helm repo add sentry-relay https://dossierdata.github.io/sentry-relay
helm install sentry-relay sentry-relay/sentry-relay
helm install sentry-relay sentry-relay/sentry-relay -f values.yaml
Read the upgrade guide before upgrading to major versions of the chart. Upgrade Guide
The following table lists the configurable parameters of the Sentry chart and their default values.
Note: this table is incomplete, so have a look at the values.yaml in case you miss something
Parameter | Description | Default |
---|---|---|
user.create |
if true , creates a default admin user defined from email and password |
true |
user.email |
Admin user email | admin@sentry.local |
user.password |
Admin user password | aaaa |
ingress.enabled |
Enabling Ingress | false |
ingress.regexPathStyle |
Allows setting the style the regex paths are rendered in the ingress for the ingress controller in use. Possible values are nginx , aws-alb , gke and traefik |
nginx |
nginx.enabled |
Enabling NGINX | true |
metrics.enabled |
if true , enable Prometheus metrics |
false |
metrics.image.repository |
Metrics exporter image repository | prom/statsd-exporter |
metrics.image.tag |
Metrics exporter image tag | v0.10.5 |
metrics.image.PullPolicy |
Metrics exporter image pull policy | IfNotPresent |
metrics.nodeSelector |
Node labels for metrics pod assignment | {} |
metrics.tolerations |
Toleration labels for metrics pod assignment | [] |
metrics.affinity |
Affinity settings for metrics | {} |
metrics.resources |
Metrics resource requests/limit | {} |
metrics.service.annotations |
annotations for Prometheus metrics service | {} |
metrics.service.clusterIP |
cluster IP address to assign to service (set to "-" to pass an empty value) |
nil |
metrics.service.omitClusterIP |
(Deprecated) To omit the clusterIP from the metrics service |
false |
metrics.service.externalIPs |
Prometheus metrics service external IP addresses | [] |
metrics.service.additionalLabels |
labels for metrics service | {} |
metrics.service.loadBalancerIP |
IP address to assign to load balancer (if supported) | "" |
metrics.service.loadBalancerSourceRanges |
list of IP CIDRs allowed access to load balancer (if supported) | [] |
metrics.service.servicePort |
Prometheus metrics service port | 9913 |
metrics.service.type |
type of Prometheus metrics service to create | ClusterIP |
metrics.serviceMonitor.enabled |
Set this to true to create ServiceMonitor for Prometheus operator |
false |
metrics.serviceMonitor.additionalLabels |
Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | {} |
metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric's labels on collisions with target labels. | false |
metrics.serviceMonitor.namespace |
namespace where servicemonitor resource should be created | the same namespace as sentry |
metrics.serviceMonitor.scrapeInterval |
interval between Prometheus scraping | 30s |
serviceAccount.annotations |
Additional Service Account annotations. | {} |
serviceAccount.enabled |
If true , a custom Service Account will be used. |
false |
serviceAccount.name |
The base name of the ServiceAccount to use. Will be appended with e.g. snuba or web for the pods accordingly. |
"sentry" |
serviceAccount.automountServiceAccountToken |
Automount API credentials for a Service Account. | true |
system.secretKey |
secret key for the session cookie (documentation) | nil |
sentry.features.vstsLimitedScopes |
Disables the azdo-integrations with limited scopes that is the cause of so much pain | true |
sentry.web.customCA.secretName |
Allows mounting a custom CA secret | nil |
sentry.web.customCA.item |
Key of CA cert object within the secret | ca.crt |
symbolicator.api.enabled |
Enable Symbolicator | false |
symbolicator.api.config |
Config file for Symbolicator, see its docs | see values.yaml |
By default, NGINX is enabled to allow sending the incoming requests to Sentry Relay or the Django backend depending on the path. When Sentry is meant to be exposed outside of the Kubernetes cluster, it is recommended to disable NGINX and let the Ingress do the same. It's recommended to go with the go to Ingress Controller, NGINX Ingress but others should work as well.
For your security, the system.secret-key
is generated for you on the first installation. Another one will be regenerated on each upgrade invalidating all the current sessions unless it's been provided. The value is stored in the sentry-sentry
configmap.
helm upgrade ... --set system.secretKey=xx
For getting native stacktraces and minidumps symbolicated with debug symbols (e.g. iOS/Android), you need to enable Symbolicator via
symbolicator:
enabled: true
However, you also need to share the data between sentry-worker and sentry-web. This can be done in different ways:
- Using Cloud Storage like GCP GCS or AWS S3, see
filestore.backend
invalues.yaml
- Using a filesystem like
filestore:
filesystem:
persistence:
persistentWorkers: true
# storageClass: 'efs-storage' # see note below
Note: If you need to run or cannot avoid running sentry-worker and sentry-web on different cluster nodes, you need to set filestore.filesystem.persistence.accessMode: ReadWriteMany
or might get problems. HOWEVER, not all volume drivers support it, like AWS EBS or GCP disks.
So you would want to create and use a StorageClass
with a supported volume driver like AWS EFS
Its also important having connect_to_reserved_ips: true
in the symbolicator config file, which this Chart defaults to.
To get javascript source map processing working, you need to activate sourcemaps, which in turn activates the memcached dependency:
sourcemaps:
enabled: true
For details on the background see this blog post: https://engblog.yext.com/post/sentry-js-source-maps
Geolocation of IP addresses is supported if you provide a GeoIP database:
Example values.yaml:
relay:
# provide a volume for relay that contains the geoip database
volumes:
- name: geoip
hostPath:
path: /geodata
type: Directory
sentry:
web:
# provide a volume for sentry-web that contains the geoip database
volumes:
- name: geoip
hostPath:
path: /geodata
type: Directory
worker:
# provide a volume for sentry-worker that contains the geoip database
volumes:
- name: geoip
hostPath:
path: /geodata
type: Directory
# enable and reference the volume
geodata:
volumeName: geoip
# mountPath of the volume containing the database
mountPath: /geodata
# path to the geoip database inside the volumemount
path: /geodata/GeoLite2-City.mmdb
You can either provide a single host, which is there by default in values.yaml
, like this:
externalKafka:
## Hostname or ip address of external kafka
##
host: "kafka-confluent"
port: 9092
or you can feed in a cluster of Kafka instances like below:
externalKafka:
## List of Hostnames or ip addresses of external kafka
- host: "233.5.100.28"
port: 9092
- host: "233.5.100.29"
port: 9092
- host: "233.5.100.30"
port: 9092