Tuning Component Settings

Helm Charts are a set of Kubernetes manifests that reflect best practices for deploying an application or service on Kubernetes.

6 minute read

After you add the Drycc Chart Repository, you can customize the chart using helm inspect values drycc/workflow > values.yaml before using helm install to complete the installation.

There are a few ways to customize the respective component:

If the value is exposed in the values.yaml file as derived above, one may modify the section of the component to tune these settings. The modified value(s) will then take effect at chart installation or release upgrade time via either of the two respective commands:
```
 $ helm install drycc oci://registry.drycc.cc/charts/workflow \
     -n drycc \
     --namespace drycc \
     -f values.yaml
 $ helm upgrade drycc oci://registry.drycc.cc/charts/workflow \
     -n drycc \
     --namespace drycc \
     -f values.yaml
```
If the value hasn’t yet been exposed in the values.yaml file, one may edit the component deployment with the tuned setting. Here we edit the drycc-controller deployment:
```
 $ kubectl --namespace drycc edit deployment drycc-controller
```
Add/edit the setting via the appropriate environment variable and value under the env section and save. The updated deployment will recreate the component pod with the new/modified setting.
Lastly, one may also fetch and edit the chart as served by version control/the chart repository itself:
```
 $ helm fetch oci://registry.drycc.cc/charts/workflow --untar
 $ $EDITOR workflow/charts/controller/templates/controller-deployment.yaml
```
Then run helm install ./workflow --namespace drycc --name drycc to apply the changes, or helm upgrade drycc ./workflow if the cluster is already running.

Setting Resource limits

You can set resource limits to Workflow components by modifying the values.yaml file fetched earlier. This file has a section for each Workflow component. To set a limit to any Workflow component just add resources in the section and set them to the appropriate values.

Below is an example of how the builder section of values.yaml might look with CPU and memory limits set:

builder:
  imageOrg: "drycc"
  imagePullPolicy: "Always"
  imageTag: "canary"
  resources:
    limits:
      cpu: 1000m
      memory: 2048Mi
    requests:
      cpu: 500m
      memory: 1024Mi

Customizing the Builder

The following environment variables are tunable for the Builder component:

Setting	Description
DEBUG	Enable debug log output (default: false)
BUILDER_POD_NODE_SELECTOR	A node selector setting for builder job. As it may sometimes consume a lot of node resources, one may want a given builder job to run in a specific node only, so it won’t affect critical nodes. for example `pool:testing,disk:magnetic`

Customizing the Controller

The following environment variables are tunable for the Controller component:

Setting	Description
REGISTRATION_MODE	set registration to “enabled”, “disabled”, or “admin_only” (default: “admin_only”)
GUNICORN_WORKERS	number of gunicorn workers spawned to process requests (default: CPU cores * 4 + 1)
RESERVED_NAMES	a comma-separated list of names which applications cannot reserve for routing (default: “drycc, drycc-builder”)
DRYCC_DEPLOY_HOOK_URLS	a comma-separated list of URLs to send deploy hooks to.
DRYCC_DEPLOY_HOOK_SECRET_KEY	a private key used to compute the HMAC signature for deploy hooks.
DRYCC_DEPLOY_REJECT_IF_PROCFILE_MISSING	rejects a deploy if the previous build had a Procfile but the current deploy is missing it. A 409 is thrown in the API. Prevents accidental process types removal. (default: “false”, allowed values: “true”, “false”)
DRYCC_DEPLOY_PROCFILE_MISSING_REMOVE	when turned on (default) any missing process type in a Procfile compared to the previous deploy is removed. When set to false will allow an empty Procfile to go through without removing missing process types, note that new images, configs and so on will get updated on all proc types. (default: “true”, allowed values: “true”, “false”)
DRYCC_DEFAULT_CONFIG_TAGS	set tags for all applications by default, for example: ‘{“role”: “worker”}’. (default: ‘’)
KUBERNETES_NAMESPACE_DEFAULT_QUOTA_SPEC	set resource quota to application namespace by setting ResourceQuota spec, for example: `{"spec":{"hard":{"pods":"10"}}}`, restrict app owner to spawn more then 10 pods (default: “”, no quota will be applied to namespace)

LDAP authentication settings

Configuration options for LDAP authentication are detailed here.

The following environment variables are available for enabling LDAP authentication of user accounts in the Passport component:

Setting	Description
LDAP_ENDPOINT	The URI of the LDAP server. If not specified, LDAP authentication is not enabled (default: “”, example: `ldap://hostname`).
LDAP_BIND_DN	The distinguished name to use when binding to the LDAP server (default: “”)
LDAP_BIND_PASSWORD	The password to use with LDAP_BIND_DN (default: “”)
LDAP_USER_BASEDN	The distinguished name of the search base for user names (default: “”)
LDAP_USER_FILTER	The name of the login field in the users search base (default: “username”)
LDAP_GROUP_BASEDN	The distinguished name of the search base for user’s groups names (default: “”)
LDAP_GROUP_FILTER	The filter for user’s groups (default: “”, example: `objectClass=person`)

Global and per application settings

Setting	Description
DRYCC_DEPLOY_BATCHES	the number of pods to bring up and take down sequentially during a scale (default: number of available nodes)
DRYCC_DEPLOY_TIMEOUT	deploy timeout in seconds per deploy batch (default: 120)
IMAGE_PULL_POLICY	the Kubernetes image pull policy for application images (default: “IfNotPresent”) (allowed values: “Always”, “IfNotPresent”)
KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT	how many revisions Kubernetes keeps around for a given Deployment (default: all revisions)
KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS	how many seconds Kubernetes waits for a pod to finish work after a SIGTERM before sending SIGKILL (default: 30)

See the Deploying Apps guide for more detailed information on those.

Customizing the Database

The following environment variables are tunable for the Database component:

Setting	Description
BACKUP_FREQUENCY	how often the database should perform a base backup (default: “12h”)
BACKUPS_TO_RETAIN	number of base backups the backing store should retain (default: 5)

Customizing Fluentbit

The following values can be changed in the values.yaml file or by using the --values flag with the Helm CLI.

Key	Description
config.service	The service section defines the global properties of the service.
config.inputs	An input section defines a source (related to an input plugin).
config.filters	A filter section defines a filter (related to a filter plugin)
config.outputs	The outputs section specifies a destination that certain records should follow after a Tag match.

For more information about the various variables that can be set please see the fluentbit.

Customizing the Monitor

Grafana

We have exposed some of the more useful configuration values directly in the chart. This allows them to be set using either the values.yaml file or by using the --set flag with the Helm CLI. You can see these options below:

Setting	Default Value	Description
user	“admin”	The first user created in the database (this user has admin privileges)
password	“admin”	Password for the first user.
allow_sign_up	“true”	Allows users to sign up for an account.

For a list of other options you can set by using environment variables please see the configuration file in GitHub.

Victoriametrics

You can find a list of values that can be set using environment variables here.

Customizing the Registry

The Registry component can be tuned by following the distribution config doc.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified 11.10.2025: chore(zh-cn): 优化中文文档 (931e2de)