Helm chart
This Helm reference page provides comprehensive details on the Portworx Helm chart, including the compatibility matrix and configurable parameters.
Portworx Helm chart compatibility matrix
The following table lists the Helm version compatibility with Portworx Enterprise and Operator. Ensuring compatibility between these components is crucial for the successful installation and operation of Portworx on Kubernetes clusters.
| Helm chart version | PXE version | Operator Version |
|---|---|---|
| 4.0.0 | 3.1.4 | 24.1.1 |
Portworx Helm chart parameters
The following table lists the configurable parameters of the Portworx Helm chart and their default values.
| Parameter | Description | Default |
|---|---|---|
imageVersion | Specifies the version of the Portworx image. | 3.1.4 |
pxOperatorImageVersion | Specifies the version of the Portworx operator image. | 24.1.1 |
openshiftInstall | Indicates whether Portworx is being installed on OpenShift. | false |
pksInstall | Indicates whether Portworx is being installed on Pivotal Container Service (PKS). | false |
EKSInstall | Indicates whether Portworx is being installed on Amazon Elastic Kubernetes Service (EKS). | false |
AKSInstall | Indicates whether Portworx is being installed on Azure Kubernetes Service (AKS). | false |
GKEInstall | Indicates whether Portworx is being installed on Google Kubernetes Engine (GKE). | false |
etcdEndPoint | (REQUIRED) Specifies the etcd endpoint(s) in the format "etcd:http://<your-etcd-endpoint>". Multiple URLs should be separated by a semicolon (e.g., etcd:http://<your-etcd-endpoint1>;etcd:http://<your-etcd-endpoint2>). | "" |
clusterName | Defines the name of the Portworx cluster. | "mycluster" |
usefileSystemDrive | Determines if Portworx should use an unmounted drive even if it contains a filesystem. | false |
usedrivesAndPartitions | Determines if Portworx should use both the drives and partitions on the disk. | false |
drives | Specifies a semicolon-separated list of drives to be used for storage (e.g., /dev/sda;/dev/sdb). | "none" |
provider | Defines the cloud provider name (e.g., pure, azure, aws, gce, vsphere) when using cloud storage. | "" |
journalDevice | Specifies the journal device for Portworx metadata. | "" |
cacheDevices | Specifies a semicolon-separated list of cache devices for Portworx. | "" |
maxStorageNodesPerZone | Sets the maximum number of storage nodes per zone. If the limit is reached, any new node added to the zone is started as a compute-only node. | 0 |
maxStorageNodes | Sets the maximum number of storage nodes. If the limit is reached, any new node is started as a compute-only node. Using maxStorageNodesPerZone is recommended. | 0 |
systemMetadataDevice | Specifies the device for storing Portworx metadata. | "" |
secretType | Defines the secret store to be used, such as AWS KMS, KVDB, Vault, K8s, or IBM Key Protect. | k8s |
dataInterface | Specifies the name of the data network interface (e.g., ethX). | "none" |
managementInterface | Specifies the name of the management network interface (e.g., ethX). | "none" |
serviceType | Defines the Kubernetes service type for services deployed by the operator. Use direct values like 'LoadBalancer' or 'NodePort' to change all services, or specify individual service types (e.g., portworx-service:LoadBalancer;portworx-api:ClusterIP). | "none" |
runtimeOptions | Specifies a semicolon-separated list of key-value pairs that override runtime options. | "" |
featureGates | Specifies a semicolon-separated list of key-value pairs for enabling or disabling Portworx features. | "" |
security.enabled | Enables or disables security features. | false |
security.auth.guestAccess | Controls guest role access in the cluster. Options: Enabled, Disabled, Managed. | "Enabled" |
security.auth.selfSigned.tokenLifetime | Sets the token lifetime for self-signed tokens generated by the operator. | "" |
security.auth.selfSigned.issuer | Defines the issuer name for configuring PX-Security. | "" |
security.auth.selfSigned.sharedSecret | Specifies the Kubernetes secret name for storing the shared secret. | "" |
resources | Configures resource usage (memory and CPU) for Portworx containers. | {} |
customMetadata.annotations.pod.storage | Adds custom annotations for Portworx pods. | "" |
customMetadata.annotations.service.portworxApi | Adds custom annotations for the portworx-api service. | "" |
customMetadata.annotations.service.portworxService | Adds custom annotations for the portworx-service. | "" |
customMetadata.annotations.service.portworxKVDBService | Adds custom annotations for the portworx-kvdb-service. | "" |
customMetadata.labels.service.portworxApi | Adds custom labels for the portworx-api service (currently supported only for this service). | "" |
envVars | Defines a semicolon-separated list of environment variables (e.g., MYENV1=val1;MYENV2=val2). Deprecated: Use envs for setting environment variables. | "none" |
envs | Adds environment variables to the Portworx container in Kubernetes-supported formats. | [ ] |
disableStorageClass | Disables the installation of default Portworx StorageClasses. | false |
stork.enabled | Enables or disables STORK (Storage Orchestration for Hyperconvergence). | true |
stork.storkVersion | Specifies the version of STORK to use. | "" |
stork.args | Passes arguments to the STORK container. | "" |
stork.volumes | Adds volumes to the STORK container. | [ ] |
stork.env | Defines Kubernetes-style environment variables for the STORK container. | [ ] |
customRegistryURL | Specifies a custom Docker registry URL. | "" |
registrySecret | Defines the secret for accessing a custom registry. | "" |
monitoring.prometheus.enabled | Enables or disables Prometheus monitoring. | false |
monitoring.prometheus.exportMetrics | Exposes Portworx metrics to an external or operator-deployed Prometheus. | false |
monitoring.prometheus.alertManager | Enables or disables the Prometheus Alertmanager. | false |
monitoring.prometheus.resources | Configures resource usage (memory and CPU) for the Prometheus container. | {} |
monitoring.prometheus.replicas | Specifies the number of Prometheus replicas to deploy. | 1 |
monitoring.prometheus.retention | Sets the retention period for Prometheus metrics. | "24h" |
monitoring.prometheus.retentionSize | Limits the disk space used by Prometheus for storing metrics. Example: "10GiB", "50MiB". | "" |
monitoring.prometheus.storage | Configures storage for Prometheus data. | {} |
monitoring.prometheus.volumes | Adds additional volumes for the Prometheus StatefulSet. | [ ] |
monitoring.prometheus.volumeMounts | Adds additional volume mounts for the Prometheus StatefulSet. | [ ] |
monitoring.prometheus.securityContext.runAsNonRoot | Enables running the Prometheus container as a non-root user. | false |
monitoring.telemetry | Enables or disables telemetry reporting. | true |
monitoring.grafana | Enables or disables Grafana integration. | false |
csi.enabled | Enables the Container Storage Interface (CSI). | true |
csi.topology.enabled | Enables the CSI topology feature. | false |
csi.installSnapshotController | Installs the CSI Snapshot Controller. | false |
autopilot.enabled | Enables the Autopilot feature. | true |
autopilot.image | Specifies the Autopilot image. | "" |
autopilot.lockImage | Locks Autopilot to the specified image. | false |
autopilot.args | Defines a semicolon-separated list of arguments for Autopilot. | "" |
autopilot.env | Adds Kubernetes-style environment variables for the Autopilot container. | [ ] |
internalKVDB | Enables the internal Key-Value Database (KVDB). | true |
kvdbDevice | Specifies a separate device for storing KVDB data (used when internalKVDB is true). | "" |
kvdb.authSecretName | Defines the secret for securing KVDB. For more details, see Secure your etcd communication. | "none" |
etcd.credentials | Specifies etcd authentication credentials in the format user:password. Deprecated: Use kvdb.authSecretName. | "none":"none" |
etcd.certPath | Base path for etcd certificates (e.g., /etc/pwx/etcdcerts). Deprecated: Use kvdb.authSecretName. | "none" |
etcd.ca | Specifies the CA file for etcd certificate-based authentication. Deprecated: Use kvdb.authSecretName. | "none" |
etcd.cert | Specifies the client certificate for etcd certificate-based authentication. Deprecated: Use kvdb.authSecretName. | "none" |
etcd.key | Specifies the private key for etcd certificate-based authentication. Deprecated: Use kvdb.authSecretName. | "none" |
consul.token | The ACL token used for authenticating with Consul (e.g., xxxxxxxx-xxxx-xxxx-xxxx-bbbeb030d1f6). Deprecated: Use kvdb.authSecretName instead. | - |
volumes | Defines the volumes for Portworx, specifying parameters like name, mount path, mount propagation (options include None, HostToContainer, Bidirectional), and read-only status. For secret volumes, provide the secret name and map specific keys to paths. Supported volume types include Host, Secret, and ConfigMap. | [ ] |
tolerations | Specifies tolerations for scheduling Portworx pods, allowing them to run on nodes with matching taints. | [ ] |
nodeAffinity | Specifies node affinity rules that dictate where Portworx pods can be scheduled based on node labels. | {} |
nodesConfiguration | Allows overriding of cluster-level configurations for individual nodes or groups, including settings for network, storage, environment variables, and runtime options. | [ ] |
clusterToken.create | Indicates whether a cluster token should be generated. | false |
clusterToken.secretName | The name of the Kubernetes secret that will be created for the cluster token, which requires clusterToken.create to be true. | "px-vol-encryption" |
clusterToken.serviceAccountName | The service account name utilized for the post-install hook to generate the cluster token. | "px-create-cluster-token" |
deleteStrategy.type | Specifies the delete strategy for the Portworx cluster, with valid options being Uninstall or UninstallAndWipe. | "" |
updateStrategy.type | Defines the update strategy for the Portworx cluster, with supported options including RollingUpdate and OnDelete. | "" |
updateStrategy.maxUnavailable | Specifies the maximum number of nodes that can be unavailable during a rolling update. | 1 |
updateStrategy.minReadySeconds | Sets the minimum duration (in seconds) that a pod must be ready before the next batch of pods is updated during a rolling update. | 1 |
updateStrategy.autoUpdateComponents | Determines the update strategy for component images, with valid options including None, Once, and Always. | None |
note
You can specify each parameter using the --set key1=value1,key2=value2 argument with the helm install command. For example, helm install my-release portworx/portworx --set pxOperatorImageVersion=24.1.1 command sets the Portworx Operator version to 24.1.1.