Chart version: 6.6.0
Api version: v1
App version: 6.6.0
Apache SkyWalking APM System
Chart Type
Set me up:
helm repo add center
Install Chart:
helm install skywalking center/choerodon/skywalking
Versions (0)

Apache Skywalking Helm Chart

Apache SkyWalking is application performance monitor tool for distributed systems, especially designed for microservices, cloud native and container-based (Docker, K8s, Mesos) architectures.


This chart bootstraps a Apache SkyWalking deployment on a Kubernetes cluster using the Helm package manager.


  • Kubernetes 1.9.6+
  • PV dynamic provisioning support on the underlying infrastructure (StorageClass)
  • Helm 3

Installing the Chart

To install the chart with the release name my-release:

$ helm install my-release skywalking -n <namespace>

The command deploys Apache Skywalking on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm uninstall my-release -n <namespace>

The command removes all the Kubernetes components associated with the chart and deletes the release.


The following table lists the configurable parameters of the Skywalking chart and their default values.

Parameter Description Default
nameOverride Override name nil
serviceAccounts.oap Name of the OAP service account to use or create nil OAP deployment name oap
oap.image.repository OAP container image name apache/skywalking-oap-server
oap.image.tag OAP container image tag 6.1.0
oap.image.pullPolicy OAP container image pull policy IfNotPresent
oap.ports.grpc OAP grpc port for tracing or metric 11800 OAP http port for Web UI 12800
oap.replicas OAP k8s deployment replicas 2
oap.service.type OAP svc type ClusterIP
oap.javaOpts Parameters to be added to JAVA_OPTSenvironment variable for OAP -Xms2g -Xmx2g
oap.antiAffinity OAP anti-affinity policy soft
oap.nodeAffinity OAP node affinity policy {}
oap.nodeSelector OAP labels for master pod assignment {}
oap.tolerations OAP tolerations []
oap.resources OAP node resources requests & limits {} - cpu limit must be an integer
oap.envoy.als.enabled Open envoy als false
oap.env OAP environment variables [] Web UI deployment name ui
ui.replicas Web UI k8s deployment replicas 1
ui.image.repository Web UI container image name apache/skywalking-ui
ui.image.tag Web UI container image tag 6.1.0
ui.image.pullPolicy Web UI container image pull policy IfNotPresent
ui.ingress.enabled Create Ingress for Web UI false
ui.ingress.annotations Associate annotations to the Ingress {}
ui.ingress.path Associate path with the Ingress /
ui.ingress.hosts Associate hosts with the Ingress []
ui.ingress.tls Associate TLS with the Ingress []
ui.service.type Web UI svc type ClusterIP
ui.service.externalPort external port for the service 80
ui.service.internalPort internal port for the service 8080
ui.service.externalIPs external IP addresses nil
ui.service.loadBalancerIP Load Balancer IP address nil
ui.service.annotations Kubernetes service annotations {}
ui.service.loadBalancerSourceRanges Limit load balancer source IPs to list of CIDRs (where available)) []
elasticsearch.enabled Spin up a new elasticsearch cluster for SkyWalking true

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install myrelease skywalking --set nameOverride=newSkywalking

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install my-release skywalking -f values.yaml

Tip: You can use the default values.yaml

RBAC Configuration

Roles and RoleBindings resources will be created automatically for OAP .

Tip: You can refer to the default oap-role.yaml file in templates to customize your own.

Ingress TLS

If your cluster allows automatic create/retrieve of TLS certificates (e.g. kube-lego), please refer to the documentation for that mechanism.

To manually configure TLS, first create/retrieve a key & certificate pair for the address(skywalking ui) you wish to protect. Then create a TLS secret in the namespace:

kubectl create secret tls skywalking-tls --cert=path/to/tls.cert --key=path/to/tls.key

Include the secret’s name, along with the desired hostnames, in the skywalking-ui Ingress TLS section of your custom values.yaml file:

    ## If true, Skywalking ui server Ingress will be created
    enabled: true

    ## Skywalking ui server Ingress hostnames
    ## Must be provided if Ingress is enabled
      - skywalking

    ## Skywalking ui server Ingress TLS configuration
    ## Secrets must be manually created in the namespace
      - secretName: skywalking
          - skywalking

Envoy ALS

Envoy ALS(access log service) provides fully logs about RPC routed, including HTTP and TCP.

If you want to open envoy ALS, you can do this by modifying values.yaml.

      enabled: true

When envoy als ,will give ServiceAccount clusterrole permission. More envoy als ,please refer to