From 98d775dbe19c10a2f31a0b4fcdc69820c05ac3a2 Mon Sep 17 00:00:00 2001 From: Pablo Galego Date: Mon, 19 Jul 2021 10:02:24 +0200 Subject: [PATCH] [bitnami/*] Adapt values.yaml of Cert Manager, Consul and Contour to readme-generator (#6761) * Adapt values.yaml of Cert Manager, Consul and Contour charts * Fix liniting issues * Add charts path to be recognized by Github Actions workflow * Remove duplicate metadata in Cert Manager values.yaml * Minor additions to cert-manager values.yaml * Add missing commented keys in Consul * Add missing commented keys in Contour * Bump Consul chart patch version * cert-manager: Update README with latest changes from master * consul: Update README with latest changes from master * Bump charts' patch version --- .github/workflows/generate-chart-readme.yml | 9 +- bitnami/cert-manager/Chart.yaml | 2 +- bitnami/cert-manager/README.md | 220 +++--- bitnami/cert-manager/values.yaml | 312 +++------ bitnami/consul/Chart.yaml | 2 +- bitnami/consul/README.md | 286 ++++---- bitnami/consul/values.yaml | 728 +++++++++++--------- bitnami/contour/Chart.yaml | 2 +- bitnami/contour/README.md | 388 ++++++----- bitnami/contour/values.yaml | 692 ++++++++++--------- 10 files changed, 1332 insertions(+), 1309 deletions(-) diff --git a/.github/workflows/generate-chart-readme.yml b/.github/workflows/generate-chart-readme.yml index 58cb32771e..b17d35c488 100644 --- a/.github/workflows/generate-chart-readme.yml +++ b/.github/workflows/generate-chart-readme.yml @@ -9,8 +9,11 @@ on: - 'bitnami/apache/values.yaml' - 'bitnami/aspnet-core/values.yaml' - 'bitnami/cassandra/values.yaml' + - 'bitnami/cert-manager/values.yaml' - 'bitnami/common/values.yaml' - - 'bitnami/concourse/values.yaml' + - 'bitnami/concourse/values.yaml' + - 'bitnami/consul/values.yaml' + - 'bitnami/contour/values.yaml' - 'bitnami/dokuwiki/values.yaml' - 'bitnami/drupal/values.yaml' - 'bitnami/ejbca/values.yaml' @@ -84,7 +87,7 @@ jobs: - name: Checkout bitnami-labs/readme-generator-for-helm uses: actions/checkout@v2 with: - repository: "bitnami-labs/readme-generator-for-helm" + repository: 'bitnami-labs/readme-generator-for-helm' path: readme-generator-for-helm - name: Cache node modules @@ -110,7 +113,7 @@ jobs: id: pr-file-changes uses: trilom/file-changes-action@v1.2.3 with: - fileOutput: " " + fileOutput: ' ' - name: Prepare readme-generator-for-helm inputs run: | diff --git a/bitnami/cert-manager/Chart.yaml b/bitnami/cert-manager/Chart.yaml index 1c938e7109..d3d6470bd8 100644 --- a/bitnami/cert-manager/Chart.yaml +++ b/bitnami/cert-manager/Chart.yaml @@ -26,4 +26,4 @@ sources: - https://github.com/bitnami/bitnami-docker-cert-manager-webhook - https://github.com/bitnami/bitnami-docker-cainjector - https://github.com/jetstack/cert-manager -version: 0.1.5 +version: 0.1.6 diff --git a/bitnami/cert-manager/README.md b/bitnami/cert-manager/README.md index 1dd4375575..b029bd8e69 100644 --- a/bitnami/cert-manager/README.md +++ b/bitnami/cert-manager/README.md @@ -48,11 +48,11 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----------- | -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `undefined` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | ### Common parameters @@ -62,9 +62,9 @@ The command removes all the Kubernetes components associated with the chart and | `kubeVersion` | Override Kubernetes version | `nil` | | `nameOverride` | String to partially override common.names.fullname | `nil` | | `fullnameOverride` | String to fully override common.names.fullname | `nil` | -| `commonLabels` | Labels to add to all deployed objects | `undefined` | -| `commonAnnotations` | Annotations to add to all deployed objects | `undefined` | -| `extraDeploy` | Array of extra objects to deploy with the release | `undefined` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | | `logLevel` | Set up cert manager log level | `2` | | `leaderElection.namespace` | Namespace which leaderElection works. | `kube-system` | | `installCRDs` | Flag to install Cert Manager CRDs | `false` | @@ -78,18 +78,18 @@ The command removes all the Kubernetes components associated with the chart and | `controller.replicaCount` | Number of Controller replicas | `1` | | `controller.image.registry` | Controller image registry | `docker.io` | | `controller.image.repository` | Controller image repository | `bitnami/cert-manager` | -| `controller.image.tag` | Controller image tag (immutabe tags are recommended) | `1.3.1-debian-10-r10` | +| `controller.image.tag` | Controller image tag (immutable tags are recommended) | `1.4.0-debian-10-r23` | | `controller.image.pullPolicy` | Controller image pull policy | `IfNotPresent` | -| `controller.image.pullSecrets` | Controller image pull secrets | `undefined` | +| `controller.image.pullSecrets` | Controller image pull secrets | `[]` | | `controller.image.debug` | Controller image debug mode | `false` | | `controller.acmesolver.image.registry` | Controller image registry | `docker.io` | -| `controller.acmesolver.image.repository` | Controller image repository | `bitnami/acme-solver` | -| `controller.acmesolver.image.tag` | Controller image tag (immutabe tags are recommended) | `1.3.1-debian-10-r10` | +| `controller.acmesolver.image.repository` | Controller image repository | `bitnami/acmesolver` | +| `controller.acmesolver.image.tag` | Controller image tag (immutable tags are recommended) | `1.4.0-debian-10-r25` | | `controller.acmesolver.image.pullPolicy` | Controller image pull policy | `IfNotPresent` | -| `controller.acmesolver.image.pullSecrets` | Controller image pull secrets | `undefined` | +| `controller.acmesolver.image.pullSecrets` | Controller image pull secrets | `[]` | | `controller.acmesolver.image.debug` | Controller image debug mode | `false` | -| `controller.resources.limits` | The resources limits for the Controller container | `undefined` | -| `controller.resources.requests` | The requested resources for the Controller container | `undefined` | +| `controller.resources.limits` | The resources limits for the Controller container | `{}` | +| `controller.resources.requests` | The requested resources for the Controller container | `{}` | | `controller.podSecurityContext.enabled` | Enabled Controller pods' Security Context | `true` | | `controller.podSecurityContext.fsGroup` | Set Controller pod's Security Context fsGroup | `1001` | | `controller.containerSecurityContext.enabled` | Enabled Controller containers' Security Context | `true` | @@ -99,30 +99,30 @@ The command removes all the Kubernetes components associated with the chart and | `controller.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `controller.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `controller.nodeAffinityPreset.key` | Node label key to match. Ignored if `controller.affinity` is set | `""` | -| `controller.nodeAffinityPreset.values` | Node label values to match. Ignored if `controller.affinity` is set | `undefined` | -| `controller.affinity` | Affinity for Cert Manager Controller | `undefined` | -| `controller.nodeSelector` | Node labels for pod assignment | `undefined` | +| `controller.nodeAffinityPreset.values` | Node label values to match. Ignored if `controller.affinity` is set | `[]` | +| `controller.affinity` | Affinity for Cert Manager Controller | `{}` | +| `controller.nodeSelector` | Node labels for pod assignment | `{}` | | `controller.containerPort` | Controller container port | `9402` | -| `controller.command` | Override Controller default command | `undefined` | -| `controller.args` | Override Controller default args | `undefined` | +| `controller.command` | Override Controller default command | `[]` | +| `controller.args` | Override Controller default args | `[]` | | `controller.priorityClassName` | Controller pod priority class name | `nil` | -| `controller.hostAliases` | Custom host aliases for Controller pods | `undefined` | -| `controller.tolerations` | Tolerations for pod assignment | `undefined` | -| `controller.podLabels` | Extra labels for Controller pods | `undefined` | -| `controller.podAnnotations` | Annotations for Controller pods | `undefined` | -| `controller.lifecycleHooks` | Add lifecycle hooks to the Controller deployment | `undefined` | +| `controller.hostAliases` | Custom host aliases for Controller pods | `[]` | +| `controller.tolerations` | Tolerations for pod assignment | `[]` | +| `controller.podLabels` | Extra labels for Controller pods | `{}` | +| `controller.podAnnotations` | Annotations for Controller pods | `{}` | +| `controller.lifecycleHooks` | Add lifecycle hooks to the Controller deployment | `{}` | | `controller.updateStrategy.type` | Controller deployment update strategy | `RollingUpdate` | -| `controller.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `undefined` | -| `controller.extraEnvVars` | Add extra environment variables to the Controller container | `undefined` | +| `controller.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `{}` | +| `controller.extraEnvVars` | Add extra environment variables to the Controller container | `[]` | | `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | | `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | -| `controller.extraVolumes` | Optionally specify extra list of additional volumes for Controller pods | `undefined` | -| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Controller container(s) | `undefined` | -| `controller.initContainers` | Add additional init containers to the Controller pods | `undefined` | -| `controller.sidecars` | Add additional sidecar containers to the Controller pod | `undefined` | +| `controller.extraVolumes` | Optionally specify extra list of additional volumes for Controller pods | `[]` | +| `controller.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Controller container(s) | `[]` | +| `controller.initContainers` | Add additional init containers to the Controller pods | `{}` | +| `controller.sidecars` | Add additional sidecar containers to the Controller pod | `{}` | | `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | | `controller.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `controller.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `undefined` | +| `controller.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Webhook deployment parameters @@ -132,12 +132,12 @@ The command removes all the Kubernetes components associated with the chart and | `webhook.replicaCount` | Number of Webhook replicas | `1` | | `webhook.image.registry` | Webhook image registry | `docker.io` | | `webhook.image.repository` | Webhook image repository | `bitnami/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag (immutabe tags are recommended) | `1.3.1-debian-10-r2` | +| `webhook.image.tag` | Webhook image tag (immutable tags are recommended) | `1.4.0-debian-10-r25` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | -| `webhook.image.pullSecrets` | Webhook image pull secrets | `undefined` | +| `webhook.image.pullSecrets` | Webhook image pull secrets | `[]` | | `webhook.image.debug` | Webhook image debug mode | `false` | -| `webhook.resources.limits` | The resources limits for the Webhook container | `undefined` | -| `webhook.resources.requests` | The requested resources for the Webhook container | `undefined` | +| `webhook.resources.limits` | The resources limits for the Webhook container | `{}` | +| `webhook.resources.requests` | The requested resources for the Webhook container | `{}` | | `webhook.podSecurityContext.enabled` | Enabled Webhook pods' Security Context | `true` | | `webhook.podSecurityContext.fsGroup` | Set Webhook pod's Security Context fsGroup | `1001` | | `webhook.containerSecurityContext.enabled` | Enabled Webhook containers' Security Context | `true` | @@ -147,13 +147,13 @@ The command removes all the Kubernetes components associated with the chart and | `webhook.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `webhook.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` | `""` | | `webhook.nodeAffinityPreset.key` | Node label key to match. Ignored if `webhook.affinity` is set | `""` | -| `webhook.nodeAffinityPreset.values` | Node label values to match. Ignored if `webhook.affinity` is set | `undefined` | -| `webhook.affinity` | Affinity for Cert Manager Webhook | `undefined` | -| `webhook.nodeSelector` | Node labels for pod assignment | `undefined` | +| `webhook.nodeAffinityPreset.values` | Node label values to match. Ignored if `webhook.affinity` is set | `[]` | +| `webhook.affinity` | Affinity for Cert Manager Webhook | `{}` | +| `webhook.nodeSelector` | Node labels for pod assignment | `{}` | | `webhook.containerPort` | Webhook container port | `10250` | | `webhook.httpsPort` | Webhook container port | `443` | -| `webhook.command` | Override Webhook default command | `undefined` | -| `webhook.args` | Override Webhook default args | `undefined` | +| `webhook.command` | Override Webhook default command | `[]` | +| `webhook.args` | Override Webhook default args | `[]` | | `webhook.livenessProbe.enabled` | Enable livenessProbe | `true` | | `webhook.livenessProbe.path` | Path for livenessProbe | `/livez` | | `webhook.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | @@ -168,89 +168,89 @@ The command removes all the Kubernetes components associated with the chart and | `webhook.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | | `webhook.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | | `webhook.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `webhook.customStartupProbe` | Override default startup probe | `undefined` | -| `webhook.customLivenessProbe` | Override default liveness probe | `undefined` | -| `webhook.customReadinessProbe` | Override default readiness probe | `undefined` | +| `webhook.customStartupProbe` | Override default startup probe | `{}` | +| `webhook.customLivenessProbe` | Override default liveness probe | `{}` | +| `webhook.customReadinessProbe` | Override default readiness probe | `{}` | | `webhook.priorityClassName` | Webhook pod priority class name | `nil` | -| `webhook.hostAliases` | Custom host aliases for Webhook pods | `undefined` | -| `webhook.tolerations` | Tolerations for pod assignment | `undefined` | -| `webhook.podLabels` | Extra labels for Webhook pods | `undefined` | -| `webhook.podAnnotations` | Annotations for Webhook pods | `undefined` | -| `webhook.lifecycleHooks` | Add lifecycle hooks to the Webhook deployment | `undefined` | +| `webhook.hostAliases` | Custom host aliases for Webhook pods | `[]` | +| `webhook.tolerations` | Tolerations for pod assignment | `[]` | +| `webhook.podLabels` | Extra labels for Webhook pods | `{}` | +| `webhook.podAnnotations` | Annotations for Webhook pods | `{}` | +| `webhook.lifecycleHooks` | Add lifecycle hooks to the Webhook deployment | `{}` | | `webhook.updateStrategy.type` | Webhook deployment update strategy | `RollingUpdate` | -| `webhook.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `undefined` | -| `webhook.extraEnvVars` | Add extra environment variables to the Webhook container | `undefined` | +| `webhook.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `{}` | +| `webhook.extraEnvVars` | Add extra environment variables to the Webhook container | `[]` | | `webhook.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | | `webhook.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | -| `webhook.extraVolumes` | Optionally specify extra list of additional volumes for Webhook pods | `undefined` | -| `webhook.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Webhook container(s) | `undefined` | -| `webhook.initContainers` | Add additional init containers to the Webhook pods | `undefined` | -| `webhook.sidecars` | Add additional sidecar containers to the Webhook pod | `undefined` | +| `webhook.extraVolumes` | Optionally specify extra list of additional volumes for Webhook pods | `[]` | +| `webhook.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Webhook container | `[]` | +| `webhook.initContainers` | Add additional init containers to the Webhook pods | `{}` | +| `webhook.sidecars` | Add additional sidecar containers to the Webhook pod | `{}` | | `webhook.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | | `webhook.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `webhook.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `undefined` | +| `webhook.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### CAInjector deployment parameters -| Name | Description | Value | -| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -------------------- | -| `cainjector.replicaCount` | Number of CAInjector replicas | `1` | -| `cainjector.image.registry` | CAInjector image registry | `docker.io` | -| `cainjector.image.repository` | CAInjector image repository | `bitnami/cainjector` | -| `cainjector.image.tag` | CAInjector image tag (immutabe tags are recommended) | `1.3.1-debian-10-r2` | -| `cainjector.image.pullPolicy` | CAInjector image pull policy | `IfNotPresent` | -| `cainjector.image.pullSecrets` | CAInjector image pull secrets | `undefined` | -| `cainjector.image.debug` | CAInjector image debug mode | `false` | -| `cainjector.resources.limits` | The resources limits for the CAInjector container | `undefined` | -| `cainjector.resources.requests` | The requested resources for the CAInjector container | `undefined` | -| `cainjector.podSecurityContext.enabled` | Enabled CAInjector pods' Security Context | `true` | -| `cainjector.podSecurityContext.fsGroup` | Set CAInjector pod's Security Context fsGroup | `1001` | -| `cainjector.containerSecurityContext.enabled` | Enabled CAInjector containers' Security Context | `true` | -| `cainjector.containerSecurityContext.runAsUser` | Set CAInjector container's Security Context runAsUser | `1001` | -| `cainjector.containerSecurityContext.runAsNonRoot` | Set CAInjector container's Security Context runAsNonRoot | `true` | -| `cainjector.podAffinityPreset` | Pod affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `cainjector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `cainjector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `cainjector.nodeAffinityPreset.key` | Node label key to match. Ignored if `cainjector.affinity` is set | `""` | -| `cainjector.nodeAffinityPreset.values` | Node label values to match. Ignored if `cainjector.affinity` is set | `undefined` | -| `cainjector.affinity` | Affinity for Cert Manager CAInjector | `undefined` | -| `cainjector.nodeSelector` | Node labels for pod assignment | `undefined` | -| `cainjector.command` | Override CAInjector default command | `undefined` | -| `cainjector.args` | Override CAInjector default args | `undefined` | -| `cainjector.priorityClassName` | CAInjector pod priority class name | `nil` | -| `cainjector.hostAliases` | Custom host aliases for CAInjector pods | `undefined` | -| `cainjector.tolerations` | Tolerations for pod assignment | `undefined` | -| `cainjector.podLabels` | Extra labels for CAInjector pods | `undefined` | -| `cainjector.podAnnotations` | Annotations for CAInjector pods | `undefined` | -| `cainjector.lifecycleHooks` | Add lifecycle hooks to the CAInjector deployment | `undefined` | -| `cainjector.updateStrategy.type` | Controller deployment update strategy | `RollingUpdate` | -| `cainjector.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `undefined` | -| `cainjector.extraEnvVars` | Add extra environment variables to the CAInjector container | `undefined` | -| `cainjector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | -| `cainjector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | -| `cainjector.extraVolumes` | Optionally specify extra list of additional volumes for CAInjector pods | `undefined` | -| `cainjector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for CAInjector container(s) | `undefined` | -| `cainjector.initContainers` | Add additional init containers to the CAInjector pods | `undefined` | -| `cainjector.sidecars` | Add additional sidecar containers to the CAInjector pod | `undefined` | -| `cainjector.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `cainjector.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `cainjector.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `undefined` | +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | --------------------- | +| `cainjector.replicaCount` | Number of CAInjector replicas | `1` | +| `cainjector.image.registry` | CAInjector image registry | `docker.io` | +| `cainjector.image.repository` | CAInjector image repository | `bitnami/cainjector` | +| `cainjector.image.tag` | CAInjector image tag (immutable tags are recommended) | `1.4.0-debian-10-r25` | +| `cainjector.image.pullPolicy` | CAInjector image pull policy | `IfNotPresent` | +| `cainjector.image.pullSecrets` | CAInjector image pull secrets | `[]` | +| `cainjector.image.debug` | CAInjector image debug mode | `false` | +| `cainjector.resources.limits` | The resources limits for the CAInjector container | `{}` | +| `cainjector.resources.requests` | The requested resources for the CAInjector container | `{}` | +| `cainjector.podSecurityContext.enabled` | Enabled CAInjector pods' Security Context | `true` | +| `cainjector.podSecurityContext.fsGroup` | Set CAInjector pod's Security Context fsGroup | `1001` | +| `cainjector.containerSecurityContext.enabled` | Enabled CAInjector containers' Security Context | `true` | +| `cainjector.containerSecurityContext.runAsUser` | Set CAInjector container's Security Context runAsUser | `1001` | +| `cainjector.containerSecurityContext.runAsNonRoot` | Set CAInjector container's Security Context runAsNonRoot | `true` | +| `cainjector.podAffinityPreset` | Pod affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `cainjector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `cainjector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `cainjector.nodeAffinityPreset.key` | Node label key to match. Ignored if `cainjector.affinity` is set | `""` | +| `cainjector.nodeAffinityPreset.values` | Node label values to match. Ignored if `cainjector.affinity` is set | `[]` | +| `cainjector.affinity` | Affinity for Cert Manager CAInjector | `{}` | +| `cainjector.nodeSelector` | Node labels for pod assignment | `{}` | +| `cainjector.command` | Override CAInjector default command | `[]` | +| `cainjector.args` | Override CAInjector default args | `[]` | +| `cainjector.priorityClassName` | CAInjector pod priority class name | `nil` | +| `cainjector.hostAliases` | Custom host aliases for CAInjector pods | `[]` | +| `cainjector.tolerations` | Tolerations for pod assignment | `[]` | +| `cainjector.podLabels` | Extra labels for CAInjector pods | `{}` | +| `cainjector.podAnnotations` | Annotations for CAInjector pods | `{}` | +| `cainjector.lifecycleHooks` | Add lifecycle hooks to the CAInjector deployment | `{}` | +| `cainjector.updateStrategy.type` | Controller deployment update strategy | `RollingUpdate` | +| `cainjector.updateStrategy.rollingUpdate` | Controller deployment rolling update configuration parameters | `{}` | +| `cainjector.extraEnvVars` | Add extra environment variables to the CAInjector container | `[]` | +| `cainjector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | +| `cainjector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | +| `cainjector.extraVolumes` | Optionally specify extra list of additional volumes for CAInjector pods | `[]` | +| `cainjector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for CAInjector container(s) | `[]` | +| `cainjector.initContainers` | Add additional init containers to the CAInjector pods | `{}` | +| `cainjector.sidecars` | Add additional sidecar containers to the CAInjector pod | `{}` | +| `cainjector.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `cainjector.serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `cainjector.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Metrics Parameters -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------------------------------------------------------ | ----------- | -| `metrics.enabled` | Start metrics | `true` | -| `metrics.podAnnotations` | Annotations for Cert Manager exporter pods | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `nil` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `60s` | -| `metrics.serviceMonitor.path` | The path which the ServiceMonitor will monitor | `/metrics` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `30s` | -| `metrics.serviceMonitor.targetPort` | The port in which the ServiceMonitor will monitor | `9402` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `undefined` | +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------ | ---------- | +| `metrics.enabled` | Start metrics | `true` | +| `metrics.podAnnotations` | Annotations for Cert Manager exporter pods | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `nil` | +| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `60s` | +| `metrics.serviceMonitor.path` | The path which the ServiceMonitor will monitor | `/metrics` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `30s` | +| `metrics.serviceMonitor.targetPort` | The port in which the ServiceMonitor will monitor | `9402` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | ### Other Parameters diff --git a/bitnami/cert-manager/values.yaml b/bitnami/cert-manager/values.yaml index ac593109b6..3f4c05a5be 100644 --- a/bitnami/cert-manager/values.yaml +++ b/bitnami/cert-manager/values.yaml @@ -16,71 +16,61 @@ global: ## @param kubeVersion Override Kubernetes version ## kubeVersion: - ## @param nameOverride String to partially override common.names.fullname ## nameOverride: - ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: - -## @param commonLabels Labels to add to all deployed objects +## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} - -## @param commonAnnotations Annotations to add to all deployed objects +## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} - ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## @param logLevel Set up cert manager log level ## logLevel: 2 - ## Cert Manager leader Election +## @param leaderElection.namespace Namespace which leaderElection works. +## leaderElection: - ## @param leaderElection.namespace Namespace which leaderElection works. - ## namespace: "kube-system" - ## @param installCRDs Flag to install Cert Manager CRDs ## installCRDs: false - ## @param replicaCount Number of Cert Manager replicas ## replicaCount: 1 ## @section Controller deployment parameters + ## Controller deployment parameters ## controller: ## @param controller.replicaCount Number of Controller replicas ## replicaCount: 1 - ## Bitnami Cert Manager image ## ref: https://hub.docker.com/r/bitnami/cert-manager/tags/ + ## @param controller.image.registry Controller image registry + ## @param controller.image.repository Controller image repository + ## @param controller.image.tag Controller image tag (immutable tags are recommended) + ## @param controller.image.pullPolicy Controller image pull policy + ## @param controller.image.pullSecrets Controller image pull secrets + ## @param controller.image.debug Controller image debug mode ## image: - ## @param controller.image.registry Controller image registry - ## registry: docker.io - ## @param controller.image.repository Controller image repository - ## repository: bitnami/cert-manager - ## @param controller.image.tag Controller image tag (immutabe tags are recommended) - ## tag: 1.4.0-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - ## @param controller.image.pullPolicy Controller image pull policy ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -89,31 +79,27 @@ controller: ## E.g: ## pullSecrets: ## - myRegistryKeySecretName - ## @param controller.image.pullSecrets Controller image pull secrets ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## - ## @param controller.image.debug Controller image debug mode debug: false - acmesolver: + ## @param controller.acmesolver.image.registry Controller image registry + ## @param controller.acmesolver.image.repository Controller image repository + ## @param controller.acmesolver.image.tag Controller image tag (immutable tags are recommended) + ## @param controller.acmesolver.image.pullPolicy Controller image pull policy + ## @param controller.acmesolver.image.pullSecrets Controller image pull secrets + ## @param controller.acmesolver.image.debug Controller image debug mode + ## image: - ## @param controller.acmesolver.image.registry Controller image registry - ## registry: docker.io - ## @param controller.acmesolver.image.repository Controller image repository - ## repository: bitnami/acmesolver - ## @param controller.acmesolver.image.tag Controller image tag (immutabe tags are recommended) - ## tag: 1.4.0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - ## @param controller.acmesolver.image.pullPolicy Controller image pull policy - ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -121,25 +107,19 @@ controller: ## E.g: ## pullSecrets: ## - myRegistryKeySecretName - ## @param controller.acmesolver.image.pullSecrets Controller image pull secrets ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## - ## @param controller.acmesolver.image.debug Controller image debug mode debug: false - ## Controller containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param controller.resources.limits The resources limits for the Controller container + ## @param controller.resources.requests The requested resources for the Controller container ## resources: - ## @param controller.resources.limits The resources limits for the Controller container - ## limits: {} - ## @param controller.resources.requests The requested resources for the Controller container - ## requests: {} - ## controller pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param controller.podSecurityContext.enabled Enabled Controller pods' Security Context @@ -148,7 +128,6 @@ controller: podSecurityContext: enabled: true fsGroup: 1001 - ## controller containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param controller.containerSecurityContext.enabled Enabled Controller containers' Security Context @@ -159,92 +138,76 @@ controller: enabled: true runAsUser: 1001 runAsNonRoot: true - - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param controller.podAffinityPreset Pod affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" - - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param controller.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param controller.nodeAffinityPreset.type Node affinity preset type. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` + ## @param controller.nodeAffinityPreset.key Node label key to match. Ignored if `controller.affinity` is set + ## @param controller.nodeAffinityPreset.values Node label values to match. Ignored if `controller.affinity` is set ## nodeAffinityPreset: - ## @param controller.nodeAffinityPreset.type Node affinity preset type. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard` - ## type: "" - ## @param controller.nodeAffinityPreset.key Node label key to match. Ignored if `controller.affinity` is set - ## key: "" - ## @param controller.nodeAffinityPreset.values Node label values to match. Ignored if `controller.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - ## @param controller.affinity Affinity for Cert Manager Controller ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `controller.podAffinityPreset`, `controller.podAntiAffinityPreset`, and `controller.nodeAffinityPreset` will be ignored when it's set ## affinity: {} - + ## @param controller.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## @param controller.nodeSelector Node labels for pod assignment ## nodeSelector: {} - ## Controller Container port ## @param controller.containerPort Controller container port ## containerPort: 9402 - ## @param controller.command Override Controller default command ## command: [] ## @param controller.args Override Controller default args ## args: [] - ## @param controller.priorityClassName Controller pod priority class name ## priorityClassName: - ## @param controller.hostAliases Custom host aliases for Controller pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - + ## @param controller.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## @param controller.tolerations Tolerations for pod assignment ## tolerations: [] - + ## @param controller.podLabels Extra labels for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## @param controller.podLabels Extra labels for Controller pods ## podLabels: {} - + ## @param controller.podAnnotations Annotations for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## @param controller.podAnnotations Annotations for Controller pods ## podAnnotations: {} - ## @param controller.lifecycleHooks Add lifecycle hooks to the Controller deployment ## lifecycleHooks: {} - + ## @param controller.updateStrategy.type Controller deployment update strategy + ## @param controller.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters + ## updateStrategy: - ## @param controller.updateStrategy.type Controller deployment update strategy type: RollingUpdate - ## @param controller.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters rollingUpdate: {} - ## @param controller.extraEnvVars Add extra environment variables to the Controller container ## E.g: ## extraEnvVars: @@ -252,24 +215,19 @@ controller: ## value: "bar" ## extraEnvVars: [] - ## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: - ## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: - - ## @param controller.extraVolumes Optionally specify extra list of additional volumes for Controller pods + ## @param controller.extraVolumes Optionally specify extra list of additional volumes for Controller pods ## extraVolumes: [] - - ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Controller container(s) + ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Controller container(s) ## extraVolumeMounts: [] - - ## @param controller.initContainers Add additional init containers to the Controller pods + ## @param controller.initContainers Add additional init containers to the Controller pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## E.g: ## initContainers: @@ -281,8 +239,7 @@ controller: ## containerPort: 1234 ## initContainers: {} - - ## @param controller.sidecars Add additional sidecar containers to the Controller pod + ## @param controller.sidecars Add additional sidecar containers to the Controller pod ## E.g: ## sidecars: ## - name: your-image-name @@ -293,7 +250,6 @@ controller: ## containerPort: 1234 ## sidecars: {} - ## ServiceAccount configuration ## serviceAccount: @@ -309,32 +265,30 @@ controller: annotations: {} ## @section Webhook deployment parameters + ## Webhook deployment parameters ## webhook: ## @param webhook.replicaCount Number of Webhook replicas ## replicaCount: 1 - ## Bitnami Cert Manager Webhook image ## ref: https://hub.docker.com/r/bitnami/cert-manager-webhook/tags/ + ## @param webhook.image.registry Webhook image registry + ## @param webhook.image.repository Webhook image repository + ## @param webhook.image.tag Webhook image tag (immutable tags are recommended) + ## @param webhook.image.pullPolicy Webhook image pull policy + ## @param webhook.image.pullSecrets Webhook image pull secrets + ## @param webhook.image.debug Webhook image debug mode ## image: - ## @param webhook.image.registry Webhook image registry - ## registry: docker.io - ## @param webhook.image.repository Webhook image repository - ## repository: bitnami/cert-manager-webhook - ## @param webhook.image.tag Webhook image tag (immutabe tags are recommended) - ## tag: 1.4.0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - ## @param webhook.image.pullPolicy Webhook image pull policy - ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -342,25 +296,21 @@ webhook: ## E.g: ## pullSecrets: ## - myRegistryKeySecretName - ## @param webhook.image.pullSecrets Webhook image pull secrets ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## - ## @param webhook.image.debug Webhook image debug mode debug: false - ## Webhook containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: - ## @param webhook.resources.limits The resources limits for the Webhook container + ## @param webhook.resources.limits The resources limits for the Webhook container ## limits: {} - ## @param webhook.resources.requests The requested resources for the Webhook container + ## @param webhook.resources.requests The requested resources for the Webhook container ## requests: {} - ## webhook pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param webhook.podSecurityContext.enabled Enabled Webhook pods' Security Context @@ -369,7 +319,6 @@ webhook: podSecurityContext: enabled: true fsGroup: 1001 - ## webhook containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param webhook.containerSecurityContext.enabled Enabled Webhook containers' Security Context @@ -380,63 +329,52 @@ webhook: enabled: true runAsUser: 1001 runAsNonRoot: true - - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param webhook.podAffinityPreset Pod affinity preset. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" - - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param webhook.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param webhook.nodeAffinityPreset.type Node affinity preset type. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` + ## @param webhook.nodeAffinityPreset.key Node label key to match. Ignored if `webhook.affinity` is set + ## @param webhook.nodeAffinityPreset.values Node label values to match. Ignored if `webhook.affinity` is set ## nodeAffinityPreset: - ## @param webhook.nodeAffinityPreset.type Node affinity preset type. Ignored if `webhook.affinity` is set. Allowed values: `soft` or `hard` - ## type: "" - ## @param webhook.nodeAffinityPreset.key Node label key to match. Ignored if `webhook.affinity` is set - ## key: "" - ## @param webhook.nodeAffinityPreset.values Node label values to match. Ignored if `webhook.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - ## @param webhook.affinity Affinity for Cert Manager Webhook ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `webhook.podAffinityPreset`, `webhook.podAntiAffinityPreset`, and `webhook.nodeAffinityPreset` will be ignored when it's set ## affinity: {} - + ## @param webhook.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## @param webhook.nodeSelector Node labels for pod assignment ## nodeSelector: {} - ## Webhook Container port ## @param webhook.containerPort Webhook container port ## containerPort: 10250 - ## Webhook https port ## @param webhook.httpsPort Webhook container port ## httpsPort: 443 - ## @param webhook.command Override Webhook default command ## command: [] ## @param webhook.args Override Webhook default args ## args: [] - ## @param webhook.livenessProbe.enabled Enable livenessProbe ## @param webhook.livenessProbe.path Path for livenessProbe ## @param webhook.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe @@ -469,56 +407,46 @@ webhook: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 - ## Custom Startup probes for webhook - ## @param webhook.customStartupProbe Override default startup probe + ## @param webhook.customStartupProbe Override default startup probe ## customStartupProbe: {} - ## Custom Liveness probes for webhook - ## @param webhook.customLivenessProbe Override default liveness probe + ## @param webhook.customLivenessProbe Override default liveness probe ## customLivenessProbe: {} - ## Custom Rediness probes webhook - ## @param webhook.customReadinessProbe Override default readiness probe + ## @param webhook.customReadinessProbe Override default readiness probe ## customReadinessProbe: {} - ## @param webhook.priorityClassName Webhook pod priority class name ## priorityClassName: - ## @param webhook.hostAliases Custom host aliases for Webhook pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - + ## @param webhook.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## @param webhook.tolerations Tolerations for pod assignment ## tolerations: [] - + ## @param webhook.podLabels Extra labels for Webhook pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## @param webhook.podLabels Extra labels for Webhook pods ## podLabels: {} - + ## @param webhook.podAnnotations Annotations for Webhook pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## @param webhook.podAnnotations Annotations for Webhook pods ## podAnnotations: {} - ## @param webhook.lifecycleHooks Add lifecycle hooks to the Webhook deployment ## lifecycleHooks: {} - + ## @param webhook.updateStrategy.type Webhook deployment update strategy + ## @param webhook.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters + ## updateStrategy: - ## @param webhook.updateStrategy.type Webhook deployment update strategy type: RollingUpdate - ## @param webhook.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters rollingUpdate: {} - ## @param webhook.extraEnvVars Add extra environment variables to the Webhook container ## E.g: ## extraEnvVars: @@ -526,24 +454,19 @@ webhook: ## value: "bar" ## extraEnvVars: [] - ## @param webhook.extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: - ## @param webhook.extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: - - ## @param webhook.extraVolumes Optionally specify extra list of additional volumes for Webhook pods + ## @param webhook.extraVolumes Optionally specify extra list of additional volumes for Webhook pods ## extraVolumes: [] - - ## @param webhook.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Webhook container(s) + ## @param webhook.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Webhook container ## extraVolumeMounts: [] - - ## @param webhook.initContainers Add additional init containers to the Webhook pods + ## @param webhook.initContainers Add additional init containers to the Webhook pods ## E.g: ## initContainers: ## - name: your-image-name @@ -554,8 +477,7 @@ webhook: ## containerPort: 1234 ## initContainers: {} - - ## @param webhook.sidecars Add additional sidecar containers to the Webhook pod + ## @param webhook.sidecars Add additional sidecar containers to the Webhook pod ## E.g: ## sidecars: ## - name: your-image-name @@ -566,7 +488,6 @@ webhook: ## containerPort: 1234 ## sidecars: {} - ## ServiceAccount configuration ## serviceAccount: @@ -582,6 +503,7 @@ webhook: annotations: {} ## @section CAInjector deployment parameters + ## CAInjector deployment parameters ## cainjector: @@ -591,23 +513,21 @@ cainjector: ## Bitnami CAInjector image ## ref: https://hub.docker.com/r/bitnami/cainjector/tags/ + ## @param cainjector.image.registry CAInjector image registry + ## @param cainjector.image.repository CAInjector image repository + ## @param cainjector.image.tag CAInjector image tag (immutable tags are recommended) + ## @param cainjector.image.pullPolicy CAInjector image pull policy + ## @param cainjector.image.pullSecrets CAInjector image pull secrets + ## @param cainjector.image.debug CAInjector image debug mode ## image: - ## @param cainjector.image.registry CAInjector image registry - ## registry: docker.io - ## @param cainjector.image.repository CAInjector image repository - ## repository: bitnami/cainjector - ## @param cainjector.image.tag CAInjector image tag (immutabe tags are recommended) - ## tag: 1.4.0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## - ## @param cainjector.image.pullPolicy CAInjector image pull policy - ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -615,25 +535,21 @@ cainjector: ## E.g: ## pullSecrets: ## - myRegistryKeySecretName - ## @param cainjector.image.pullSecrets CAInjector image pull secrets ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## - ## @param cainjector.image.debug CAInjector image debug mode debug: false - ## CAInjector containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: - ## @param cainjector.resources.limits The resources limits for the CAInjector container + ## @param cainjector.resources.limits The resources limits for the CAInjector container ## limits: {} - ## @param cainjector.resources.requests The requested resources for the CAInjector container + ## @param cainjector.resources.requests The requested resources for the CAInjector container ## requests: {} - ## cainjector pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param cainjector.podSecurityContext.enabled Enabled CAInjector pods' Security Context @@ -642,7 +558,6 @@ cainjector: podSecurityContext: enabled: true fsGroup: 1001 - ## cainjector containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param cainjector.containerSecurityContext.enabled Enabled CAInjector containers' Security Context @@ -653,87 +568,71 @@ cainjector: enabled: true runAsUser: 1001 runAsNonRoot: true - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param cainjector.podAffinityPreset Pod affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` ## podAffinityPreset: "" - - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @param cainjector.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param cainjector.nodeAffinityPreset.type Node affinity preset type. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` + ## @param cainjector.nodeAffinityPreset.key Node label key to match. Ignored if `cainjector.affinity` is set + ## @param cainjector.nodeAffinityPreset.values Node label values to match. Ignored if `cainjector.affinity` is set ## nodeAffinityPreset: - ## @param cainjector.nodeAffinityPreset.type Node affinity preset type. Ignored if `cainjector.affinity` is set. Allowed values: `soft` or `hard` - ## type: "" - ## @param cainjector.nodeAffinityPreset.key Node label key to match. Ignored if `cainjector.affinity` is set - ## key: "" - ## @param cainjector.nodeAffinityPreset.values Node label values to match. Ignored if `cainjector.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - ## @param cainjector.affinity Affinity for Cert Manager CAInjector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `cainjector.podAffinityPreset`, `cainjector.podAntiAffinityPreset`, and `cainjector.nodeAffinityPreset` will be ignored when it's set ## affinity: {} - - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## @param cainjector.nodeSelector Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - ## @param cainjector.command Override CAInjector default command ## command: [] ## @param cainjector.args Override CAInjector default args ## args: [] - ## @param cainjector.priorityClassName CAInjector pod priority class name ## priorityClassName: - ## @param cainjector.hostAliases Custom host aliases for CAInjector pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - + ## @param cainjector.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## @param cainjector.tolerations Tolerations for pod assignment ## tolerations: [] - + ## @param cainjector.podLabels Extra labels for CAInjector pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## @param cainjector.podLabels Extra labels for CAInjector pods ## podLabels: {} - + ## @param cainjector.podAnnotations Annotations for CAInjector pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## @param cainjector.podAnnotations Annotations for CAInjector pods ## podAnnotations: {} - ## @param cainjector.lifecycleHooks Add lifecycle hooks to the CAInjector deployment ## lifecycleHooks: {} - + ## @param cainjector.updateStrategy.type Controller deployment update strategy + ## @param cainjector.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters updateStrategy: - ## @param cainjector.updateStrategy.type Controller deployment update strategy type: RollingUpdate - ## @param cainjector.updateStrategy.rollingUpdate Controller deployment rolling update configuration parameters rollingUpdate: {} - ## @param cainjector.extraEnvVars Add extra environment variables to the CAInjector container ## E.g: ## extraEnvVars: @@ -741,24 +640,19 @@ cainjector: ## value: "bar" ## extraEnvVars: [] - ## @param cainjector.extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: - ## @param cainjector.extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: - - ## @param cainjector.extraVolumes Optionally specify extra list of additional volumes for CAInjector pods + ## @param cainjector.extraVolumes Optionally specify extra list of additional volumes for CAInjector pods ## extraVolumes: [] - - ## @param cainjector.extraVolumeMounts Optionally specify extra list of additional volumeMounts for CAInjector container(s) + ## @param cainjector.extraVolumeMounts Optionally specify extra list of additional volumeMounts for CAInjector container(s) ## extraVolumeMounts: [] - - ## @param cainjector.initContainers Add additional init containers to the CAInjector pods + ## @param cainjector.initContainers Add additional init containers to the CAInjector pods ## E.g: ## initContainers: ## - name: your-image-name @@ -769,8 +663,7 @@ cainjector: ## containerPort: 1234 ## initContainers: {} - - ## @param cainjector.sidecars Add additional sidecar containers to the CAInjector pod + ## @param cainjector.sidecars Add additional sidecar containers to the CAInjector pod ## E.g: ## sidecars: ## - name: your-image-name @@ -781,7 +674,6 @@ cainjector: ## containerPort: 1234 ## sidecars: {} - ## ServiceAccount configuration ## serviceAccount: @@ -797,6 +689,7 @@ cainjector: annotations: {} ## @section Metrics Parameters + metrics: ## @param metrics.enabled Start metrics ## @@ -805,7 +698,6 @@ metrics: ## ref: https://github.com/coreos/prometheus-operator ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## - ## @param metrics.podAnnotations [object] Annotations for Cert Manager exporter pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## @@ -813,34 +705,26 @@ metrics: prometheus.io/path: "/metrics" prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.controller.containerPort }}" - + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator + ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created + ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped + ## @param metrics.serviceMonitor.path The path which the ServiceMonitor will monitor + ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended + ## @param metrics.serviceMonitor.targetPort The port in which the ServiceMonitor will monitor + ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## namespace: - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## interval: 60s - ## @param metrics.serviceMonitor.path The path which the ServiceMonitor will monitor - ## path: /metrics - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## scrapeTimeout: 30s - ## @param metrics.serviceMonitor.targetPort The port in which the ServiceMonitor will monitor - ## targetPort: 9402 - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## additionalLabels: {} ## @section Other Parameters + ## RBAC configuration +## @param rbac.create Specifies whether RBAC resources should be created ## rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## create: true diff --git a/bitnami/consul/Chart.yaml b/bitnami/consul/Chart.yaml index ac2ad8b036..18c554fd2b 100644 --- a/bitnami/consul/Chart.yaml +++ b/bitnami/consul/Chart.yaml @@ -23,4 +23,4 @@ name: consul sources: - https://github.com/bitnami/bitnami-docker-consul - https://www.consul.io/ -version: 9.2.15 +version: 9.2.16 diff --git a/bitnami/consul/README.md b/bitnami/consul/README.md index 06593095dd..dda04910fa 100644 --- a/bitnami/consul/README.md +++ b/bitnami/consul/README.md @@ -49,164 +49,178 @@ $ helm delete --purge my-release ## Parameters -The following table lists the configurable parameters of the HashiCorp Consul chart and their default values. +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | ### Common parameters -| Parameter | Description | Default | -|---------------------|-----------------------------------------------------------------------------|-----------------| -| `nameOverride` | String to partially override consul.fullname | `nil` | -| `fullnameOverride` | String to fully override consul.fullname | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `commonLabels` | Labels to add to all deployed objects | `nil` | -| `commonAnnotations` | Annotations to add to all deployed objects | `[]` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `nil` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `nil` | +| `nameOverride` | String to partially override common.names.fullname | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname | `nil` | +| `commonLabels` | Labels to add to all deployed objects (sub-charts are not considered) | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects (sub-charts are not considered) | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + ### HashiCorp Consul parameters -| Parameter | Description | Default | -|----------------------------|----------------------------------------------------------------------|---------------------------------------------------------| -| `image.registry` | HashiCorp Consul image registry | `docker.io` | -| `image.repository` | HashiCorp Consul image name | `bitnami/consul` | -| `image.tag` | HashiCorp Consul image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `datacenterName` | HashiCorp Consul datacenter name | `dc1` | -| `domain` | HashiCorp Consul domain | `consul` | -| `raftMultiplier` | Multiplier used to scale key Raft timing parameters | `1` | -| `gossipKey` | Gossip key for all members | `nil` | -| `tlsEncryptionSecretName` | Name of existing secret with TLS encryption data | `nil` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `configuration` | HashiCorp Consul configuration to be injected as ConfigMap | `{}` | -| `existingConfigmap` | Name of existing ConfigMap with HashiCorp Consul configuration | `nil` | -| `localConfig` | Extra configuration that will be added to the default one | `nil` | -| `command` | Override default container command (useful when using custom images) | `nil` | -| `args` | Override default container args (useful when using custom images) | `nil` | -| `extraEnvVars` | Extra environment variables to be set on HashiCorp Consul container | `{}` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | -| `containerPorts.http` | Port to open for HTTP in Consul | `8500` | -| `containerPorts.dns` | Port to open for DNS server in Consul | `8600` | -| `containerPorts.rcp` | Port to open for RCP in Consul | `8400` | -| `containerPorts.rpcServer` | Port to open for RCP Server in Consul | `8300` | -| `containerPorts.serfLAN` | Port to open for Serf LAN in Consul | `8301` | +| Name | Description | Value | +| -------------------------- | -------------------------------------------------------------------------------------------- | --------------------- | +| `image.registry` | HashiCorp Consul image registry | `docker.io` | +| `image.repository` | HashiCorp Consul image repository | `bitnami/consul` | +| `image.tag` | HashiCorp Consul image tag (immutable tags are recommended) | `1.10.1-debian-10-r0` | +| `image.pullPolicy` | HashiCorp Consul image pull policy | `IfNotPresent` | +| `image.pullSecrets` | HashiCorp Consul image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `datacenterName` | Datacenter name for Consul. If not supplied, will use the Consul | `dc1` | +| `domain` | Consul domain name | `consul` | +| `raftMultiplier` | Multiplier used to scale key Raft timing parameters | `1` | +| `gossipKey` | Gossip key for all members. The key must be 16-bytes, can be generated with $(consul keygen) | `nil` | +| `tlsEncryptionSecretName` | Name of existing secret with TLS encryption data | `nil` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `configuration` | HashiCorp Consul configuration to be injected as ConfigMap | `""` | +| `existingConfigmap` | ConfigMap with HashiCorp Consul configuration | `nil` | +| `localConfig` | Extra configuration that will be added to the default one | `""` | +| `command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `extraEnvVars` | Extra environment variables to be set on HashiCorp Consul container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | +| `containerPorts.http` | Port to open for HTTP in Consul | `8500` | +| `containerPorts.dns` | Port to open for DNS server in Consul | `8600` | +| `containerPorts.rpc` | Port to open for RPC in Consul | `8400` | +| `containerPorts.rpcServer` | Port to open for RPC Server in Consul | `8300` | +| `containerPorts.serfLAN` | Port to open for Serf LAN in Consul | `8301` | + ### Statefulset parameters -| Parameter | Description | Default | -|--------------------------------------|-------------------------------------------------------------------------------------------|--------------------------------| -| `replicaCount` | Number of HashiCorp Consul replicas | `3` | -| `updateStrategy` | Update strategy type for the statefulset | `RollingUpdate` | -| `rollingUpdatePartition` | Partition update strategy | `nil` | -| `priorityClassName` | HashiCorp Consul priorityClassName | `nil` | -| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `podSecurityContext.enabled` | Enable security context for HashiCorp Consul pods | `true` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `containerSecurityContext.enabled` | HashiCorp Consul Container securityContext | `true` | -| `containerSecurityContext.runAsUser` | User ID for the HashiCorp Consul container | `1001` | -| `resources.limits` | The resources limits for HashiCorp Consul containers | `{}` | -| `resources.requests` | The requested resources for HashiCorp Consul containers | `{}` | -| `livenessProbe` | Liveness probe configuration for HashiCorp Consul | Check `values.yaml` file | -| `readinessProbe` | Readiness probe configuration for HashiCorp Consul | Check `values.yaml` file | -| `customLivenessProbe` | Override default liveness probe | `nil` | -| `customReadinessProbe` | Override default readiness probe | `nil` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for hashicorp consul container | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for hashicorp consul container | `[]` | -| `initContainers` | Add additional init containers to the hashicorp consul pods | `{}` (evaluated as a template) | -| `sidecars` | Add additional sidecar containers to the hashicorp consul pods | `{}` (evaluated as a template) | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | +| Name | Description | Value | +| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | +| `replicaCount` | Number of HashiCorp Consul replicas to deploy | `3` | +| `updateStrategy` | Update strategy type for the HashiCorp Consul statefulset | `RollingUpdate` | +| `rollingUpdatePartition` | Partition update strategy | `nil` | +| `podManagementPolicy` | StatefulSet pod management policy | `Parallel` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `podSecurityContext.enabled` | Enable security context for HashiCorp Consul pods | `true` | +| `podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | +| `containerSecurityContext.enabled` | HashiCorp Consul Container securityContext | `true` | +| `containerSecurityContext.runAsUser` | User ID for the HashiCorp Consul container | `1001` | +| `resources.limits` | The resources limits for HashiCorp Consul containers | `{}` | +| `resources.requests` | The requested resources for HashiCorp Consul containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Hashicorp Consul container | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes for Hashicorp Consul container | `[]` | +| `initContainers` | Add additional init containers to the Hashicorp Consul pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Hashicorp Consul pods | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number of pods that must still be available after the eviction | `1` | +| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `nil` | + ### Exposure parameters -| Parameter | Description | Default | -|----------------------------------|-----------------------------------------------------------------------------------|--------------------------------| -| `service.enabled` | Use a service to access HashiCorp Consul Ui | `true` | -| `service.port` | HashiCorp Consul UI svc port | `80` | -| `service.type` | Kubernetes Service Type | `ClusterIP` | -| `service.nodePort` | Kubernetes node port for HashiCorp Consul UI | `""` | -| `service.annotations` | Annotations for HashiCorp Consul UI service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | IP if HashiCorp Consul UI service type is `LoadBalancer` | `nil` | -| `ingress.enabled` | Enable ingress resource for Management console | `false` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `` | -| `ingress.path` | Ingress path | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `consul-ui.local` | -| `ingress.annotations` | Ingress annotations | `[]` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` | -| `ingress.existingSecret` | Existing secret for the Ingress TLS certificate | `nil` | -| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------- | ------------------------ | +| `service.enabled` | Use a service to access HashiCorp Consul Ui | `true` | +| `service.port` | HashiCorp Consul UI svc port | `80` | +| `service.type` | HashiCorp Consul UI Service Type | `ClusterIP` | +| `service.nodePort` | Node port for HashiCorp Consul UI | `""` | +| `service.loadBalancerIP` | HashiCorp Consul UI service Load Balancer IP | `""` | +| `service.annotations` | Annotations for HashiCorp Consul UI service | `{}` | +| `ingress.enabled` | Enable ingress resource for Management console | `false` | +| `ingress.path` | Path for the default host | `/` | +| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `nil` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.hostname` | Default host for the ingress resource, a host pointing to this will be created | `consul-ui.local` | +| `ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | +| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `nil` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `nil` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | + ### Persistence parameters -| Parameter | Description | Default | -|----------------------------|------------------------------------------------------|--------------------------------| -| `persistence.enabled` | Enable HashiCorp Consul data persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for HashiCorp Consul data volume | `nil` | -| `persistence.annotations` | Persistent Volume Claim annotations Annotations | `{}` (evaluated as a template) | -| `persistence.accessMode` | PVC Access Mode for HashiCorp Consul data volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for HashiCorp Consul data volume | `8Gi` | +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------------------------------------------------- | ------ | +| `persistence.enabled` | Enable HashiCorp Consul data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir | `true` | +| `persistence.storageClass` | Persistent Volume storage class | `nil` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Mode | `[]` | +| `persistence.size` | PVC Storage Request for HashiCorp Consul data volume | `8Gi` | + ### Volume Permissions parameters -| Parameter | Description | Default | -|----------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r133` | +| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `Always` | +| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | + ### Metrics parameters -| Parameter | Description | Default | -|-------------------------------------------|-------------------------------------------------------------------------------------|---------------------------| -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image` | Exporter image | `bitnami/consul-exporter` | -| `metrics.imageTag` | Exporter image tag | `{TAG_NAME}` | -| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.resources` | Exporter resource requests/limit | `{}` | -| `metrics.podAnnotations` | Exporter annotations | `{}` | -| `metrics.service.type` | Kubernetes Service type (consul metrics) | `ClusterIP` | -| `metrics.service.annotations` | Annotations for the services to monitor | {} | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `monitoring` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | -| `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` | +| Name | Description | Value | +| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | HashiCorp Consul Prometheus Exporter image registry | `docker.io` | +| `metrics.image.repository` | HashiCorp Consul Prometheus Exporter image repository | `bitnami/consul-exporter` | +| `metrics.image.tag` | HashiCorp Consul Prometheus Exporter image tag (immutable tags are recommended) | `0.7.1-debian-10-r331` | +| `metrics.image.pullPolicy` | HashiCorp Consul Prometheus Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | HashiCorp Consul Prometheus Exporter image pull secrets | `[]` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `metrics.service.loadBalancerIP` | Service Load Balancer IP | `""` | +| `metrics.service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | +| `metrics.resources.limits` | The resources limits for the container | `{}` | +| `metrics.resources.requests` | The requested resources for the container | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator, set to true to create a Service Monitor Entry | `false` | +| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.relabellings` | Metrics relabellings to add to the scrape endpoint | `nil` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.release` | Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work | `nil` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/consul/values.yaml b/bitnami/consul/values.yaml index 2f522f2530..a29ebade48 100644 --- a/bitnami/consul/values.yaml +++ b/bitnami/consul/values.yaml @@ -1,19 +1,55 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## Force target Kubernetes version (using Helm capabilites if not set) +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: + +## @section Common parameters + +## @param kubeVersion Override Kubernetes version ## kubeVersion: +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: +## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered) +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects (sub-charts are not considered) +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] -## Bitnami HashiCorp Consul image version +## @section HashiCorp Consul parameters + +## Bitnami HashiCorp Consul image ## ref: https://hub.docker.com/r/bitnami/consul/tags/ +## @param image.registry HashiCorp Consul image registry +## @param image.repository HashiCorp Consul image repository +## @param image.tag HashiCorp Consul image tag (immutable tags are recommended) +## @param image.pullPolicy HashiCorp Consul image pull policy +## @param image.pullSecrets HashiCorp Consul image pull secrets +## @param image.debug Enable image debug mode ## image: registry: docker.io @@ -27,62 +63,40 @@ image: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs + pullSecrets: [] + ## Enable debug mode ## debug: false - -## String to partially override consul.fullname template (will maintain the release name) +## @param datacenterName Datacenter name for Consul. If not supplied, will use the Consul ## -# nameOverride: - -## String to fully override consul.fullname template +datacenterName: dc1 +## @param domain Consul domain name ## -# fullnameOverride: - -## Consul cluster domain +domain: consul +## @param raftMultiplier Multiplier used to scale key Raft timing parameters ## -clusterDomain: cluster.local - -## Common annotations to add to all HashiCorp Consul resources (sub-charts are not considered). Evaluated as a template +raftMultiplier: '1' +## @param gossipKey Gossip key for all members. The key must be 16-bytes, can be generated with $(consul keygen) +## Example: +## gossipKey: 887Syd/BOvbtvRAKviazMg== ## -commonAnnotations: {} - -## Common labels to add to all HashiCorp Consul resources (sub-charts are not considered). Evaluated as a template +gossipKey: +## @param tlsEncryptionSecretName Name of existing secret with TLS encryption data +## Use TLS to verify the authenticity of servers and clients. +## Check README for more information. +## Example: +## tlsEncryptionSecretName: your-already-created-secret ## -commonLabels: {} - -## Deployment pod host aliases +tlsEncryptionSecretName: +## @param hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - -## Datacenter name for consul. If not supplied, will use the consul -## -datacenterName: dc1 - -## Consul domain name -## -domain: consul - -## Consul raft multiplier. -## -raftMultiplier: '1' - -## Predefined value for gossip key. -## The key must be 16-bytes, can be generated with $(consul keygen) -## -# gossipKey: 887Syd/BOvbtvRAKviazMg== - -## Use TLS to verify the authenticity of servers and clients. -## Check README for more information. -## -# tlsEncryptionSecretName: your-already-created-secret - -## HashiCorp Consul configuration +## @param configuration HashiCorp Consul configuration to be injected as ConfigMap ## Example: ## configuration: |- ## { @@ -106,12 +120,10 @@ raftMultiplier: '1' ## } ## configuration: "" - -## ConfigMap with HashiCorp Consul configuration +## @param existingConfigmap ConfigMap with HashiCorp Consul configuration ## -# existingConfigmap: - -## Extra configuration that will be added to the default one. +existingConfigmap: +## @param localConfig Extra configuration that will be added to the default one ## Example: ## localConfig: |- ## { @@ -119,241 +131,30 @@ configuration: "" ## } ## localConfig: "" - -## Command and args for running the container (set to default if not set). Use array form +## @param command Command for running the container (set to default if not set). Use array form ## command: [] +## @param args Args for running the container (set to default if not set). Use array form +## args: [] - -## An array to add extra env vars +## @param extraEnvVars Extra environment variables to be set on HashiCorp Consul container ## For example: ## extraEnvVars: [] # - name: FOO # value: BAR - -## ConfigMap with extra environment variables +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: - -## Secret with extra environment variables +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Extra init containers to add to the deployment -## -initContainers: [] - -## Extra sidecar containers to add to the deployment -## -sidecars: [] - -## Number of HashiCorp Consul replicas to deploy -## -replicaCount: 3 - -## updateStrategy for HashiCorp Consul statefulset -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: RollingUpdate - -## Partition update strategy -## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions -## -# rollingUpdatePartition: - -## StatefulSet pod management policy -## -podManagementPolicy: Parallel - -## Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod security context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## HashiCorp Consul container security context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - -## HashiCorp Consul container's resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # memory: 256Mi - # cpu: 100m - requests: {} - # memory: 256Mi - # cpu: 100m - -## HashiCorp Consul container's liveness and readiness probes -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Custom Liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probe -## -customReadinessProbe: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## If true, use a Persistent Volume Claim, If false, use emptyDir - ## - enabled: true - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## Persistent Volume Claim annotations - ## - annotations: {} - ## Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## Persistent Volume size - ## - size: 8Gi - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the podSecurityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r133 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 100m - # memory: 128Mi - requests: {} - # cpu: 100m - # memory: 128Mi - -## HashiCorp Consul Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - create: false - ## Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 - ## HashiCorp Consul container ports to open +## @param containerPorts.http Port to open for HTTP in Consul +## @param containerPorts.dns Port to open for DNS server in Consul +## @param containerPorts.rpc Port to open for RPC in Consul +## @param containerPorts.rpcServer Port to open for RPC Server in Consul +## @param containerPorts.serfLAN Port to open for Serf LAN in Consul ## containerPorts: http: 8500 @@ -362,91 +163,247 @@ containerPorts: rpcServer: 8300 serfLAN: 8301 +## @section Statefulset parameters + +## @param replicaCount Number of HashiCorp Consul replicas to deploy +## +replicaCount: 3 +## @param updateStrategy Update strategy type for the HashiCorp Consul statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: RollingUpdate +## @param rollingUpdatePartition Partition update strategy +## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions +## +rollingUpdatePartition: +## @param podManagementPolicy StatefulSet pod management policy +## +podManagementPolicy: Parallel +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable security context for HashiCorp Consul pods +## @param podSecurityContext.fsGroup Group ID for the volumes of the pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Container security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled HashiCorp Consul Container securityContext +## @param containerSecurityContext.runAsUser User ID for the HashiCorp Consul container +## +containerSecurityContext: + enabled: true + runAsUser: 1001 +## Container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for HashiCorp Consul containers +## @param resources.requests The requested resources for HashiCorp Consul containers +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} +## Configure extra options for HashiCorp Consul containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Hashicorp Consul container +## +extraVolumeMounts: [] +## @param extraVolumes Optionally specify extra list of additional volumes for Hashicorp Consul container +## +extraVolumes: [] +## @param initContainers Add additional init containers to the Hashicorp Consul pods +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the Hashicorp Consul pods +## +sidecars: [] +## HashiCorp Consul Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: false + ## @param pdb.minAvailable Minimum number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction + ## + maxUnavailable: + +## @section Exposure parameters + ## HashiCorp Consul UI service parameters ## service: + ## @param service.enabled Use a service to access HashiCorp Consul Ui + ## enabled: true - ## HashiCorp Consul UI svc port + ## @param service.port HashiCorp Consul UI svc port ## port: 80 - ## Service type + ## @param service.type HashiCorp Consul UI Service Type ## type: ClusterIP ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param service.nodePort Node port for HashiCorp Consul UI ## nodePort: "" + ## @param service.loadBalancerIP HashiCorp Consul UI service Load Balancer IP ## Set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## - # loadBalancerIP: + loadBalancerIP: "" ## Provide any additional annotations which may be required. This can be used to ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## @param service.annotations Annotations for HashiCorp Consul UI service ## annotations: {} - ## Configure the ingress resource that allows you to access the Consul UI ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: - ## Set to true to enable ingress record generation + ## @param ingress.enabled Enable ingress resource for Management console ## enabled: false - - ## Path for the default host + ## @param ingress.path Path for the default host ## path: / - - ## Override API Version (automatically detected if not set) + ## @param ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: - - ## Ingress Path type + ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param ingress.certManager Add annotations for cert-manager ## certManager: false - - ## When the ingress is enabled, a host pointing to this will be created + ## @param ingress.hostname Default host for the ingress resource, a host pointing to this will be created ## hostname: consul-ui.local - - ## Ingress annotations done as key:value pairs + ## @param ingress.annotations Ingress annotations done as key:value pairs ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## or a custom one if you use the tls.existingSecret parameter ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false + ## Example: ## existingSecret: name-of-existing-secret ## - - ## The list of additional hostnames to be covered with this ingress record. + tls: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: consul-ui.local ## path: / ## - - ## The tls configuration for additional hostnames to be covered with this ingress record. + extraHosts: + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - consul-ui.local ## secretName: rconsul-ui.local-tls ## - - ## If you're providing your own certificates, please use this to add the certificates as secrets + extraTls: + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## @@ -455,19 +412,103 @@ ingress: ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information - ## - secrets: [] + ## Example: ## - name: consul-ui.local-tls ## key: ## certificate: ## + secrets: [] + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable HashiCorp Consul data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## @param persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for HashiCorp Consul data volume + ## + size: 8Gi + +## @section Volume Permissions parameters + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the podSecurityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param volumePermissions.image.registry Bitnami Shell image registry + ## @param volumePermissions.image.repository Bitnami Shell image repository + ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy + ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r133 + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the container + ## @param volumePermissions.resources.requests The requested resources for the container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + +## @section Metrics parameters ## Prometheus Exporter / Metrics ## metrics: + ## @param metrics.enabled Start a side-car prometheus exporter + ## enabled: false ## Bitnami HashiCorp Consul Prometheus Exporter image ## ref: https://hub.docker.com/r/bitnami/consul-exporter/tags/ + ## @param metrics.image.registry HashiCorp Consul Prometheus Exporter image registry + ## @param metrics.image.repository HashiCorp Consul Prometheus Exporter image repository + ## @param metrics.image.tag HashiCorp Consul Prometheus Exporter image tag (immutable tags are recommended) + ## @param metrics.image.pullPolicy HashiCorp Consul Prometheus Exporter image pull policy + ## @param metrics.image.pullSecrets HashiCorp Consul Prometheus Exporter image pull secrets ## image: registry: docker.io @@ -477,24 +518,29 @@ metrics: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName + pullSecrets: [] ## Consul Prometheus exporter service type ## service: + ## @param metrics.service.type Kubernetes Service type + ## type: ClusterIP - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. + ## @param metrics.service.loadBalancerIP Service Load Balancer IP + ## Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank + ## + loadBalancerIP: "" + ## @param metrics.service.annotations [object] Provide any additional annotations which may be required. + ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## - ## Use serviceLoadBalancerIP to request a specific static IP, - ## otherwise leave blank - # loadBalancerIP: annotations: prometheus.io/scrape: "true" prometheus.io/port: "9107" - ## Metrics exporter pod Annotation and Labels + ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: @@ -502,48 +548,46 @@ metrics: prometheus.io/port: "9107" ## HashiCorp Consul Prometheus exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the container + ## @param metrics.resources.requests The requested resources for the container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi limits: {} - # cpu: 100m - # memory: 128Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi requests: {} - # cpu: 100m - # memory: 128Mi ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator ## serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator, set to true to create a Service Monitor Entry ## enabled: false - ## Specify the namespace in which the serviceMonitor resource will be created + ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created ## - # namespace: "" - ## Specify the interval at which metrics should be scraped + namespace: + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped ## interval: 30s - ## Specify the timeout after which the scrape is ended + ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint + scrapeTimeout: + ## @param metrics.serviceMonitor.relabellings Metrics relabellings to add to the scrape endpoint ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint + relabellings: + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false - ## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work + ## @param metrics.serviceMonitor.release Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work ## - # release: "" - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + release: + ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## additionalLabels: {} - -## Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] diff --git a/bitnami/contour/Chart.yaml b/bitnami/contour/Chart.yaml index ddedbce857..706aaa4636 100644 --- a/bitnami/contour/Chart.yaml +++ b/bitnami/contour/Chart.yaml @@ -27,4 +27,4 @@ sources: - https://github.com/envoyproxy/envoy - https://github.com/bitnami/bitnami-docker-contour - https://projectcontour.io -version: 4.3.10 +version: 4.3.11 diff --git a/bitnami/contour/README.md b/bitnami/contour/README.md index bb0650c68a..1c7378aa81 100644 --- a/bitnami/contour/README.md +++ b/bitnami/contour/README.md @@ -50,199 +50,233 @@ $ helm uninstall my-release ## Parameters -The following tables lists the configurable parameters of the contour chart and their default values. - ### Global parameters -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + ### Common parameters -| Parameter | Description | Default | -|----------------------|------------------------------------------------------------------------------------------------------|---------| -| `nameOverride` | String to partially override contour.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override contour.fullname template with a string | `nil` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `nil` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| Name | Description | Value | +| -------------------- | -------------------------------------------------------------------------------------- | ----- | +| `nameOverride` | String to partially override contour.fullname include (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override contour.fullname template | `nil` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `nil` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | -## Contour parameters -| Parameter | Description | Default | -|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `configInline` | Specify the config for contour as a new configMap inline. (this is mutually exclusive with `existingConfigMap`) | `{Quickstart Config}` (evaluated as a template) | -| `existingConfigMap` | Specify an existing configMapName to use. (this is mutually exclusive with `configInline`) | `nil` | -| `contour.enabled` | Contour Deployment creation. | `true` | -| `contour.image.registry` | Contour image registry | `docker.io` | -| `contour.image.repository` | Contour image name | `bitnami/contour` | -| `contour.image.tag` | Contour image tag | `{TAG_NAME}` | -| `contour.pullPolicy` | Contour image pull policy | `IfNotPresent` | -| `contour.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | -| `contour.hostAliases` | Add deployment host aliases | `[]` | -| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | -| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | -| `contour.affinity` | Affinity for contour pod assignment | `{}` (evaluated as a template) | -| `contour.nodeSelector` | Node labels for contour pod assignment | `{}` (evaluated as a template) | -| `contour.tolerations` | Tolerations for contour pod assignment | `[]` (evaluated as a template) | -| `contour.podAnnotations` | Contour Pod annotations | `{}` | -| `contour.serviceAccount.create` | create a serviceAccount for the contour pod | `true` | -| `contour.serviceAccount.name` | use the serviceAccount with the specified name | `""` | -| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | -| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `6` | -| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. Uninstalling will also delete CRDs and their instances. Set to `false`, and install the CRDs manually *before* installing this chart. | `true` | -| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | -| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `3` | -| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `contour.certgen.serviceAccount.create` | create a serviceAccount for the contour pod | `true` | -| `contour.certgen.serviceAccount.name` | use the serviceAccount with the specified name | `""` | -| `contour.tlsExistingSecret` | Name of the existing secret to be use in contour deployment. It will override .tlsExistingSecret, if it is not nil `contour.certgen` will be disabled. | `nil` | -| `contour.securityContext.enabled` | If the pod should run in a securityContext. | `true` | -| `contour.securityContext.runAsNonRoot` | If the pod should run as a non root container. | `true` | -| `contour.securityContext.runAsUser` | define the uid with which the pod will run | `65534` | -| `contour.securityContext.runAsGroup` | define the gid with which the pod will run | `65534` | -| `contour.service.extraPorts` | Service extra ports, normally used with the `sidecar` value. | `[]` (evaluated as a template) | -| `contour.initContainers` | Attach additional init containers to contour pods | `[]` (evaluated as a template) | -| `contour.extraVolumes` | Array to add extra volumes | `[]` | -| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `contour.extraEnvVars` | Array containing extra env vars to be added to all contour containers | `[]` (evaluated as a template) | -| `contour.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all contour containers | `""` (evaluated as a template) | -| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all contour containers | `""` (evaluated as a template) | -| `ingressClass` | Name of the ingress class to route through this controller (defaults to `contour` if `nil`) | `nil` | +### Contour parameters -## Envoy parameters +| Name | Description | Value | +| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `replicaCount` | Number of Contour Pod replicas | `2` | +| `existingConfigMap` | Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) | `nil` | +| `configInline.disablePermitInsecure` | Disable ingressroute permitInsecure field | `false` | +| `configInline.tls.fallback-certificate` | Defines the name/namespace matching a secret to use as the fallback certificate | `nil` | +| `configInline.leaderelection.configmap-namespace` | This needs to be edited by when you deploy to a namespace other than `projectcontour` | `{{ .Release.Namespace }}` | +| `configInline.envoy-service-name` | Envoy service name | `{{ include "common.names.fullname" . }}-envoy` | +| `configInline.accesslog-format` | Access log format | `envoy` | +| `contour.enabled` | Contour Deployment creation. | `true` | +| `contour.image.registry` | Contour image registry | `docker.io` | +| `contour.image.repository` | Contour image name | `bitnami/contour` | +| `contour.image.tag` | Contour image tag | `1.16.0-debian-10-r19` | +| `contour.image.pullPolicy` | Contour Image pull policy | `IfNotPresent` | +| `contour.image.pullSecrets` | Contour Image pull secrets | `[]` | +| `contour.hostAliases` | Add deployment host aliases | `[]` | +| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | +| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | +| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | +| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. | `true` | +| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | +| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | +| `contour.affinity` | Affinity for Contour pod assignment | `{}` | +| `contour.nodeSelector` | Node labels for Contour pod assignment | `{}` | +| `contour.tolerations` | Tolerations for Contour pod assignment | `[]` | +| `contour.podAnnotations` | Contour Pod annotations | `{}` | +| `contour.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | +| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | +| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | +| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | +| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.securityContext.enabled` | If the pod should run in a securityContext. | `true` | +| `contour.securityContext.runAsNonRoot` | If the pod should run as a non root container. | `true` | +| `contour.securityContext.runAsUser` | define the uid with which the pod will run | `1001` | +| `contour.securityContext.runAsGroup` | define the gid with which the pod will run | `1001` | +| `contour.certgen.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.certgen.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.tlsExistingSecret` | Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. | `contourcert` | +| `contour.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `contour.initContainers` | Attach additional init containers to Contour pods | `[]` | +| `contour.extraVolumes` | Array to add extra volumes | `[]` | +| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `contour.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | +| `contour.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | +| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | +| `contour.ingressClass` | Name of the ingress class to route through this controller | `contour` | + + +### Envoy parameters + +| Name | Description | Value | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `envoy.enabled` | Envoy Proxy Daemonset creation | `true` | +| `envoy.image.registry` | Envoy Proxy image registry | `docker.io` | +| `envoy.image.repository` | Envoy Proxy image repository | `bitnami/envoy` | +| `envoy.image.tag` | Envoy Proxy image tag (immutable tags are recommended) | `1.17.3-debian-10-r34` | +| `envoy.image.pullPolicy` | Envoy image pull policy | `IfNotPresent` | +| `envoy.image.pullSecrets` | Envoy image pull secrets | `[]` | +| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | +| `envoy.hostAliases` | Add deployment host aliases | `[]` | +| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | +| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | +| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | +| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | +| `envoy.affinity` | Affinity for Envoy pod assignment | `{}` | +| `envoy.nodeSelector` | Node labels for Envoy pod assignment | `{}` | +| `envoy.tolerations` | Tolerations for Envoy pod assignment | `[]` | +| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | +| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | +| `envoy.containerSecurityContext.enabled` | Envoy Container securityContext | `true` | +| `envoy.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `0` | +| `envoy.hostNetwork` | Envoy Pod host network access | `false` | +| `envoy.dnsPolicy` | Envoy Pod Dns Policy's DNS Policy | `ClusterFirst` | +| `envoy.tlsExistingSecret` | Name of the existingSecret to be use in Envoy deployment | `envoycert` | +| `envoy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `envoy.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | +| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | +| `envoy.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `envoy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `envoy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `envoy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `envoy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `envoy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | +| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | +| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `envoy.terminationGracePeriodSeconds` | Envoy termination grace period in seconds | `300` | +| `envoy.logLevel` | Envoy log level | `info` | +| `envoy.service.type` | Type of Envoy service to create | `LoadBalancer` | +| `envoy.service.externalTrafficPolicy` | Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer | `Local` | +| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | +| `envoy.service.externalIPs` | Envoy service external IP addresses | `[]` | +| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | +| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | +| `envoy.service.annotations` | Annotations for Envoy service | `{}` | +| `envoy.service.ports.http` | Sets service http port | `80` | +| `envoy.service.ports.https` | Sets service https port | `443` | +| `envoy.service.nodePorts.http` | HTTP Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.nodePorts.https` | HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `envoy.useHostPort` | Enable/disable `hostPort` for TCP/80 and TCP/443 | `true` | +| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | +| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | +| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | +| `envoy.hostIPs.http` | Sets `hostIP` http IP | `127.0.0.1` | +| `envoy.hostIPs.https` | Sets `hostIP` https IP | `127.0.0.1` | +| `envoy.containerPorts.http` | Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `80` | +| `envoy.containerPorts.https` | Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `443` | +| `envoy.initContainers` | Attach additional init containers to Envoy pods | `[]` | +| `envoy.extraVolumes` | Array to add extra volumes | `[]` | +| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `envoy.extraEnvVars` | Array containing extra env vars to be added to all Envoy containers | `[]` | +| `envoy.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all Envoy containers | `""` | +| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Envoy containers | `""` | -| Parameter | Description | Default | -|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `envoy.enabled` | Envoy Proxy Daemonset creation. | `true` | -| `envoy.image.registry` | Envoy Proxy image registry | `docker.io` | -| `envoy.image.repository` | Envoy Proxy image name | `bitnami/envoy` | -| `envoy.image.tag` | Envoy Proxy image tag | `{TAG_NAME}` | -| `envoy.pullPolicy` | Envoy Proxy image pull policy | `IfNotPresent` | -| `envoy.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | -| `envoy.hostAliases` | Add deployment host aliases | `[]` | -| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | -| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | -| `envoy.affinity` | Affinity for envoy pod assignment | `{}` (evaluated as a template) | -| `envoy.nodeSelector` | Node labels for envoy pod assignment | `{}` (evaluated as a template) | -| `envoy.tolerations` | Tolerations for envoy pod assignment | `[]` (evaluated as a template) | -| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | -| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | -| `envoy.containerSecurityContext.enabled` | Envoy Container securityContext | `true` | -| `envoy.containerSecurityContext.runAsUser` | User ID for the envoy container (to change this, http and https containerPorts must be set to >1024) | `0` | -| `envoy.dnsPolicy` | Envoy Pod Dns Policy | `ClusterFirst` | -| `envoy.tlsExistingSecret` | Name of the existing secret to be use in envoy deployment. It will override .tlsExistingSecret, if it is not nil `contour.certgen` will be disabled. | `nil` | -| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | -| `envoy.hostNetwork` | Envoy Pod host network access | `false` | -| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | -| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | -| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | -| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `3` | -| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `envoy.service.type` | Type of envoy service to create | `LoadBalancer` | -| `envoy.service.externalTrafficPolicy` | If `envoy.service.type` is NodePort or LoadBalancer, set this to Local to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `Local` | -| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | -| `envoy.service.externalIPs` | Envoy service external IP addresses. | `[]` | -| `envoy.service.extraPorts` | Service extra ports, normally used with the `sidecar` value. | `[]` (evaluated as a template) | -| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `envoy.service.annotations` | Annotations for envoy service | `{}` | -| `envoy.service.ports.http` | Sets service http port | `80` | -| `envoy.service.ports.https` | Sets service https port | `443` | -| `envoy.service.nodePorts.http` | If `envoy.service.type` is NodePort and this is non-empty, it sets the nodePort that maps to envoys http port | `""` | -| `envoy.service.nodePorts.https` | If `envoy.service.type` is NodePort and this is non-empty, it sets the nodePort that maps to envoys https port | `""` | -| `envoy.useHostPort` | Enable/disable `hostPort` for TCP/80 and TCP/443 | `true` | -| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | -| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | -| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | -| `envoy.hostIPs.http` | Sets `hostIP` http IP | `"127.0.0.1"` | -| `envoy.hostIPs.https` | Sets `hostIP` https IP | `"127.0.0.1"` | -| `envoy.containerPorts.http` | Sets http port inside envoy pod (change this to >1024 to run envoy as a non-root user) | `80` | -| `envoy.containerPorts.https` | Sets https port inside envoy pod (change this to >1024 to run envoy as a non-root user) | `443` | -| `envoy.initContainers` | Attach additional init containers to envoy pods | `[]` (evaluated as a template) | -| `envoy.extraVolumes` | Array to add extra volumes | `[]` | -| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `envoy.extraEnvVars` | Array containing extra env vars to be added to all envoy containers | `[]` (evaluated as a template) | -| `envoy.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all envoy containers | `""` (evaluated as a template) | -| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all envoy containers | `""` (evaluated as a template) | ### Default backend parameters -| Parameter | Description | Default | -|--------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | -| `defaultBackend.image.registry` | Default backend image registry | `docker.io` | -| `defaultBackend.image.repository` | Default backend image name | `bitnami/nginx` | -| `defaultBackend.image.tag` | Default backend image tag | `{TAG_NAME}` | -| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | -| `defaultBackend.containerPort` | HTTP container port number | `8080` | -| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | -| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | -| `defaultBackend.podSecurityContext` | Default backend pods' Security Context | Check `values.yaml` file | -| `defaultBackend.containerSecurityContext` | Default backend containers' Security Context | Check `values.yaml` file | -| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | -| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | -| `defaultBackend.livenessProbe` | Liveness probe configuration for Default backend | Check `values.yaml` file | -| `defaultBackend.readinessProbe` | Readiness probe configuration for Default backend | Check `values.yaml` file | -| `defaultBackend.customLivenessProbe` | Override default liveness probe | `{}` (evaluated as a template) | -| `defaultBackend.customReadinessProbe` | Override default readiness probe | `{}` (evaluated as a template) | -| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `defaultBackend.affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `defaultBackend.nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `defaultBackend.tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` (evaluated as a template) | -| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` (evaluated as a template) | -| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | -| `defaultBackend.pdb.create` | Enable/disable a Pod Disruption Budget creation for Default backend | `false` | -| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | -| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that may be made unavailable | `nil` | -| `defaultBackend.service.type` | Service type | `ClusterIP` | -| `defaultBackend.service.port` | Service port | `80` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ----------------------- | +| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | +| `defaultBackend.image.registry` | Default backend image registry | `docker.io` | +| `defaultBackend.image.repository` | Default backend image name | `bitnami/nginx` | +| `defaultBackend.image.tag` | Default backend image tag | `1.19.10-debian-10-r61` | +| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | +| `defaultBackend.containerPort` | HTTP container port number | `8080` | +| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | +| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | +| `defaultBackend.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | +| `defaultBackend.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | +| `defaultBackend.containerSecurityContext.enabled` | Default backend container securityContext | `true` | +| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `1001` | +| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | +| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | +| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `defaultBackend.livenessProbe.httpGet` | Path, port and scheme for the livenessProbe | `{}` | +| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `defaultBackend.readinessProbe.httpGet` | Path, port and scheme for the readinessProbe | `{}` | +| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `defaultBackend.customLivenessProbe` | Override default liveness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.customReadinessProbe` | Override default readiness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | +| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | +| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | +| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `defaultBackend.affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | +| `defaultBackend.service.type` | Service type | `ClusterIP` | +| `defaultBackend.service.port` | Service port | `80` | +| `defaultBackend.pdb.create` | | `false` | +| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | +| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that should remain scheduled | `nil` | -### Other parameters - -| Parameter | Description | Default | -|---------------------|----------------------------------------------------------------------------------------------------------------------|---------| -| `tlsExistingSecret` | Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. | `nil` | -| `rbac.create` | create the RBAC roles for API accessibility | `true` | ### Metrics parameters -| Parameter | Description | Default | -|-----------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|-----------| -| `prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `true` | -| `prometheus.serviceMonitor.namespace` | Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) | `nil` | -| `prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `contour` | -| `prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use default prometheus scrapeIntervall | `""` | -| `prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | -| `prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | +| `prometheus.serviceMonitor.namespace` | Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) | `nil` | +| `prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | +| `prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. | `""` | +| `prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | +| `prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | + + +### Other parameters + +| Name | Description | Value | +| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `rbac.create` | Create the RBAC roles for API accessibility | `true` | +| `tlsExistingSecret` | Name of the existing secret to be use in envoy deployment. It will override .tlsExistingSecret, if it is not nil `contour.certgen` will be disabled. | `certs-secret` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/contour/values.yaml b/bitnami/contour/values.yaml index afc41bc5d0..b1c0fdebe7 100644 --- a/bitnami/contour/values.yaml +++ b/bitnami/contour/values.yaml @@ -1,76 +1,103 @@ -## Default values for contour. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. -## - +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## To configure Contour, you must specify ONE of the following two -## options. -# -## existingConfigMap specifies the name of an externally-defined -## ConfigMap to use as the configuration. Helm will not manage the -## contents of this ConfigMap, it is your responsibility to create it. -# -# existingConfigMap: contour -# -## configInline specifies Contour's configuration directly, in yaml -## format. When configInline is used, Helm manages Contour's -## configuration ConfigMap as part of the release, and -## existingConfigMap is ignored. -## Refer to https://projectcontour.io/docs/v1.2.1/configuration/ for -## available options. +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Common parameters + +## @param nameOverride String to partially override contour.fullname include (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override contour.fullname template +## +fullnameOverride: +## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) +## +ingress: + apiVersion: +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: + +## @section Contour parameters + +## @param replicaCount Number of Contour Pod replicas +## +replicaCount: 2 +## To configure Contour, you must specify ONE of the following two options. +## @param existingConfigMap Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) +## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it. +## e.g: +## existingConfigMap: contour +## +existingConfigMap: +## configInline specifies Contour's configuration directly, in yaml format. +## When configInline is used, Helm manages +## Contour's configuration ConfigMap as part of the release, and existingConfigMap is ignored. +## Refer to https://projectcontour.io/docs/v1.2.1/configuration/ for available options. ## Evaluated as a template -# +## configInline: - # should contour expect to be running inside a k8s cluster + ## Should Contour expect to be running inside a k8s cluster # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) + ## + ## path to kubeconfig (if not running inside a k8s cluster) # kubeconfig: /path/to/.kube/config - # - # Client request timeout to be passed to Envoy - # as the connection manager request_timeout. - # Defaults to 0, which Envoy interprets as disabled. - # Note that this is the timeout for the whole request, - # not an idle timeout. + ## + ## Client request timeout to be passed to Envoy as the connection manager request_timeout. + ## Defaults to 0, which Envoy interprets as disabled. Note that this is the timeout for the whole request, + ## not an idle timeout. # request-timeout: 0s - # disable ingressroute permitInsecure field + ## + ## @param configInline.disablePermitInsecure Disable ingressroute permitInsecure field + ## disablePermitInsecure: false tls: - # minimum TLS version that Contour will negotiate + ## Minimum TLS version that Contour will negotiate # minimum-protocol-version: "1.1" - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. + ## + ## @param configInline.tls.fallback-certificate Defines the name/namespace matching a secret to use as the fallback certificate + ## Used when requests which don't match the SNI defined for a vhost. + ## Example: + ## fallback-certificate: + ## name: fallback-secret-name + ## namespace: '{{ .Release.Namespace }}' + ## fallback-certificate: - # name: fallback-secret-name - # namespace: '{{ .Release.Namespace }}' - # The following config shows the defaults for the leader election. - ## This needs to be edited by when you deploy to a namespace other than projectcontour + ## The following config shows the defaults for the leader election. ## leaderelection: + ## Configmap name for leader election # configmap-name: leader-elect + ## @param configInline.leaderelection.configmap-namespace This needs to be edited by when you deploy to a namespace other than `projectcontour` + ## configmap-namespace: '{{ .Release.Namespace }}' + ## @param configInline.envoy-service-name Envoy service name ## The expression used here is the same as in templates/envoy/service.yaml and ensures that Contour is using the configured - # envoy service name so it can automatically update the ingress.status field. + ## Envoy service name so it can automatically update the ingress.status field. envoy-service-name: '{{ include "common.names.fullname" . }}-envoy' - ### Logging options - # Default setting + ## Logging options + ## @param configInline.accesslog-format Access log format + ## To enable JSON logging in Envoy + ## accesslog-format: json + ## accesslog-format: envoy - # To enable JSON logging in Envoy + ## To enable JSON logging in Envoy # accesslog-format: json - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields + ## The default fields that will be logged are specified below. + ## To customise this list, just add or remove entries. + ## The canonical list is available at https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields # json-fields: # - "@timestamp" # - "authority" @@ -105,42 +132,16 @@ configInline: # stream-idle-timeout: 5m # max-connection-duration: infinity # connection-shutdown-grace-period: 5s - -## Name of the ingress class to route through this controller -## -# ingressClass: contour - -## Force target Kubernetes version (using Helm capabilites if not set) -## -kubeVersion: - -## Force Ingress API version (automatically detected if not set) -## -ingress: - apiVersion: - -## String to partially override contour.fullname include (will maintain the release name) -## -# nameOverride: - -## String to fully override contour.fullname template -## -# fullnameOverride: - -## Number of contour Pod replicas -## -replicaCount: 2 - -rbac: - # create specifies whether to install and use RBAC rules. - create: true - -## Name of the existingSecret to be use in both contour and envoy -## -# tlsExistingSecret: certs-secret - contour: + ## @param contour.enabled Contour Deployment creation. + ## enabled: true + ## @param contour.image.registry Contour image registry + ## @param contour.image.repository Contour image name + ## @param contour.image.tag Contour image tag + ## @param contour.image.pullPolicy Contour Image pull policy + ## @param contour.image.pullSecrets Contour Image pull secrets + ## image: registry: docker.io repository: bitnami/contour @@ -153,101 +154,98 @@ contour: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Deployment pod host aliases + pullSecrets: [] + ## @param contour.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - - ## Extra arguments passed to Contour container + ## @param contour.extraArgs Extra arguments passed to Contour container ## extraArgs: [] - ## Contour container resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param contour.resources.limits Specify resource limits which the container is not allowed to succeed. + ## @param contour.resources.requests Specify resource requests which the container needs to spawn. ## resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## + ## Example: + ## limits: + ## cpu: 400m + ## memory: 258Mi limits: {} - # cpu: 400m - # memory: 250Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 25Mi requests: {} - # cpu: 100m - # memory: 25Mi - - ## Manage the creation, upgrade and deletion of Contour CRDs. + ## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs. + ## manageCRDs: true - - ## Pod affinity preset + ## @param contour.podAffinityPreset Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAffinityPreset: '' - - ## Pod anti-affinity preset + ## @param contour.podAntiAffinityPreset Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard + ## @param contour.nodeAffinityPreset.type Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param contour.nodeAffinityPreset.key Contour Node label key to match Ignored if `affinity` is set. + ## @param contour.nodeAffinityPreset.values Contour Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## type: '' - ## Node label key to match ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: '' - ## Node label values to match ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment + ## @param contour.affinity Affinity for Contour pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment + ## @param contour.nodeSelector Node labels for Contour pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param contour.tolerations Tolerations for Contour pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Pod annotations + ## @param contour.podAnnotations Contour Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - + ## @param contour.serviceAccount.create Create a serviceAccount for the Contour pod + ## @param contour.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template + ## serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: '' - + ## @param contour.livenessProbe.enabled Enable/disable the Liveness probe + ## @param contour.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param contour.livenessProbe.periodSeconds How often to perform the probe + ## @param contour.livenessProbe.timeoutSeconds When the probe times out + ## @param contour.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param contour.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## livenessProbe: enabled: true initialDelaySeconds: 120 @@ -255,7 +253,13 @@ contour: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - + ## @param contour.readinessProbe.enabled Enable/disable the readiness probe + ## @param contour.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param contour.readinessProbe.periodSeconds How often to perform the probe + ## @param contour.readinessProbe.timeoutSeconds When the probe times out + ## @param contour.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param contour.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## readinessProbe: enabled: true initialDelaySeconds: 15 @@ -263,34 +267,34 @@ contour: timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 - + ## @param contour.securityContext.enabled If the pod should run in a securityContext. + ## @param contour.securityContext.runAsNonRoot If the pod should run as a non root container. + ## @param contour.securityContext.runAsUser define the uid with which the pod will run + ## @param contour.securityContext.runAsGroup define the gid with which the pod will run + ## securityContext: enabled: true runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 - + ## @param contour.certgen.serviceAccount.create Create a serviceAccount for the Contour pod + ## @param contour.certgen.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template + ## certgen: serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: '' - - ## Name of the existingSecret to be use in contour deployment. It will override .tlsExistingSecret + ## @param contour.tlsExistingSecret Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. + ## It will override `tlsExistingSecret` ## - # tlsExistingSecret: contour-certs - + tlsExistingSecret: ## Contour Service properties + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## @param contour.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## service: - ## Extra ports to expose (normally used with the `sidecar` value) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## extraPorts: [] - - ## Add init containers to the pod + ## @param contour.initContainers Attach additional init containers to Contour pods ## For example: ## initContainers: ## - name: your-image-name @@ -298,33 +302,43 @@ contour: ## imagePullPolicy: Always ## initContainers: [] - - ## Array to add extra volumes + ## @param contour.extraVolumes Array to add extra volumes ## extraVolumes: [] - - ## Array to add extra mounts (normally used with extraVolumes) + ## @param contour.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) ## extraVolumeMounts: [] - - ## An array to add extra env vars + ## @param contour.extraEnvVars Array containing extra env vars to be added to all Contour containers ## For example: ## extraEnvVars: ## - name: MY_ENV_VAR ## value: env_var_value ## extraEnvVars: [] - - ## Name of a ConfigMap containing extra env vars + ## @param contour.extraEnvVarsConfigMap ConfigMap containing extra env vars to be added to all Contour containers ## extraEnvVarsConfigMap: '' - - ## Name of a Secret containing extra env vars + ## @param contour.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers ## extraEnvVarsSecret: '' + ## @param contour.ingressClass Name of the ingress class to route through this controller + ## + ingressClass: contour + +## @section Envoy parameters envoy: + ## @param envoy.enabled Envoy Proxy Daemonset creation + ## enabled: true + ## Bitnami Envoy image + ## ref: https://hub.docker.com/r/bitnami/envoy/tags/ + ## @param envoy.image.registry Envoy Proxy image registry + ## @param envoy.image.repository Envoy Proxy image repository + ## @param envoy.image.tag Envoy Proxy image tag (immutable tags are recommended) + ## @param envoy.image.pullPolicy Envoy image pull policy + ## @param envoy.image.pullSecrets Envoy image pull secrets + ## image: registry: docker.io repository: bitnami/envoy @@ -337,129 +351,121 @@ envoy: ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Extra arguments passed to Envoy container + pullSecrets: [] + ## @param envoy.extraArgs Extra arguments passed to Envoy container ## extraArgs: [] - - ## Deployment pod host aliases + ## @param envoy.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - ## Envoy container resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ - ## + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param envoy.resources.limits Specify resource limits which the container is not allowed to succeed. + ## @param envoy.resources.requests Specify resource requests which the container needs to spawn. resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## + ## Example: + ## limits: + ## cpu: 400m + ## memory: 250Mi limits: {} - # cpu: 400m - # memory: 250Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 25Mi requests: {} - # cpu: 100m - # memory: 25Mi - - ## Pod affinity preset + ## @param envoy.podAffinityPreset Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: '' - - ## Pod anti-affinity preset + ## @param envoy.podAntiAffinityPreset Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: '' - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard + ## @param envoy.nodeAffinityPreset.type Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param envoy.nodeAffinityPreset.key Envoy Node label key to match Ignored if `affinity` is set. + ## @param envoy.nodeAffinityPreset.values Envoy Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: '' - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: '' - ## Node label values to match + type: "" + key: "" ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment + ## @param envoy.affinity Affinity for Envoy pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment + ## @param envoy.nodeSelector Node labels for Envoy pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param envoy.tolerations Tolerations for Envoy pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Pod annotations + ## @param envoy.podAnnotations Envoy Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - ## Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param envoy.podSecurityContext.enabled Envoy Pod securityContext ## podSecurityContext: enabled: false - - ## Envoy container security context - envoy needs to run as root to bind to 80, 443 + ## Envoy container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param envoy.containerSecurityContext.enabled Envoy Container securityContext + ## @param envoy.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) ## containerSecurityContext: enabled: true runAsUser: 0 - - ## Pod host network access + ## @param envoy.hostNetwork Envoy Pod host network access ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces ## hostNetwork: false - - ## Pod's DNS Policy + ## @param envoy.dnsPolicy Envoy Pod Dns Policy's DNS Policy ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy ## dnsPolicy: ClusterFirst - - ## Name of the existingSecret to be use in envoy deployment + ## @param envoy.tlsExistingSecret Name of the existingSecret to be use in Envoy deployment + ## + tlsExistingSecret: + ## @param envoy.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param envoy.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template + ## @param envoy.serviceAccount.automountServiceAccountToken Whether to auto mount API credentials for a service account + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server ## - # tlsExistingSecret: envoy-certs - serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: '' - ## Automount API credentials for a service account. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## automountServiceAccountToken: false - + ## @param envoy.livenessProbe.enabled Enable livenessProbe + ## @param envoy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param envoy.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param envoy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param envoy.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param envoy.livenessProbe.successThreshold Success threshold for livenessProbe + ## livenessProbe: enabled: true initialDelaySeconds: 120 @@ -467,7 +473,13 @@ envoy: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - + ## @param envoy.readinessProbe.enabled Enable/disable the readiness probe + ## @param envoy.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param envoy.readinessProbe.periodSeconds How often to perform the probe + ## @param envoy.readinessProbe.timeoutSeconds When the probe times out + ## @param envoy.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param envoy.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## readinessProbe: enabled: true initialDelaySeconds: 10 @@ -475,73 +487,83 @@ envoy: timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 - + ## @param envoy.terminationGracePeriodSeconds Envoy termination grace period in seconds + ## terminationGracePeriodSeconds: 300 - + ## @param envoy.logLevel Envoy log level + ## logLevel: info - ## Envoy Service properties ## service: - ## Service type + ## @param envoy.service.type Type of Envoy service to create ## type: LoadBalancer + ## @param envoy.service.externalTrafficPolicy Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer + ## externalTrafficPolicy: Local - # clusterIP: "" - # externalIPs: [] - # loadBalancerIP: "" - # loadBalancerSourceRanges: [] - - ## Service annotations + ## @param envoy.service.clusterIP Internal envoy cluster service IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param envoy.service.externalIPs Envoy service external IP addresses + ## + externalIPs: [] + ## @param envoy.service.loadBalancerIP IP address to assign to load balancer (if supported) + ## + loadBalancerIP: "" + ## @param envoy.service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported) + ## + loadBalancerSourceRanges: [] + ## @param envoy.service.annotations Annotations for Envoy service ## annotations: {} - ports: - ## HTTP Port + ## @param envoy.service.ports.http Sets service http port ## http: 80 - ## HTTPS Port + ## @param envoy.service.ports.https Sets service https port ## https: 443 - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param envoy.service.nodePorts.http HTTP Port. If `envoy.service.type` is NodePort and this is non-empty + ## @param envoy.service.nodePorts.https HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty ## nodePorts: http: '' https: '' - - ## Extra ports to expose (normally used with the `sidecar` value) + ## @param envoy.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services ## extraPorts: [] - - ## Use hostPorts + ## @param envoy.useHostPort Enable/disable `hostPort` for TCP/80 and TCP/443 ## useHostPort: true - ## Use hostIPs + ## @param envoy.useHostIP Enable/disable `hostIP` ## useHostIP: false - - ## HTTP and HTTPS ports + ## @param envoy.hostPorts.http Sets `hostPort` http port + ## @param envoy.hostPorts.https Sets `hostPort` https port ## hostPorts: http: 80 https: 443 - - ## HTTP and HTTPS IPs + ## @param envoy.hostIPs.http Sets `hostIP` http IP + ## @param envoy.hostIPs.https Sets `hostIP` https IP ## hostIPs: http: 127.0.0.1 https: 127.0.0.1 - ## Configures the ports the Envoy proxy listens on + ## @param envoy.containerPorts.http Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) + ## @param envoy.containerPorts.https Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) ## containerPorts: http: 80 https: 443 - - ## Add init containers to the pod + ## @param envoy.initContainers Attach additional init containers to Envoy pods ## For example: ## initContainers: ## - name: your-image-name @@ -549,51 +571,41 @@ envoy: ## imagePullPolicy: Always ## initContainers: [] - - ## Array to add extra volumes + ## @param envoy.extraVolumes Array to add extra volumes ## extraVolumes: [] - - ## Array to add extra mounts (normally used with extraVolumes) + ## @param envoy.extraVolumeMounts Array to add extra mounts (normally used with extraVolumes) ## extraVolumeMounts: [] - - ## An array to add extra env vars + ## @param envoy.extraEnvVars Array containing extra env vars to be added to all Envoy containers ## For example: ## extraEnvVars: ## - name: MY_ENV_VAR ## value: env_var_value ## extraEnvVars: [] - - ## Name of a ConfigMap containing extra env vars + ## @param envoy.extraEnvVarsConfigMap ConfigMap containing extra env vars to be added to all Envoy containers ## extraEnvVarsConfigMap: '' - - ## Name of a Secret containing extra env vars + ## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers ## extraEnvVarsSecret: '' -prometheus: - # Prometheus Operator service monitors - serviceMonitor: - # namespace for the service monitor - namespace: - # enable support for Prometheus Operator - enabled: false - # Job label for scrape target - jobLabel: 'app.kubernetes.io/name' - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: '' - metricRelabelings: [] - relabelings: [] +## @section Default backend parameters ## Default 404 backend ## defaultBackend: + ## @param defaultBackend.enabled Enable a default backend based on NGINX + ## enabled: false ## Bitnami NGINX image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ + ## @param defaultBackend.image.registry Default backend image registry + ## @param defaultBackend.image.repository Default backend image name + ## @param defaultBackend.image.tag Default backend image tag + ## @param defaultBackend.image.pullPolicy Image pull policy + ## @param defaultBackend.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io @@ -612,52 +624,63 @@ defaultBackend: ## - myRegistryKeySecretName ## pullSecrets: [] - - ## Additional command line arguments to pass to NGINX backend + ## @param defaultBackend.extraArgs Additional command line arguments to pass to NGINX container ## extraArgs: {} + ## @param defaultBackend.containerPort HTTP container port number + ## containerPort: 8080 - - ## Deployment pod host aliases + ## @param defaultBackend.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - - ## Number of replicas + ## @param defaultBackend.replicaCount Desired number of default backend pods ## replicaCount: 1 - ## Default backend pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param defaultBackend.podSecurityContext.enabled Default backend Pod securityContext + ## @param defaultBackend.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 - ## Default backend containers' Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultBackend.containerSecurityContext.enabled Default backend container securityContext + ## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) ## containerSecurityContext: enabled: true runAsUser: 1001 - ## Default backend containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + ## @param defaultBackend.resources.limits The resources limits for the Default backend container + ## @param defaultBackend.resources.requests The requested resources for the Default backend container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 250m + ## memory: 256Mi limits: {} - # cpu: 250m - # memory: 256Mi + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi requests: {} - # cpu: 250m - # memory: 256Mi - - ## Default backend containers' liveness and readiness probes. Evaluated as a template. + ## Default backend containers' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe + ## @param defaultBackend.livenessProbe.httpGet [object] Path, port and scheme for the livenessProbe + ## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -670,6 +693,16 @@ defaultBackend: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + ## Default backend containers' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param defaultBackend.readinessProbe.enabled Enable readinessProbe + ## @param defaultBackend.readinessProbe.httpGet [object] Path, port and scheme for the readinessProbe + ## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true httpGet: @@ -681,95 +714,106 @@ defaultBackend: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 - - ## Custom liveness and readiness probes, it overrides the default one (evaluated as a template) + ## @param defaultBackend.customLivenessProbe Override default liveness probe, it overrides the default one (evaluated as a template) ## customLivenessProbe: {} + ## @param defaultBackend.customReadinessProbe Override default readiness probe, it overrides the default one (evaluated as a template) + ## customReadinessProbe: {} - - ## Pod extra labels + ## @param defaultBackend.podLabels Extra labels for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} - - ## Pod annotations + ## @param defaultBackend.podAnnotations Annotations for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - - ## priorityClassName + ## @param defaultBackend.priorityClassName Priority class assigned to the pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: '' - - ## Pod affinity preset + ## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" - - ## Pod anti-affinity preset + ## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## @param defaultBackend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## key: "" - ## Node label values to match ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment. Evaluated as a template. + ## @param defaultBackend.affinity Affinity for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment. Evaluated as a template. + ## @param defaultBackend.nodeSelector Node labels for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment. Evaluated as a template. + ## @param defaultBackend.tolerations Tolerations for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - ## Default backend Service parameters + ## @param defaultBackend.service.type Service type + ## @param defaultBackend.service.port Service port ## service: - ## Service type - ## type: ClusterIP - ## Service port - ## port: 80 - + ## PodDisruptionBudget for default backend ## Default backend Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## @param defaultBackend.pdb.create + ## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled + ## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled ## pdb: create: false - ## Min number of pods that must still be available after the eviction - ## minAvailable: 1 - ## Max number of pods that can be unavailable after the eviction - ## - # maxUnavailable: 1 + maxUnavailable: + +## @section Metrics parameters + +## Prometheus Operator service monitors +## @param prometheus.serviceMonitor.namespace Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) +## @param prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator. +## @param prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator +## @param prometheus.serviceMonitor.interval Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. +## @param prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics. +## @param prometheus.serviceMonitor.relabelings Specify general relabeling. +## +prometheus: + serviceMonitor: + namespace: + enabled: false + jobLabel: 'app.kubernetes.io/name' + interval: '' + metricRelabelings: [] + relabelings: [] + +## @section Other parameters + +## @param rbac.create Create the RBAC roles for API accessibility +## +rbac: + create: true +## @param tlsExistingSecret Name of the existing secret to be use in envoy deployment. It will override .tlsExistingSecret, if it is not nil `contour.certgen` will be disabled. +## +tlsExistingSecret: