[compose/api] Error upgrading Airbyte helm chart from 0.63.11 to 1.3.0

[PrestonBlackburn]

Helm Chart Version

0.63.11

What step the error happened?

Upgrading the Platform or Helm Chart

Relevant information

When trying to upgrade from helm chart version 0.63.11 to 1.3.0 the deployment is successful, but there is a communication with the frontend or backend. I port forward the web app serverice with

kubectl port-forward svc/release-1-airbyte-webapp-svc 8001:80

which works on 0.63.11 and 1.3.0 independently, just not after upgrading. I tested the helm chart values with helm chart version 1.3.0 seperately and they working, but just not when upgrading from 0.63.11 to 1.3.0.

The error is for the /api/v1/instance_configuration endpoint, but I also get a 404 error when trying to access the /api/v1/health endpoint.

Error in the UI:

{
  "url": "http://localhost:8080/",
  "airbyteVersion": "1.3.1",
  "errorType": "HttpError",
  "errorConstructor": "Xu",
  "error": {
    "i18nKey": "errors.http.notFound",
    "i18nParams": {
      "status": 404
    },
    "name": "HttpError",
    "requestId": "bbBYXWFH6fkfKpLGpcc38c",
    "request": {
      "url": "/api/v1/instance_configuration",
      "method": "get"
    },
    "status": 404,
    "response": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.27.2</center>\r\n</body>\r\n</html>\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n"
  },
  "stacktrace": "HttpError: errors.http.notFound\n    at jve (http://localhost:8080/assets/core-fpdmzxaudr.js:120:11251)",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
  "featureFlags": {}
}

Maybe it has to do with a config somewhere that changed or needs to be manually updated for 1.3.0 from 0.63.11?

Relevant log output

Logs from the webapp pod. There were no errors in the server pod.

2024/12/17 20:55:06 [error] 21#21: *23 open() "/usr/share/nginx/html/api/v1/instance_configuration" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: "GET /api/v1/instance_configuration HTTP/1.1", host: "localhost:8001", referrer: "http://localhost:8001/"

[abusutil]

Hello,

I have the same issue by upgrading 1.2 to 1.3.0.

{
  "url": "https://airbyte.staging.my.domain/",
  "airbyteVersion": "1.1.0",
  "errorType": "HttpError",
  "errorConstructor": "wd",
  "error": {
    "i18nKey": "errors.http.notFound",
    "i18nParams": {
      "status": 404
    },
    "name": "HttpError",
    "requestId": "omEvSZHkVrFF6fcE8p6SEo",
    "request": {
      "url": "/api/v1/instance_configuration",
      "method": "get"
    },
    "status": 404,
    "response": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.27.1</center>\r\n</body>\r\n</html>\r\n"
  },
  "stacktrace": "j2@https://airbyte.staging.my.domain/assets/core-icl96mliue.js:120:5955\nwd@https://airbyte.staging.my.domain/assets/core-icl96mliue.js:120:6642\n@https://airbyte.staging.my.domain/assets/core-icl96mliue.js:120:10578",
  "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15",
  "featureFlags": {}
}

[PrestonBlackburn]

It looks like I'm able to upgrade from 0.63.11 to version 1.1.0 successfully, so that at least that narrows it down to most likely something changed in the 1.3.0 version.

[marcosmarxm]

Hi @PrestonBlackburn,
Thank you for reporting this issue and providing detailed information. To assist you effectively, could you please provide the following additional details:

• Helm Upgrade Command: The exact command you used to upgrade from version 0.63.11 to 1.3.0.
• Custom Configurations: Any custom values or configurations applied during the upgrade, especially those related to networking, services, or endpoints.

I have already shared the issue with the team responsible for the Airbyte API for their review.

[PrestonBlackburn]

Thanks, here is some additional info:

Helm Upgrade command to 1.3.0 (doesn't work post deployment, upgrade command is successful though):

helm upgrade --install release-1 airbyte/airbyte --values values.yaml

Helm setup / commands:
Original install of 0.63.11

helm install release-1 airbyte/airbyte -f values.yaml --version 0.363.0

Helm upgrade to 1.1.0 (works)

helm upgrade --install release-1 airbyte/airbyte --values values.yaml --version 1.1.0

Updates to values.yaml

global
  env_vars:
     MAX_CHECK_WORKERS: 12
    MAX_DISCOVER_WORKERS: 24
    MAX_FIELDS_PER_CONNECTION: 40000
    MAX_SPEC_WORKERS: 24
    MAX_SYNC_WORKERS: 24
    TEMPORAL_HISTORY_RETENTION_IN_DAYS: 7

Full values.yaml - Providing this since in case there have been changes since the values.yaml I was using

### TEST FOR RELEASE WORKFLOW


# Global params that are overwritten with umbrella chart
global:
  # -- Service Account name override
  serviceAccountName: &service-account-name "airbyte-admin"
  # -- Deployment mode, whether or not render the default env vars and volumes in deployment spec
  deploymentMode: "oss"
  # -- Edition; "community" or "pro"
  edition: "community"

  airbyteYml: ""

  enterprise:
    # -- Secret name where an Airbyte license key is stored
    secretName: "airbyte-config-secrets"
    # -- The key within `licenseKeySecretName` where the Airbyte license key is stored
    licenseKeySecretKey: "license-key"

  # -- The URL where Airbyte will be reached; This should match your Ingress host
  airbyteUrl: ""

  # -- Auth configuration
  auth:
    # -- Admin user configuration
    instanceAdmin:
      # -- Secret name where the instanceAdmin configuration is stored
      secretName: "airbyte-config-secrets"
      # -- The first name of the initial user
      firstName: ""
      # -- The last name of the initial user
      lastName:  ""
      # -- The key within `emailSecretName` where the initial user's email is stored
      emailSecretKey: "instance-admin-email"
      # -- The key within `passwordSecretName` where the initial user's password is stored
      passwordSecretKey: "instance-admin-password"
    
    # -- SSO Identify Provider configuration; (requires Enterprise)
    #identityProvider:
    #  # -- Secret name where the OIDC configuration is stored
    #  secretName: "airbyte-config-secrets"
    #  # -- The identity provider type (e.g. oidc)
    #  type: ""
    #  # -- OIDC configuration (required if `auth.identityProvider.type` is "oidc")
    #  oidc:
    #    # -- OIDC application domain
    #    domain: ""
    #    # -- OIDC application name
    #    appName: ""
    #    # -- The key within `clientIdSecretName` where the OIDC client id is stored
    #    clientIdSecretKey: "client-id"
    #    # -- The key within `clientSecretSecretName` where the OIDC client secret is stored
    #    clientSecretSecretKey: "client-secret"

  # -- Environment variables
  env_vars:
    # using map fixed warnings
    # All 50 is too high for CYG (overloads DB)
    # MAX_SYNC_WORKERS: 24     # defaults to 10
    # MAX_SPEC_WORKERS: 25     # (not sure what default is)
    # MAX_CHECK_WORKERS: 12    # defaults to 5
    # MAX_DISCOVER_WORKERS: 25 # (not sure what default is)
    # MAX_FIELDS_PER_CONNECTION: 40000 # defaulted to 20000 and we needed 21000 to put all streams in one connection
    # TEMPORAL_HISTORY_RETENTION_IN_DAYS: 7 # defaults to 30
    # TRACKING_STRATEGY: logging

    MAX_CHECK_WORKERS: 12
    MAX_DISCOVER_WORKERS: 24
    MAX_FIELDS_PER_CONNECTION: 40000
    MAX_SPEC_WORKERS: 24
    MAX_SYNC_WORKERS: 24
    TEMPORAL_HISTORY_RETENTION_IN_DAYS: 7
    # TRACKING_STRATEGY: "logging"  --- This actually doesn't work...


  # -- Database configuration
  database:
    type: "internal" # "external"

    # -- Secret name where database credentials are stored
    secretName: "" # e.g. "airbyte-config-secrets"

    # -- The database host
    host: ""

    # -- The database port
    port: ""

    # -- The database name
    database: ""

    # -- The database user
    user: ""
    # -- The key within `secretName` where the user is stored
    #userSecretKey: "" # e.g. "database-user"

    # -- The database password
    password: ""
    # -- The key within `secretName` where the password is stored
    #passwordSecretKey: "" # e.g."database-password"

  storage:
    type: minio # default storage used
    # TODO: Add full configuration here

  metrics:
    # -- The metric client to configure globally. Supports "otel"
    metricClient: ""
    # -- The open-telemetry-collector endpoint that metrics will be sent to
    otelCollectorEndpoint: ""

  # Jobs resource requests and limits, see http://kubernetes.io/docs/user-guide/compute-resources/
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube.
  jobs:
    resources:
      ## Example:
      ## requests:
      ##    memory: 256Mi
      ##    cpu: 250m
      # -- Job resource requests
      requests:
        memory: 256Mi
        cpu: 250m
      ## Example:
      # limits:
      #    cpu: 200m
      #    memory: 1Gi
      # -- Job resource limits
      limits: {}

    kube:
      ## JOB_KUBE_ANNOTATIONS
      # pod annotations of the sync job and the default pod annotations fallback for others jobs
      # -- key/value annotations applied to kube jobs
      annotations: {}

      ## JOB_KUBE_LABELS
      ## pod labels of the sync job and the default pod labels fallback for others jobs
      # -- key/value labels applied to kube jobs
      labels: {}

      ## JOB_KUBE_NODE_SELECTORS
      ## pod node selector of the sync job and the default pod node selector fallback for others jobs
      # -- Node labels for pod assignment
      nodeSelector: {}

      ## JOB_KUBE_TOLERATIONS
      # -- Node tolerations for pod assignment
      #  Any boolean values should be quoted to ensure the value is passed through as a string.
      tolerations: []

      ## JOB_KUBE_MAIN_CONTAINER_IMAGE_PULL_SECRET
      # -- image pull secret to use for job pod
      main_container_image_pull_secret: ""

      images:
        ## JOB_KUBE_BUSYBOX_IMAGE
        # -- busybox image used by the job pod
        busybox: ""
        ## JOB_KUBE_SOCAT_IMAGE
        # -- socat image used by the job pod
        socat: ""
        ## JOB_KUBE_CURL_IMAGE
        # -- curl image used by the job pod
        curl: ""

## @section Common Parameters

# -- String to partially override airbyte.fullname template with a string (will prepend the release name)
nameOverride: ""
# -- String to fully override airbyte.fullname template with a string
fullnameOverride: ""

# Pods Service Account, see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
  # -- Specifies whether a ServiceAccount should be created
  create: true
  # -- Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
  annotations: {}
  # -- Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
  name: *service-account-name

# -- Sets the AIRBYTE_VERSION environment variable. Defaults to Chart.AppVersion.
## If changing the image tags below, you should probably also update this.
version: ""

## @section Webapp Parameters

webapp:
  enabled: true
  # -- Number of webapp replicas
  replicaCount: 1

  ##  webapp.image.repository
  ##  webapp.image.pullPolicy
  ##  webapp.image.tag The airbyte webapp image tag. Defaults to the chart's AppVersion
  image:
    # -- The repository to use for the airbyte webapp image
    repository: airbyte/webapp
    # -- The pull policy to use for the airbyte webapp image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the webapp pods
  podAnnotations: {}

  # -- webapp.podLabels [object] Add extra labels to the webapp pods
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=101(nginx)
    fsGroup: 101

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=101(nginx)
    runAsUser: 101
    # gid=101(nginx)
    runAsGroup: 101
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  ## Configure extra options for the webapp containers' liveness and readiness probes,
  ## see https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  livenessProbe:
    # -- Enable livenessProbe on the webapp
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 1
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the webapp
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  service:
    # -- The service type to use for the webapp service
    type: ClusterIP
    # -- The service port to expose the webapp on
    port: 80
    # -- Annotations for the webapp service resource
    annotations: {}

  ## Web app resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the Web container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the Web container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  ## Configure the ingress resource that allows you to access the Airbyte installation.
  ## ref: http://kubernetes.io/docs/user-guide/ingress/
  ingress:
    # -- Set to true to enable ingress record generation
    enabled: false
    # -- Specifies ingressClassName for clusters >= 1.18+
    className: ""
    # -- Ingress annotations done as key:value pairs
    annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # -- The list of hostnames to be covered with this ingress record.
    hosts: []
    # - host: chart-example.local
    #   paths:
    #   - path: /
    #     pathType: ImplementationSpecific
    # -- Custom ingress TLS configuration
    tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #   - chart-example.local

    api:
    # -- The webapp API url
    url: /api/v1/
  connector-builder-server:
    url: /connector-builder-api

  fullstory:
    # -- Whether or not to enable fullstory
    enabled: false

  ## Examples (when using `webapp.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: var-run
  ##     mountPath: /var/run/
  ##   - name: var-cache-nginx
  ##     mountPath: /var/cache/nginx
  ##   - mountPath: /etc/nginx/conf.d
  ##     name: nginx-conf-d
  ##
  # -- Additional volumeMounts for webapp containers
  extraVolumeMounts: []

  ## Examples (when using `webapp.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: var-run
  ##     emptyDir: {}
  ##   - name: var-cache-nginx
  ##     emptyDir: {}
  ##   - name: nginx-conf-d
  ##     emptyDir: {}
  # -- Additional volumes for webapp pods
  extraVolumes: []

  ## Example:
  # extraContainers:
  #   - name: otel_collector
  #     image: somerepo/someimage:sometag
  #     args: [
  #         "--important-args"
  #     ]
  #     ports:
  #       - containerPort: 443
  #     volumeMounts:
  #       - name: volumeMountCool
  #         mountPath: /some/path
  #         readOnly: true
  # -- Additional container for server pods
  extraContainers: []

  ## Example:
  # extraInitContainers:
  #   - name: sleepy
  #     image: alpine
  #     command: ['sleep', '60']
  # -- Additional init containers for server pods
  extraInitContainers: []

  ## Example: (With default env vars and values taken from generated config map)
  # extraEnv:
  #   - name: POSTGRES_USER
  #     valueFrom:
  #       secretKeyRef:
  #         name: airbyte-secrets
  #         key: DATABASE_USER
  #   - name: POSTGRES_PWD
  #     valueFrom:
  #       secretKeyRef:
  #         name: airbyte-secrets
  #         key: DATABASE_PASSWORD
  #   - name: DYNAMIC_CONFIG_FILE_PATH
  #     value: "config/dynamicconfig/development.yaml"
  #   - name: DB
  #     value: "postgresql"
  #   - name: DB_PORT
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: DATABASE_PORT
  #   - name: POSTGRES_SEEDS
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: DATABASE_HOST
  # -- Supply extra env variables to main container using full notation
  extraEnv: []
  ## Example:
  ## secrets:
  ##   DATABASE_PASSWORD: strong-password
  ##   DATABASE_USER: my-db-user
  # -- Supply additional secrets to container
  secrets: {}

  ## Example:
  ## env_vars:
  ##   DATABASE_HOST: airbyte-db
  ##   DATABASE_PORT: 5432
  # -- Supply extra env variables to main container using simplified notation
  env_vars: {}

## @section Pod Sweeper parameters

pod-sweeper:
  enabled: true
  image:
    # -- The image repository to use for the pod sweeper
    repository: bitnami/kubectl
    # -- The pull policy for the pod sweeper image
    pullPolicy: IfNotPresent
    # -- The pod sweeper image tag to use
    tag: 1.28.9

  # -- Add extra annotations to the podSweeper pod
  podAnnotations: {}

  # -- Add extra labels to the podSweeper pod
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1001(anon)
    fsGroup: 1001

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1001(anon)
    runAsUser: 1001
    # gid=1001(anon)
    runAsGroup: 1001
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the podSweeper
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 5
    # -- Period seconds for livenessProbe
    periodSeconds: 30
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 1
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the podSweeper
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 5
    # -- Period seconds for readinessProbe
    periodSeconds: 30
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## Pod Sweeper app resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the podSweeper container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the podSweeper container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for pod assignment, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  ## Examples:
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for podSweeper container(s).
  extraVolumeMounts: []

  ## Examples:
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for podSweeper pod(s).
  extraVolumes: []

## @section Server parameters

server:
  enabled: true
  # -- Number of server replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte server image.
    repository: airbyte/server
    # -- the pull policy to use for the airbyte server image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the server pods
  podAnnotations: {}

  # -- Add extra labels to the server pods
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  ## Configure extra options for the server containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  livenessProbe:
    # -- Enable livenessProbe on the server
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 10
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the server
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 10
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## server resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the server container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the server container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for server pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for server pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  log:
    # -- The log level to log at
    level: "INFO"

  ## Examples (when using `server.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for server containers
  extraVolumeMounts: []

  ## Examples (when using `server.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for server pods
  extraVolumes: []

  ## Example:
  # extraContainers:
  #   - name: otel_collector
  #     image: somerepo/someimage:sometag
  #     args: [
  #         "--important-args"
  #     ]
  #     ports:
  #       - containerPort: 443
  #     volumeMounts:
  #       - name: volumeMountCool
  #         mountPath: /some/path
  #         readOnly: true
  # -- Additional container for server pods
  extraContainers: []

  ## Example:
  # extraInitContainers:
  #   - name: sleepy
  #     image: alpine
  #     command: ['sleep', '60']
  # -- Additional init containers for server pods
  extraInitContainers: []

  ## Example: (With default env vars and values taken from generated config map)
  # extraEnv:
  #   - name: AIRBYTE_VERSION
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: AIRBYTE_VERSION
  #   - name: API_URL
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: API_URL
    # - name: TRACKING_STRATEGY
    #   valueFrom:
    #     configMapKeyRef:
    #       name: airbyte-env
    #       key: TRACKING_STRATEGY
  #   - name: FULLSTORY
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: FULLSTORY
  #   - name: INTERNAL_API_HOST
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: INTERNAL_API_HOST
  ##
  # -- Supply extra env variables to main container using full notation
  extraEnv: []
  ## Example:
  ## secrets:
  ##   DATABASE_PASSWORD: strong-password
  ##   DATABASE_USER: my-db-user
  # -- Supply additional secrets to container
  secrets: {}
  ## Example:
  ## env_vars:
  ##   DATABASE_HOST: airbyte-db
  ##   DATABASE_PORT: 5432
  # -- Supply extra env variables to main container using simplified notation
  env_vars: {}
  #  TRACKING_STRATEGY: logging

## @section Worker Parameters

worker:
  enabled: true
  # -- Number of worker replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte worker image.
    repository: airbyte/worker
    # -- the pull policy to use for the airbyte worker image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the worker pods
  podAnnotations: {}

  # -- Add extra labels to the worker pods
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the worker
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 1
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the worker
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## worker resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    #! -- The resources limits for the worker container
    limits: {}
    ## Examples:
    requests:
       memory: 256Mi
       cpu: 250m
    # -- The requested resources for the worker container


  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for worker pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for worker pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  log:
    #! -- The log level to log at.
    level: "INFO"

  ## Example:
  ##
  ## extraEnv:
  ## - name: JOB_KUBE_TOLERATIONS
  ##   value: "key=airbyte-server,operator=Equals,value=true,effect=NoSchedule"
  # -- Additional env vars for worker pods
  extraEnv: []

  ## Examples (when using `worker.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for worker containers
  extraVolumeMounts: []

  ## Examples (when using `worker.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for worker pods
  extraVolumes: []
  # -- Additional container for worker pods
  extraContainers: []

  hpa:
    enabled: false

  debug:
    enabled: false

  containerOrchestrator:
    # -- Orchestrator image
    image: ""

  ## current no exist documentations
  activityMaxAttempt: ""
  activityInitialDelayBetweenAttemptsSeconds: ""
  activityMaxDelayBetweenAttemptsSeconds: ""
  maxNotifyWorkers: 5

## @section Workload Launcher Parameters

workload-launcher:
  enabled: false
  # -- Number of workload launcher replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte workload launcher image.
    repository: airbyte/workload-launcher
    # -- The pull policy to use for the airbyte workload launcher image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the workload launcher pods
  podAnnotations: {}

  # -- Add extra labels to the workload launcher pods
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the workload launcher
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 1
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the workload launcher
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## workload launcher resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the workload launcher container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the workload launcher container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for workload launcher pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # Affinity and anti-affinity for workload launcher pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  log:
    # -- The log level to log at
    level: "INFO"

  ## Example:
  ##
  ## extraEnv:
  ## - name: JOB_KUBE_TOLERATIONS
  ##   value: "key=airbyte-server,operator=Equals,value=true,effect=NoSchedule"
  # -- Additional env vars for workload launcher pods
  extraEnv: []

  ## Examples (when using `workload launcher.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for workload launcher containers
  extraVolumeMounts: []

  ## Examples (when using `workload-launcher.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for workload launcher pods
  extraVolumes: []

  extraContainers: []

  hpa:
    enabled: false

  debug:
    enabled: false

  containerOrchestrator:
    # -- Enable or disable Orchestrator
    enabled: true
    # -- Orchestrator image
    image: ""

  ## current no exist documentations
  activityMaxAttempt: ""
  activityInitialDelayBetweenAttemptsSeconds: ""
  activityMaxDelayBetweenAttemptsSeconds: ""

  maxNotifyWorkers: 5

## @section Metrics parameters
metrics:
  enabled: false

  # -- Number of metrics-reporter replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte metrics-reporter image.
    repository: airbyte/metrics-reporter
    # -- The pull policy to use for the airbyte metrics-reporter image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the metrics-reporter pod
  podAnnotations: {}

  # -- Add extra labels to the metrics-reporter pod
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  ## metrics-reporter app resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the metrics-reporter container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the metrics-reporter container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for metrics-reporter pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for metrics-reporter pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  ## Example:
  ##
  ## extraEnv:
  ## - name: SAMPLE_ENV_VAR
  ##   value: "key=sample-value"
  # -- Additional env vars for metrics-reporter pods
  extraEnv: []

  ## Examples (when using `metrics.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for metrics-reporter containers
  extraVolumeMounts: []

  ## Examples (when using `metrics.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for metrics-reporter pods
  extraVolumes: []

  extraContainers: []

  secrets: {}

  env_vars: {}

## @section Bootloader Parameters

airbyte-bootloader:
  enabled: true
  image:
    # -- The repository to use for the airbyte bootloader image.
    repository: airbyte/bootloader
    # -- The pull policy to use for the airbyte bootloader image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the bootloader pod
  podAnnotations: {}

  # -- Add extra labels to the bootloader pod
  podLabels: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for worker pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  ## Bootloader resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the airbyte bootloader image
    requests: {}
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the airbyte bootloader image
    limits: {}

  # -- Affinity and anti-affinity for bootloader pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  ## Example: (With default env vars and values taken from generated config map)
  ## extraEnv:
  ##   - name: AIRBYTE_VERSION
  ##     valueFrom:
  ##       configMapKeyRef:
  ##         name: airbyte-env
  ##         key: AIRBYTE_VERSION
  ##   - name: DATABASE_HOST
  ##     valueFrom:
  ##       configMapKeyRef:
  ##         name: airbyte-env
  ##         key: DATABASE_HOST
  ##   - name: DATABASE_PORT
  ##     valueFrom:
  ##       configMapKeyRef:
  ##         name: airbyte-env
  ##         key: DATABASE_PORT
  ##   - name: DATABASE_PASSWORD
  ##     valueFrom:
  ##       secretKeyRef:
  ##         name: airbyte-secrets
  ##         key: DATABASE_PASSWORD
  ##   - name: DATABASE_URL
  ##     valueFrom:
  ##       configMapKeyRef:
  ##         name: airbyte-env
  ##         key: DATABASE_URL
  ##   - name: DATABASE_USER
  ##     valueFrom:
  ##       secretKeyRef:
  ##         name: airbyte-secrets
  ##         key: DATABASE_USER
  # -- Supply extra env variables to main container using full notation
  extraEnv: []
  ## Example:
  ## secrets:
  ##   DATABASE_PASSWORD: strong-password
  ##   DATABASE_USER: my-db-user
  # -- Supply additional secrets to container
  secrets: {}

  ## Example:
  ## env_vars:
  ##   DATABASE_HOST: airbyte-db
  ##   DATABASE_PORT: 5432
  # -- Supply extra env variables to main container using simplified notation
  env_vars: {}
  ## Example:
  # extraContainers:
  #   - name: otel_collector
  #     image: somerepo/someimage:sometag
  #     args: [
  #         "--important-args"
  #     ]
  #     ports:
  #       - containerPort: 443
  #     volumeMounts:
  #       - name: volumeMountCool
  #         mountPath: /some/path
  #         readOnly: true
  # -- Additional container for server pod(s)
  extraContainers: []

  ## Example:
  # extraInitContainers:
  #   - name: sleepy
  #     image: alpine
  #     command: ['sleep', '60']
  # -- Additional init containers for server pods
  extraInitContainers: []

  ## Examples (when using `containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for server containers
  extraVolumeMounts: []

  ## Examples (when using `containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for server pods
  extraVolumes: []

## @section Temporal parameters
## TODO: Move to consuming temporal from a dedicated helm chart

temporal:
  enabled: true
  # -- The number of temporal replicas to deploy
  replicaCount: 1

  image:
    # -- The temporal image repository to use
    repository: temporalio/auto-setup
    # -- The pull policy for the temporal image
    pullPolicy: IfNotPresent
    # -- The temporal image tag to use
    tag: "1.23.0"

  service:
    # -- The Kubernetes Service Type
    type: ClusterIP
    # -- The temporal port and exposed kubernetes port
    port: 7233

  # -- Add extra annotations to the temporal pod
  podAnnotations: {}

  # -- Add extra labels to the temporal pod
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(temporal)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(temporal)
    runAsUser: 1000
    # gid=1000(temporal)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraInitContainers:
  ##   - name: config-loader
  ##     image: temporalio/auto-setup:1.23
  ##     command:
  ##       - /bin/sh
  ##       - -c
  ##       - >-
  ##         find /etc/temporal/config/ -maxdepth 1 -mindepth 1 -exec cp -ar {} /config/ \;
  ##     volumeMounts:
  ##       - name: config
  ##         mountPath: /config
  # -- Additional InitContainers to initialize the pod
  extraInitContainers: []

  livenessProbe:
    # -- Enable livenessProbe on the temporal
    enabled: false

  readinessProbe:
    # -- Enable readinessProbe on the temporal
    enabled: false

  # -- Node labels for temporal pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for temporal pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for temporal pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  ## Example:
  ##
  ## extraEnv:
  ## - name: SAMPLE_ENV_VAR
  ##   value: "key=sample-value"
  # -- Additional env vars for temporal pod(s).
  extraEnv: []

  ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  ##   - name: config
  ##     mountPath: /etc/temporal/config
  # -- Additional volumeMounts for temporal containers
  extraVolumeMounts: []

  ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  ##  - name: config
  ##    emptyDir: {}
  # -- Additional volumes for temporal pods
  extraVolumes: []

  ## Temporal resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for temporal pods
    requests: {}
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for temporal pods
    limits: {}

  extraContainers: []

## @section Airbyte Database parameters

# PostgreSQL chart configuration, see https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
postgresql:
  # -- Switch to enable or disable the PostgreSQL helm chart
  enabled: true

  ## image.repository Repository for airbyte-db statefulset
  image:
    repository: airbyte/db
  # -- Airbyte Postgresql username
  postgresqlUsername: airbyte
  # -- Airbyte Postgresql password
  postgresqlPassword: airbyte
  # -- Airbyte Postgresql database
  postgresqlDatabase: db-airbyte
  # fullnameOverride: *db-hostname
  ## This secret is used in case of postgresql.enabled=true and we would like to specify password for newly created postgresql instance
  # -- Name of an existing secret containing the PostgreSQL password ('postgresql-password' key)
  existingSecret: ""
  podSecurityContext:
    # gid=70(postgres)
    fsGroup: 70
  containerSecurityContext:
    # -- Ensures the container will run with a non-root user
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=70(postgres)
    runAsUser: 70
    # gid=70(postgres)
    runAsGroup: 70
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  commonAnnotations:
    # -- It will determine when the hook should be rendered
    helm.sh/hook: pre-install
    # -- The order in which the hooks are executed. If weight is lower, it has higher priority
    helm.sh/hook-weight: "-1"
  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for postgresql pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for postgresql pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

# External PostgreSQL configuration, All of these values are only used when postgresql.enabled is set to false
externalDatabase:
  # -- Database host
  host: ""
  # -- non-root Username for Airbyte Database
  user: ""
  # -- Database password
  password: ""
  # -- Name of an existing secret resource containing the DB password
  existingSecret: ""
  # -- Name of an existing secret key containing the DB password
  existingSecretPasswordKey: ""
  # -- Database name
  database: ""
  # -- Database port number
  port: ""
  # -- Database full JDBL URL (ex: jdbc:postgresql://host:port/db?parameters)
  jdbcUrl: ""

## @section Logs parameters

minio:
  image:
    # -- Minio image used by Minio helm chart
    repository: minio/minio
    # -- Minio tag image
    tag: RELEASE.2023-11-20T22-40-07Z

  storage:
    volumeClaimValue: 500Mi

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}

  # -- Tolerations for minio pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []

  # -- Affinity and anti-affinity for minio pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

## @section cron parameters

cron:
  enabled: true
  # -- Number of cron replicas
  replicaCount: 1
  image:
    # -- The repository to use for the airbyte cron image.
    repository: airbyte/cron
    # -- The pull policy to use for the airbyte cron image
    pullPolicy: IfNotPresent

  # -- Add extra annotations to the cron pods
  podAnnotations: {}

  # -- Add extra labels to the cron pods
  podLabels: {}

  # -- Security context for the container
  podSecurityContext:
    # uid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the cron
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 1
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the cron
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## cron resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the cron container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the cron container
    requests: {}

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for cron pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for cron pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  log:
    # -- The log level to log at.
    level: "INFO"

  ## Examples (when using `cron.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumeMounts:
  ##   - name: tmpdir
  ##     mountPath: /tmp
  # -- Additional volumeMounts for cron containers
  extraVolumeMounts: []

  ## Examples (when using `cron.containerSecurityContext.readOnlyRootFilesystem=true`):
  ## extraVolumes:
  ##   - name: tmpdir
  ##     emptyDir: {}
  # -- Additional volumes for cron pods
  extraVolumes: []

  ## Example:
  # extraContainers:
  #   - name: otel_collector
  #     image: somerepo/someimage:sometag
  #     args: [
  #         "--important-args"
  #     ]
  #     ports:
  #       - containerPort: 443
  #     volumeMounts:
  #       - name: volumeMountCool
  #         mountPath: /some/path
  #         readOnly: true
  # -- Additional container for cron pods
  extraContainers: []

  ## Example:
  # extraInitContainers:
  #   - name: sleepy
  #     image: alpine
  #     command: ['sleep', '60']
  # -- Additional init containers for cron pods
  extraInitContainers: []

  ## Example: (With default env vars and values taken from generated config map)
  # extraEnv:
  #   - name: AIRBYTE_VERSION
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: AIRBYTE_VERSION
  #   - name: API_URL
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: API_URL
  #   - name: TRACKING_STRATEGY
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: TRACKING_STRATEGY
  #   - name: FULLSTORY
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: FULLSTORY
  #   - name: INTERNAL_API_HOST
  #     valueFrom:
  #       configMapKeyRef:
  #         name: airbyte-env
  #         key: INTERNAL_API_HOST
  # -- Supply extra env variables to main container using full notation
  extraEnv: []
  ## Example:
  ## secrets:
  ##   DATABASE_PASSWORD: strong-password
  ##   DATABASE_USER: my-db-user
  # -- Supply additional secrets to container
  secrets: {}
  ## Example:
  ## env_vars:
  ##   DATABASE_HOST: airbyte-db
  ##   DATABASE_PORT: 5432
  # -- Supply extra env variables to main container using simplified notation
  env_vars: {}

connector-builder-server:
  enabled: true
  # -- Number of connector-builder-server replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte connector-builder-server image.
    repository: airbyte/connector-builder-server
    # -- The pull policy to use for the airbyte connector-builder-server image
    pullPolicy: IfNotPresent

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the server
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 10
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the server
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 10
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## connector-builder-server resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the connector-builder-server container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the connector-builder-server container
    requests: {}

  log:
    # -- The log level to log at.
    level: "INFO"

  env_vars: {}
  service:
    port: 80

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

airbyte-api-server:
  enabled: true
  # -- Number of airbyte-api-server replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte airbyte-api-server image.
    repository: airbyte/airbyte-api-server
    # -- The pull policy to use for the airbyte airbyte-api-server image
    pullPolicy: IfNotPresent

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the server
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 10
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the server
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 10
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## airbyte-api-server resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the airbyte-api-server container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    ## - The requested resources for the airbyte-api-server container
    requests: {}

  log:
    # -- The log level to log at.
    level: "INFO"

  env_vars: {}
  service:
    port: 80

  # - Configure the ingress resource that allows you to access the Airbyte API, see http://kubernetes.io/docs/user-guide/ingress/
  ingress:
    # -- Set to true to enable ingress record generation
    enabled: false
    # -- Specifies ingressClassName for clusters >= 1.18+
    className: ""
    # -- Ingress annotations done as key:value pairs
    annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # -- The list of hostnames to be covered with this ingress record.
    hosts: []
    # - host: chart-example.local
    #   paths:
    #   - path: /
    #     pathType: ImplementationSpecific
    # -- Custom ingress TLS configuration
    tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #   - chart-example.local

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

keycloak:
  enabled: true
  env_vars: {}

  auth:
    adminUsername: airbyteAdmin
    adminPassword: keycloak123

  # -- Security context for the container
  podSecurityContext:
    # gid=0(root)
    fsGroup: 0

  initContainerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=70(postgres)
    runAsUser: 70
    # gid=70(postgres)
    runAsGroup: 70
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault
    
  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(keycloak)
    runAsUser: 1000
    # gid=0(root)
    runAsGroup: 0
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

keycloak-setup:
  enabled: true
  env_vars: {}

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  initContainerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # gid=100(curl_user)
    runAsUser: 100
    # gid=101(curl_group)
    runAsGroup: 101
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

workload-api-server:
  enabled: false

  bearerToken: token

  # -- airbyte-api-server replicas
  replicaCount: 1

  image:
    # -- The repository to use for the airbyte-workload-api-server image.
    repository: airbyte/workload-api-server
    # -- The pull policy to use for the airbyte-workload-api-server image
    pullPolicy: IfNotPresent

  # -- Security context for the container
  podSecurityContext:
    # gid=1000(airbyte)
    fsGroup: 1000

  containerSecurityContext:
    allowPrivilegeEscalation: false 
    runAsNonRoot: true
    # uid=1000(airbyte)
    runAsUser: 1000
    # gid=1000(airbyte)
    runAsGroup: 1000
    readOnlyRootFilesystem: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

  livenessProbe:
    # -- Enable livenessProbe on the server
    enabled: true
    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 30
    # -- Period seconds for livenessProbe
    periodSeconds: 10
    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 10
    # -- Failure threshold for livenessProbe
    failureThreshold: 3
    # -- Success threshold for livenessProbe
    successThreshold: 1

  readinessProbe:
    # -- Enable readinessProbe on the server
    enabled: true
    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 10
    # -- Period seconds for readinessProbe
    periodSeconds: 10
    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 10
    # -- Failure threshold for readinessProbe
    failureThreshold: 3
    # -- Success threshold for readinessProbe
    successThreshold: 1

  ## airbyte-workload-api-server resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  resources:
    ## Example:
    ## limits:
    ##    cpu: 200m
    ##    memory: 1Gi
    # -- The resources limits for the airbyte-workload-api-server container
    limits: {}
    ## Examples:
    ## requests:
    ##    memory: 256Mi
    ##    cpu: 250m
    # -- The requested resources for the airbyte-workload-api-server container
    requests: {}

  log:
    # -- The log level at which to log
    level: "INFO"

  # -- Node labels for pod assignment, see https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}

  # -- Tolerations for webapp pod assignment, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations: []

  # -- Affinity and anti-affinity for webapp pod assignment, see
  # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  env_vars: {}
  service:
    port: 8007

  # Configure the ingress resource that allows you to access the Airbyte Workload API, see http://kubernetes.io/docs/user-guide/ingress/
  ingress:
    # -- Set to true to enable ingress record generation
    enabled: false
    # -- Specifies ingressClassName for clusters >= 1.18+
    className: ""
    # -- Ingress annotations done as key:value pairs
    annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    # -- The list of hostnames to be covered with this ingress record
    hosts: []
    # - host: chart-example.local
    #   paths:
    #   - path: /
    #     pathType: ImplementationSpecific
    # -- Custom ingress TLS configuration
    tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #   - chart-example.local

[abuchanan-airbyte]

I was able to reproduce the problem with your steps, thanks. I think the problem is that you're using an outdated values.yaml file. If I upgrade with a minimal values file it works:

global:
  env_vars:
    MAX_CHECK_WORKERS: 12
    MAX_DISCOVER_WORKERS: 24
    MAX_FIELDS_PER_CONNECTION: 40000
    MAX_SPEC_WORKERS: 24
    MAX_SYNC_WORKERS: 24
    TEMPORAL_HISTORY_RETENTION_IN_DAYS: 7

The problem could be that your full values file includes outdated security context details.

In general, I recommend that you use a minimal values file instead of copying and modifying the full version, because we'll make changes over time that aren't compatible across versions.

[PrestonBlackburn]

That makes sense, thanks!

Is there somewhere specific that we can see which values change from each major version? Or is the values.yaml in the airbyte-platform repo (https://github.com/airbytehq/airbyte-platform/blob/main/charts/airbyte/values.yaml) the best place to view those?

[abuchanan-airbyte]

We don't have anything that shows the specific changes between versions (yet, that's something we'd like to do). The best place to see the values file for now is the repo you linked. You can look at specific tags for each version (e.g. 1.2.0