/" |
ingress.rules.port |
The port of the Ingress rule. This is the port of the Kubernetes Service that the Ingress forwards requests to. | "8080" |
ingress.tls.enabled |
Enables or disables TLS for Ingress. | true |
ingress.tls.secretRef |
The name of the Secret containing Ingress TLS certificates. | "ingress-tls-cert" |
globalTruststore.secretRef.name |
The name of the Secret containing the global Cloudera Surveyor truststore. | none |
globalTruststore.secretRef.key |
The key in the Secret containing the global Cloudera Surveyor truststore. | none |
globalTruststore.type |
The type of the global Cloudera Surveyor truststore. Can be JKS, PKCS12 or BCFKS. | PKCS12 |
globalTruststore.password.secretRef.name |
The name of the Secret containing the global truststore password. | none |
globalTruststore.password.secretRef.key |
The key of the Secret containing the global truststore password. | none |
podSecurityContext |
Security context settings at the pod level. | {} |
containerSecurityContext |
Security context settings at the container level. | {} |
resources |
Resource requests and limits for the Cloudera Surveyor container. | {} |
scheduling.nodeSelector |
Node selector constraints for pod scheduling. | {} |
scheduling.affinity |
Affinity rules for more complex pod scheduling. Includes
nodeAffinity, podAffinity, and
podAntiAffinity. |
{} |
scheduling.tolerations |
Tolerations to allow pod scheduling on nodes with matching taints. | [] |
scheduling.topologySpreadConstraints |
Constraints for distributing pods across the cluster topology. | [] |
env |
List of environment variables to be set in the Cloudera Surveyor container. Can be specified as direct values or references to secrets/configmaps. | See below |
secretsToMount[*] |
List of secrets to mount | [] |
secretsToMount[*].secretRef |
The name of the secret to mount | none |
secretsToMount[*].create |
If set to true a new secret will be created | false |
secretsToMount[*].items[*] |
List of items in the secret to mount. If empty all items will be mounted | [] |
secretsToMount[*].items[*].key |
Key of the item in the secret | none |
secretsToMount[*].items[*].path |
Path of the mounted item relative to /opt/secrets/[***SECRET
NAME***]/ |
none |
secretsToMount[*].items[*].content |
If create is set to true the content of this item
in the newly created secret |
none |
extraVolumes[*] |
List of additional volumes to attach to the pod. This allows you to mount various types of volumes like secrets, configMaps, persistentVolumeClaims, etc. | [] |
extraVolumes[*].name |
The name of the volume. Must match the corresponding name in
extraVolumeMounts. |
none |
extraVolumes[*].<volumeType> |
The volume configuration. Can be any valid Kubernetes volume type
such as secret, configMap,
persistentVolumeClaim, etc. |
none |
extraVolumeMounts[*] |
List of volume mounts that specify how volumes are mounted into the container. | [] |
extraVolumeMounts[*].name |
The name of the volume to mount. Must match a volume defined in
extraVolumes. |
none |
extraVolumeMounts[*].mountPath |
The path within the container at which the volume should be mounted. | none |
extraVolumeMounts[*].readOnly |
Whether the volume should be mounted read-only. Defaults to false. | false |
1 The default value of the
nginx.ingress.kubernetes.io/backend-protocol annotation is
incorrectly documented as HTTP in the Helm chart
README.| Property | Description | Default Value |
|---|---|---|
clusterConfigs.clusters[*] |
Array of connected clusters and their client configuration. | [] |
clusterConfigs.clusters[*].clusterName |
The name of the cluster. This name is displayed on the UI. | `` |
clusterConfigs.clusters[*].tags |
A list of arbitrary tags associated with the cluster. Use tags to logically group and organize clusters. For example, by department, geographic location, or environment. Properly tagging clusters makes it easier to filter and organize them on the UI. | [] |
clusterConfigs.clusters[*].bootstrapServers |
A comma-separated list of the bootstrap servers for the Kafka cluster that Cloudera Surveyor connects to. Specify multiple servers for highly available connections. | `` |
clusterConfigs.clusters[*].snapshotInterval |
Interval specifying how frequently snapshots are made for this
cluster in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotInterval. |
null |
clusterConfigs.clusters[*].snapshotTimeout |
Interval specifying the timeout of the snapshot operation in ISO
8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotTimeout. |
null |
clusterConfigs.clusters[*].snapshotTtl |
Interval specifying how long the last successful snapshot is kept
when subsequent snapshots are failing in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalSnapshotTtl. |
null |
clusterConfigs.clusters[*].commonClientConfig |
Kafka client configuration properties applied to all clients for
this cluster. Must contain upstream Kafka client properties as a map. Properties
specified here are merged with, and take precedence over, the client configuration
specified in surveyorConfig.surveyor.*. |
{} |
clusterConfigs.clusters[*].hiddenTopicNamePattern |
Regular expression to specify which topic should be hidden. Overrides 'surveyorConfig.surveyor.globalHiddenTopicNamePattern'. | null |
clusterConfigs.clusters[*].snapshotClientPool.clientCount |
Number of Kafka clients used for snapshotting this cluster.
Overrides surveyorConfig.surveyor.snapshotClientPool.clientCount.
Cloudera recommends using the default value. Increase the client count if snapshotting
data from the cluster is slow. |
null |
clusterConfigs.clusters[*].snapshotClientPool.clientConfig |
Kafka client configuration properties applied to all snapshot
clients for this cluster. Must contain upstream Kafka client properties as a map.
Properties specified here are merged with, and take precedence over, the client
configuration specified in surveyorConfig.surveyor.* and
clusterConfigs.clusters[*].commonClientConfig. |
{} |
clusterConfigs.clusters[*].adminClientPool.clientCount |
Number of Kafka clients to use for administrative operations in this
cluster. Administrative operations include actions such as managing topics (create,
delete, alter) and managing consumer groups (delete, reset-offsets). Overrides
surveyorConfig.surveyor.adminClientPool.clientCount. |
null |
clusterConfigs.clusters[*].adminClientPool.clientConfig |
Kafka client configuration properties applied to all admin clients
for this cluster. Must contain upstream Kafka client properties as a map. Properties
specified here are merged with, and take precedence over, the client configuration
specified in surveyorConfig.surveyor.* and
clusterConfigs.clusters[*].commonClientConfig. |
{} |
clusterConfigs.clusters[*].adminOperationTimeout |
Timeout used for administrative operations in ISO 8601 representation. | null |
clusterConfigs.clusters[*].allTopicConfigsFetchRetries |
Number of retries when fetching all the available topic configurations in the cluster. | null |
clusterConfigs.clusters[*].alertConfigs.logDirUsageConcerningThresholdPercent |
The percentage of log directory usage that triggers a concerning alert. | null |
clusterConfigs.clusters[*].alertConfigs.logDirUsageCriticalThresholdPercent |
The percentage of log directory usage that triggers a critical alert. | null |
clusterConfigs.clusters[*].alertConfigs.diskVolumeImbalanceThresholdPercent |
The percentage that a log directory's size can differ from the average size of all log directories before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerVolumeImbalancePercent |
The percentage that a broker's total log directory size can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerReplicaImbalancePercent |
The percentage that the number of replicas hosted on a broker can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.brokerLeaderImbalancePercent |
The percentage that the number of leader replicas hosted on a broker can differ from the average across all brokers before an alert is triggered. | null |
clusterConfigs.clusters[*].alertConfigs.totalLagConcerning |
The amount of lag for a consumer group that triggers a concerning alert. | null |
clusterConfigs.clusters[*].alertConfigs.totalLagCritical |
The amount of lag for a consumer group that triggers a critical alert. | null |
clusterConfigs.clusters[*].authorization.enabled |
Enables authorization. | true |
clusterConfigs.clusters[*].authorization.aclFetchInterval |
Interval specifying how frequently ACLs are fetched and refreshed
for this cluster in ISO 8601 representation. Overrides
surveyorConfig.surveyor.globalAclFetchInterval. |
null |
clusterConfigs.clusters[*].authorization.principalMappingRule |
Principal mapping rule. Follows the syntax of Kafka's
ssl.principal.mapping.rules property. |
DEFAULT |
clusterConfigs.clusters[*].authorization.superUsers |
List of superusers. | [] |
clusterConfigs.clusters[*].authorization.defaultResult |
Default result of the authorization. Accepted values are:
DENIED or ALLOWED. |
DENIED |
