spark-operator
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
#
2
# Copyright 2024 The Kubeflow authors.
3
#
4
# Licensed under the Apache License, Version 2.0 (the "License");
5
# you may not use this file except in compliance with the License.
6
# You may obtain a copy of the License at
7
#
8
# https://www.apache.org/licenses/LICENSE-2.0
9
#
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
15
#
16
17
# Default values for spark-operator.
18
# This is a YAML-formatted file.
19
# Declare variables to be passed into your templates.
20
21
# -- String to partially override release name.
22
nameOverride: ""
23
# -- String to fully override release name.
24
fullnameOverride: ""
25
# -- Common labels to add to the resources.
26
commonLabels: {}
27
# Image used by the Spark operator.
28
image:
29
# -- Image registry.
30
registry: cgr.dev
31
# -- Image repository.
32
repository: chainguard-private/spark-operator
33
# -- Image tag.
34
# @default -- If not set, the chart appVersion will be used.
35
tag: latest@sha256:b0bd7c68daa0e98dc68130ebc1462b6577198772de75483e01b990683f2365fd
36
# -- Image pull policy.
37
pullPolicy: IfNotPresent
38
# -- Image pull secrets for private image registry.
39
pullSecrets: []
40
# - name: <secret-name>
41
# Helm hook configuration.
42
hook:
43
# -- Whether to create a Helm pre-install/pre-upgrade hook Job to update CRDs.
44
upgradeCrd: false
45
# Image used by the Helm hook Job.
46
image:
47
# -- Image registry.
48
registry: cgr.dev
49
# -- Image repository.
50
repository: chainguard-private/kubectl
51
# -- Image tag.
52
# @default -- If not set, the chart appVersion will be used.
53
tag: latest@sha256:5d307a89d701558a1c278308ceaebb0594a9f8ba0f239fd3ec92bff55dc04c5d
54
# -- Node selector for the Helm hook Job.
55
nodeSelector: {}
56
# -- Affinity for the Helm hook Job.
57
affinity: {}
58
# -- List of node taints to tolerate for the Helm hook Job.
59
tolerations: []
60
controller:
61
# -- Number of replicas of controller.
62
replicas: 1
63
# -- Feature gates to enable or disable specific features.
64
featureGates:
65
- name: PartialRestart
66
enabled: false
67
- name: LoadSparkDefaults
68
enabled: false
69
# -- The number of old history to retain to allow rollback.
70
revisionHistoryLimit: 10
71
leaderElection:
72
# -- Specifies whether to enable leader election for controller.
73
enable: true
74
# -- Leader election lease duration.
75
leaseDuration: 15s
76
# -- Leader election renew deadline.
77
renewDeadline: 10s
78
# -- Leader election retry period.
79
retryPeriod: 2s
80
# -- Reconcile concurrency, higher values might increase memory usage.
81
workers: 10
82
# -- Configure the verbosity of logging, can be one of `debug`, `info`, `error`.
83
logLevel: info
84
# -- Configure the encoder of logging, can be one of `console` or `json`.
85
logEncoder: console
86
# -- Grace period after a successful spark-submit when driver pod not found errors will be retried. Useful if the driver pod can take some time to be created.
87
driverPodCreationGracePeriod: 10s
88
# -- Specifies the maximum number of Executor pods that can be tracked by the controller per SparkApplication.
89
maxTrackedExecutorPerApp: 1000
90
# -- Maximum QPS to the API server from the controller client.
91
kubeAPIQPS: 20
92
# -- Maximum burst for throttle from the controller client.
93
kubeAPIBurst: 30
94
# -- Timestamp precision for ScheduledSparkApplication run names.
95
# Valid values: nanos (default), micros, millis, seconds, minutes.
96
# Shorter precisions produce shorter names which helps with Kubernetes name length limits.
97
# NOTE: Using lower precisions such as "seconds" or "minutes" increases the risk of name
98
# collisions if multiple runs are created within the same time unit (for example during
99
# reconciliation loops or manual re-triggers). A collision will cause run creation to fail.
100
# Choose a precision compatible with your scheduling frequency: "minutes" is only suitable
101
# for jobs scheduled at most once per minute, "seconds" for jobs scheduled at most once per second.
102
scheduledSparkApplicationTimestampPrecision: nanos
103
uiService:
104
# -- Specifies whether to create service for Spark web UI.
105
enable: true
106
uiIngress:
107
# -- Specifies whether to create ingress for Spark web UI.
108
# `controller.uiService.enable` must be `true` to enable ingress.
109
enable: false
110
# -- Ingress URL format.
111
# Required if `controller.uiIngress.enable` is true.
112
urlFormat: ""
113
# -- Optionally set the ingressClassName.
114
ingressClassName: ""
115
# -- Optionally set default TLS configuration for the Spark UI's ingress. `ingressTLS` in the SparkApplication spec overrides this.
116
tls: []
117
# - hosts:
118
# - "*.example.com"
119
# secretName: "example-secret"
120
# -- Optionally set default ingress annotations for the Spark UI's ingress. `ingressAnnotations` in the SparkApplication spec overrides this.
121
annotations: {}
122
# key1: value1
123
# key2: value2
124
batchScheduler:
125
# -- Specifies whether to enable batch scheduler for spark jobs scheduling.
126
# If enabled, users can specify batch scheduler name in spark application.
127
enable: false
128
# -- Specifies a list of kube-scheduler names for scheduling Spark pods.
129
kubeSchedulerNames: []
130
# - default-scheduler
131
# -- Default batch scheduler to be used if not specified by the user.
132
# If specified, this value must be either "volcano" or "yunikorn". Specifying any other
133
# value will cause the controller to error on startup.
134
default: ""
135
serviceAccount:
136
# -- Specifies whether to create a service account for the controller.
137
create: true
138
# -- Optional name for the controller service account.
139
name: ""
140
# -- Extra annotations for the controller service account.
141
annotations: {}
142
# -- Auto-mount service account token to the controller pods.
143
automountServiceAccountToken: true
144
rbac:
145
# -- Specifies whether to create RBAC resources for the controller.
146
create: true
147
# -- Extra annotations for the controller RBAC resources.
148
annotations: {}
149
# -- Extra labels for controller pods.
150
labels: {}
151
# key1: value1
152
# key2: value2
153
154
# -- Extra annotations for controller pods.
155
annotations: {}
156
# key1: value1
157
# key2: value2
158
159
# -- Volumes for controller pods.
160
volumes:
161
# Create a tmp directory to write Spark artifacts to for deployed Spark apps.
162
- name: tmp
163
emptyDir:
164
sizeLimit: 1Gi
165
# -- Node selector for controller pods.
166
nodeSelector: {}
167
# -- Affinity for controller pods.
168
affinity: {}
169
# -- List of node taints to tolerate for controller pods.
170
tolerations: []
171
# -- Priority class for controller pods.
172
priorityClassName: ""
173
# -- Security context for controller pods.
174
podSecurityContext:
175
fsGroup: 185
176
# -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
177
# Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
178
# The labelSelector field in topology spread constraint will be set to the selector labels for controller pods if not specified.
179
topologySpreadConstraints: []
180
# - maxSkew: 1
181
# topologyKey: topology.kubernetes.io/zone
182
# whenUnsatisfiable: ScheduleAnyway
183
# - maxSkew: 1
184
# topologyKey: kubernetes.io/hostname
185
# whenUnsatisfiable: DoNotSchedule
186
187
# -- Whether to use user namespace or not
188
# Kubernetes version 1.30 for feature beta (1.33 for GA) or higher is required with support from OS and OCI runtime
189
# ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/
190
hostUsers: null
191
# -- Environment variables for controller containers.
192
env: []
193
# -- Environment variable sources for controller containers.
194
envFrom: []
195
# -- Volume mounts for controller containers.
196
volumeMounts:
197
# Mount a tmp directory to write Spark artifacts to for deployed Spark apps.
198
- name: tmp
199
mountPath: "/tmp"
200
readOnly: false
201
# -- Pod resource requests and limits for controller containers.
202
# Note, that each job submission will spawn a JVM within the controller pods using "/usr/local/openjdk-11/bin/java -Xmx128m".
203
# Kubernetes may kill these Java processes at will to enforce resource limits. When that happens, you will see the following error:
204
# 'failed to run spark-submit for SparkApplication [...]: signal: killed' - when this happens, you may want to increase memory limits.
205
resources: {}
206
# limits:
207
# cpu: 100m
208
# memory: 300Mi
209
# requests:
210
# cpu: 100m
211
# memory: 300Mi
212
213
# -- Security context for controller containers.
214
securityContext:
215
readOnlyRootFilesystem: true
216
privileged: false
217
allowPrivilegeEscalation: false
218
runAsNonRoot: true
219
capabilities:
220
drop:
221
- ALL
222
seccompProfile:
223
type: RuntimeDefault
224
# -- Sidecar containers for controller pods.
225
sidecars: []
226
# Pod disruption budget for controller to avoid service degradation.
227
podDisruptionBudget:
228
# -- Specifies whether to create pod disruption budget for controller.
229
# Ref: [Specifying a Disruption Budget for your Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
230
enable: false
231
# -- The number of pods that must be available.
232
# Require `controller.replicas` to be greater than 1
233
minAvailable: 1
234
pprof:
235
# -- Specifies whether to enable pprof.
236
enable: false
237
# -- Specifies pprof port.
238
port: 6060
239
# -- Specifies pprof service port name.
240
portName: pprof
241
# Workqueue rate limiter configuration forwarded to the controller-runtime Reconciler.
242
workqueueRateLimiter:
243
# -- Specifies the average rate of items process by the workqueue rate limiter.
244
bucketQPS: 50
245
# -- Specifies the maximum number of items that can be in the workqueue at any given time.
246
bucketSize: 500
247
maxDelay:
248
# -- Specifies whether to enable max delay for the workqueue rate limiter.
249
# This is useful to avoid losing events when the workqueue is full.
250
enable: true
251
# -- Specifies the maximum delay duration for the workqueue rate limiter.
252
duration: 6h
253
webhook:
254
# -- Specifies whether to enable webhook.
255
enable: true
256
# -- Number of replicas of webhook server.
257
replicas: 1
258
# -- The number of old history to retain to allow rollback.
259
revisionHistoryLimit: 10
260
leaderElection:
261
# -- Specifies whether to enable leader election for webhook.
262
enable: true
263
# -- Configure the verbosity of logging, can be one of `debug`, `info`, `error`.
264
logLevel: info
265
# -- Configure the encoder of logging, can be one of `console` or `json`.
266
logEncoder: console
267
# -- Specifies webhook port.
268
port: 9443
269
# -- Specifies webhook service port name.
270
portName: webhook
271
# -- Specifies how unrecognized errors are handled.
272
# Available options are `Ignore` or `Fail`.
273
failurePolicy: Fail
274
# -- Specifies the timeout seconds of the webhook, the value must be between 1 and 30.
275
timeoutSeconds: 10
276
# -- Maximum QPS to the API server from the controller client.
277
kubeAPIQPS: 20
278
# -- Maximum burst for throttle from the controller client.
279
kubeAPIBurst: 30
280
resourceQuotaEnforcement:
281
# -- Specifies whether to enable the ResourceQuota enforcement for SparkApplication resources.
282
enable: false
283
serviceAccount:
284
# -- Specifies whether to create a service account for the webhook.
285
create: true
286
# -- Optional name for the webhook service account.
287
name: ""
288
# -- Extra annotations for the webhook service account.
289
annotations: {}
290
# -- Auto-mount service account token to the webhook pods.
291
automountServiceAccountToken: true
292
rbac:
293
# -- Specifies whether to create RBAC resources for the webhook.
294
create: true
295
# -- Extra annotations for the webhook RBAC resources.
296
annotations: {}
297
# -- Extra labels for webhook pods.
298
labels: {}
299
# key1: value1
300
# key2: value2
301
302
# -- Extra annotations for webhook pods.
303
annotations: {}
304
# key1: value1
305
# key2: value2
306
307
# -- Sidecar containers for webhook pods.
308
sidecars: []
309
# -- Volumes for webhook pods.
310
volumes:
311
# Create a dir for the webhook to generate its certificates in.
312
- name: serving-certs
313
emptyDir:
314
sizeLimit: 500Mi
315
# -- Node selector for webhook pods.
316
nodeSelector: {}
317
# -- Affinity for webhook pods.
318
affinity: {}
319
# -- List of node taints to tolerate for webhook pods.
320
tolerations: []
321
# -- Priority class for webhook pods.
322
priorityClassName: ""
323
# -- Security context for webhook pods.
324
podSecurityContext:
325
fsGroup: 185
326
# -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
327
# Ref: [Pod Topology Spread Constraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
328
# The labelSelector field in topology spread constraint will be set to the selector labels for webhook pods if not specified.
329
topologySpreadConstraints: []
330
# - maxSkew: 1
331
# topologyKey: topology.kubernetes.io/zone
332
# whenUnsatisfiable: ScheduleAnyway
333
# - maxSkew: 1
334
# topologyKey: kubernetes.io/hostname
335
# whenUnsatisfiable: DoNotSchedule
336
337
# -- Whether to use user namespace or not
338
# Kubernetes version 1.30 for feature beta (1.33 for GA) or higher is required with support from OS and OCI runtime
339
# ref: https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/
340
hostUsers: null
341
# -- Environment variables for webhook containers.
342
env: []
343
# -- Environment variable sources for webhook containers.
344
envFrom: []
345
# -- Volume mounts for webhook containers.
346
volumeMounts:
347
# Mount a dir for the webhook to generate its certificates in.
348
- name: serving-certs
349
mountPath: /etc/k8s-webhook-server/serving-certs
350
subPath: serving-certs
351
readOnly: false
352
# -- Pod resource requests and limits for webhook pods.
353
resources: {}
354
# limits:
355
# cpu: 100m
356
# memory: 300Mi
357
# requests:
358
# cpu: 100m
359
# memory: 300Mi
360
361
# -- Security context for webhook containers.
362
securityContext:
363
readOnlyRootFilesystem: true
364
privileged: false
365
allowPrivilegeEscalation: false
366
runAsNonRoot: true
367
capabilities:
368
drop:
369
- ALL
370
seccompProfile:
371
type: RuntimeDefault
372
# Pod disruption budget for webhook to avoid service degradation.
373
podDisruptionBudget:
374
# -- Specifies whether to create pod disruption budget for webhook.
375
# Ref: [Specifying a Disruption Budget for your Application](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
376
enable: false
377
# -- The number of pods that must be available.
378
# Require `webhook.replicas` to be greater than 1
379
minAvailable: 1
380
spark:
381
# -- List of namespaces where to run spark jobs.
382
# If empty string is included, all namespaces will be allowed.
383
# Namespaces specified here will be watched in addition to those matching jobNamespaceSelector.
384
# Make sure the namespaces have already existed.
385
jobNamespaces:
386
- default
387
# -- Label selector to filter namespaces to watch.
388
# Supports standard Kubernetes label selector syntax (e.g., 'spark-operator=enabled,env in (prod,staging)').
389
# Namespaces matching this selector will be watched in addition to those in jobNamespaces.
390
# When specified, requires ClusterRole permission to list and watch namespaces.
391
# Leave empty to disable namespace selector functionality.
392
jobNamespaceSelector: ""
393
serviceAccount:
394
# -- Specifies whether to create a service account for spark applications.
395
create: true
396
# -- Optional name for the spark service account.
397
name: ""
398
# -- Optional annotations for the spark service account.
399
annotations: {}
400
# -- Auto-mount service account token to the spark applications pods.
401
automountServiceAccountToken: true
402
rbac:
403
# -- Specifies whether to create RBAC resources for spark applications.
404
create: true
405
# -- Optional annotations for the spark application RBAC resources.
406
annotations: {}
407
prometheus:
408
metrics:
409
# -- Specifies whether to enable prometheus metrics scraping.
410
enable: true
411
# -- Metrics port.
412
port: 8080
413
# -- Metrics port name.
414
portName: metrics
415
# -- Metrics serving endpoint.
416
endpoint: /metrics
417
# -- Metrics prefix, will be added to all exported metrics.
418
prefix: ""
419
# -- Job Submit Latency histogram buckets. Specified in seconds.
420
jobSubmitLatencyBuckets: "0.5,1,2,4,8,16,32,64,128,256"
421
# -- Job Start Latency histogram buckets. Specified in seconds.
422
jobStartLatencyBuckets: "30,60,90,120,150,180,210,240,270,300"
423
# -- Labels to be added to the Spark Operator standard metrics, e.g., "label1Key,label2Key".
424
# Defaults to 'app_type' if not set.
425
labels: ""
426
# Prometheus pod monitor for controller pods
427
podMonitor:
428
# -- Specifies whether to create pod monitor.
429
# Note that prometheus metrics should be enabled as well.
430
create: false
431
# -- Pod monitor labels
432
labels: {}
433
# -- The label to use to retrieve the job name from
434
jobLabel: spark-operator-podmonitor
435
# -- Prometheus metrics endpoint properties. `metrics.portName` will be used as a port
436
podMetricsEndpoint:
437
scheme: http
438
interval: 5s
439
certManager:
440
# -- Specifies whether to use [cert-manager](https://cert-manager.io) to generate certificate for webhook.
441
# `webhook.enable` must be set to `true` to enable cert-manager.
442
enable: false
443
# -- The reference to the issuer.
444
# @default -- A self-signed issuer will be created and used if not specified.
445
issuerRef: {}
446
# group: cert-manager.io
447
# kind: ClusterIssuer
448
# name: selfsigned
449
# -- The duration of the certificate validity (e.g. `2160h`).
450
# See [cert-manager.io/v1.Certificate](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate).
451
# @default -- `2160h` (90 days) will be used if not specified.
452
duration: ""
453
# -- The duration before the certificate expiration to renew the certificate (e.g. `720h`).
454
# See [cert-manager.io/v1.Certificate](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate).
455
# @default -- 1/3 of issued certificate’s lifetime.
456
renewBefore: ""
457
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.