Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 06:58:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
32912fd449cdadc7f30a1400a084bb8977101571
charts/bitnami/contour/values.yaml
Bitnami Bot e8bb5bba9f [bitnami/contour] Release 19.5.4 (#31548) 
* [bitnami/contour] Release 19.5.4 updating components versions

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2025-01-24 12:49:12 +01:00

1863 lines
83 KiB
YAML
Raw Blame History

# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets [array] Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param nameOverride String to partially override contour.fullname include (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override contour.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param extraDeploy [array] Array of extra objects to deploy with the release
##
extraDeploy: []
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## Diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command [array] Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args [array] Args to override all containers in the deployment
##
args:
- infinity
## @section Contour parameters
##
## To configure Contour, you must specify ONE of the following two options.
## @param existingConfigMap Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`)
## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it.
## e.g:
## existingConfigMap: contour
##
existingConfigMap: ""
## @param configInline [object] Specifies Contour's configuration directly in YAML format
## When configInline is used, Helm manages Contour's configuration ConfigMap as
## part of the release, and existingConfigMap is ignored.
## Refer to https://projectcontour.io/docs/latest/configuration for available options.
##
configInline:
disablePermitInsecure: false
tls:
fallback-certificate: {}
accesslog-format: envoy
contour:
## @param contour.enabled Contour Deployment creation.
##
enabled: true
## @param contour.image.registry [default: REGISTRY_NAME] Contour image registry
## @param contour.image.repository [default: REPOSITORY_NAME/contour] Contour image name
## @skip contour.image.tag Contour image tag
## @param contour.image.digest Contour image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param contour.image.pullPolicy Contour Image pull policy
## @param contour.image.pullSecrets [array] Contour Image pull secrets
## @param contour.image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/contour
tag: 1.30.2-debian-12-r2
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
debug: false
## @param contour.contourConfigName Contour Deployment with ContourConfiguration CRD.
#
contourConfigName: "contour"
## @param contour.configPath Contour Deployment with configmap.
##
configPath: true
## @param contour.replicaCount Number of Contour Pod replicas
#
replicaCount: 1
## @param contour.priorityClassName Priority class assigned to the pods
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
##
priorityClassName: ""
## @param contour.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param contour.terminationGracePeriodSeconds In seconds, time the given to the Contour pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param contour.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## Configures the ports the Envoy proxy listens on
## @param contour.containerPorts.xds Set xds port inside Contour pod
## @param contour.containerPorts.metrics Set metrics port inside Contour pod
##
containerPorts:
xds: 8001
metrics: 8000
## @param contour.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param contour.hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param contour.updateStrategy Strategy to use to update Pods
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy: {}
## @param contour.extraArgs [array] Extra arguments passed to Contour container
##
extraArgs: []
## Contour container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## ref: https://projectcontour.io/guides/resource-limits/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param contour.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if contour.resources is set (contour.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param contour.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs.
##
manageCRDs: true
## @param contour.envoyServiceNamespace Namespace of the envoy service to inspect for Ingress status details.
##
envoyServiceNamespace: ""
## Name of the envoy service to inspect for Ingress status details.
## @param contour.envoyServiceName DEPRECATED: use envoy.service.name
##
envoyServiceName: ""
## @param contour.leaderElectionResourceName Name of the contour (Lease) leader election will lease.
##
leaderElectionResourceName: ""
## @param contour.ingressStatusAddress Address to set in Ingress object status. It is exclusive with `envoyServiceName` and `envoyServiceNamespace`.
##
ingressStatusAddress: ""
## @param contour.podAffinityPreset Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param contour.podAntiAffinityPreset Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## @param contour.podLabels [object] Extra labels for Contour pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param contour.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup.
##
lifecycleHooks: {}
## @param contour.customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param contour.customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param contour.customStartupProbe Override default startup probe
##
customStartupProbe: {}
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param contour.nodeAffinityPreset.type Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param contour.nodeAffinityPreset.key Contour Node label key to match Ignored if `affinity` is set.
## @param contour.nodeAffinityPreset.values [array] Contour Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param contour.command Override default command
##
command: []
## @param contour.args Override default args
##
args: []
## @param contour.affinity [object] Affinity for Contour pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param contour.nodeSelector [object] Node labels for Contour pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param contour.tolerations [array] Tolerations for Contour pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param contour.podAnnotations [object] Contour Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param contour.serviceAccount.create Create a serviceAccount for the Contour pod
## @param contour.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template
## @param contour.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param contour.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## Contour Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param contour.podSecurityContext.enabled Default backend Pod securityContext
## @param contour.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param contour.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param contour.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param contour.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Envoy container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param contour.containerSecurityContext.enabled Enabled contour containers' Security Context
## @param contour.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param contour.containerSecurityContext.runAsUser Set contour containers' Security Context runAsUser
## @param contour.containerSecurityContext.runAsGroup Set contour containers' Security Context runAsGroup
## @param contour.containerSecurityContext.runAsNonRoot Set contour containers' Security Context runAsNonRoot
## @param contour.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param contour.containerSecurityContext.privileged Set contour container's Security Context privileged
## @param contour.containerSecurityContext.allowPrivilegeEscalation Set contour container's Security Context allowPrivilegeEscalation
## @param contour.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param contour.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
## @param contour.livenessProbe.enabled Enable/disable the Liveness probe
## @param contour.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
## @param contour.livenessProbe.periodSeconds How often to perform the probe
## @param contour.livenessProbe.timeoutSeconds When the probe times out
## @param contour.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param contour.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
livenessProbe:
enabled: true
initialDelaySeconds: 120
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param contour.readinessProbe.enabled Enable/disable the readiness probe
## @param contour.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param contour.readinessProbe.periodSeconds How often to perform the probe
## @param contour.readinessProbe.timeoutSeconds When the probe times out
## @param contour.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param contour.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
readinessProbe:
enabled: true
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param contour.startupProbe.enabled Enable/disable the startup probe
## @param contour.startupProbe.initialDelaySeconds Delay before startup probe is initiated
## @param contour.startupProbe.periodSeconds How often to perform the probe
## @param contour.startupProbe.timeoutSeconds When the probe times out
## @param contour.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param contour.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
startupProbe:
enabled: false
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## Contour certgen configs
##
certgen:
## @param contour.certgen.serviceAccount.create Create a serviceAccount for the Contour pod
## @param contour.certgen.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template
## @param contour.certgen.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param contour.certgen.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## @param contour.certgen.certificateLifetime Generated certificate lifetime (in days).
##
certificateLifetime: 365
## @param contour.certgen.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param contour.certgen.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param contour.certgen.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param contour.certgen.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param contour.certgen.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param contour.certgen.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param contour.certgen.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param contour.certgen.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param contour.certgen.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @param contour.tlsExistingSecret Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled.
## It will override `tlsExistingSecret`
##
tlsExistingSecret: ""
## Contour Service properties
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
##
service:
## @param contour.service.type Service type
##
type: ClusterIP
## @param contour.service.ports.xds Contour service xds port
## @param contour.service.ports.metrics Contour service xds port
##
ports:
xds: 8001
metrics: 8000
## Node ports to expose
## @param contour.service.nodePorts.xds Node port for HTTP
## NOTE: choose port between <30000-32767>
##
nodePorts:
xds: ""
## @param contour.service.clusterIP Contour service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param contour.service.loadBalancerIP Contour service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param contour.service.loadBalancerSourceRanges Contour service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param contour.service.loadBalancerClass Contour service Load Balancer Class
## ref https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
##
loadBalancerClass: ""
## @param contour.service.externalTrafficPolicy Contour service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param contour.service.annotations Additional custom annotations for Contour service
##
annotations: {}
## @param contour.service.extraPorts Extra port to expose on Contour service
##
extraPorts: []
## @param contour.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param contour.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param contour.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param contour.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param contour.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param contour.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param contour.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param contour.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param contour.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param contour.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @param contour.initContainers [array] Attach additional init containers to Contour pods
## For example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
##
initContainers: []
## @param contour.sidecars [array] Add additional sidecar containers to the Contour pods
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param contour.extraVolumes [array] Array to add extra volumes
##
extraVolumes: []
## @param contour.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes)
##
extraVolumeMounts: []
## @param contour.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param contour.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers
##
extraEnvVarsCM: ""
## @param contour.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers
##
extraEnvVarsSecret: ""
## @param contour.ingressClass.name Name of the ingress class to route through this controller.
## @param contour.ingressClass.create Whether to create or not the IngressClass resource
## @param contour.ingressClass.default Mark IngressClass resource as default for cluster
##
## DEPRECATED: Use a map instead
## You can use the the 'contour.ingressClass' as a string to indicate the ingress
## class name. This will skip the creation of an IngressClass resource.
## e.g:
## ingressClass: contour
##
ingressClass:
name: ""
create: true
default: true
## @param contour.debug Enable Contour debug log level
##
debug: false
## @param contour.logFormat Set contour log-format. Default text, either text or json.
##
logFormat: text
## @param contour.kubernetesDebug Contour kubernetes debug log level, Default 0, minimum 0, maximum 9.
##
kubernetesDebug: 0
## @param contour.rootNamespaces Restrict Contour to searching these namespaces for root ingress routes.
##
rootNamespaces: ""
## Exposes configuration of Envoy's Overload Manager through Contour's bootstrapping process
## When 95% of max heap size is reached for an Envoy, "shrink heap" operation is triggered.
## When 98% of max heap size is reached for an Envoy, it no longer accepts requests.
## https://projectcontour.io/docs/main/config/overload-manager/
## @param contour.overloadManager.enabled Enable Overload Manager
## @param contour.overloadManager.maxHeapBytes Overload Manager's maximum heap size in bytes
##
overloadManager:
enabled: false
maxHeapBytes: "2147483648"
## PodDisruptionBudget for default backend
## Contour Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param contour.pdb.create Enable Pod Disruption Budget configuration
## @param contour.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled
## @param contour.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @section Envoy parameters
##
envoy:
## @param envoy.enabled Envoy Proxy creation
##
enabled: true
## Bitnami Envoy image
## ref: https://hub.docker.com/r/bitnami/envoy/tags/
## @param envoy.image.registry [default: REGISTRY_NAME] Envoy Proxy image registry
## @param envoy.image.repository [default: REPOSITORY_NAME/envoy] Envoy Proxy image repository
## @skip envoy.image.tag Envoy Proxy image tag (immutable tags are recommended)
## @param envoy.image.digest Envoy Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param envoy.image.pullPolicy Envoy image pull policy
## @param envoy.image.pullSecrets [array] Envoy image pull secrets
##
image:
registry: docker.io
repository: bitnami/envoy
tag: 1.31.5-debian-12-r1
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param envoy.priorityClassName Priority class assigned to the pods
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
##
priorityClassName: ""
## @param envoy.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param envoy.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param envoy.extraArgs [array] Extra arguments passed to Envoy container
##
extraArgs: []
## @param envoy.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param envoy.hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## Envoy container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## ref: https://projectcontour.io/guides/resource-limits/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param envoy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.resources is set (envoy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param envoy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param envoy.command Override default command
##
command: []
## @param envoy.args Override default args
##
args: []
## @param envoy.shutdownManager.enabled Contour shutdownManager sidecar
## @param envoy.shutdownManager.extraArgs [array] Extra arguments passed to shutdown container
## @param envoy.shutdownManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.shutdownManager.resources is set (envoy.shutdownManager.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
## @param envoy.shutdownManager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## @param envoy.shutdownManager.containerPorts.http Specify Port for shutdown container
## @param envoy.shutdownManager.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup.
##
shutdownManager:
lifecycleHooks: {}
extraArgs: []
enabled: true
resourcesPreset: "nano"
containerPorts:
http: 8090
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
resources: {}
## Shutdown Manager container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param envoy.shutdownManager.containerSecurityContext.enabled Enabled envoy shutdownManager containers' Security Context
## @param envoy.shutdownManager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param envoy.shutdownManager.containerSecurityContext.runAsUser Set envoy shutdownManager containers' Security Context runAsUser
## @param envoy.shutdownManager.containerSecurityContext.runAsGroup Set contour containers' Security Context runAsGroup
## @param envoy.shutdownManager.containerSecurityContext.runAsNonRoot Set envoy shutdownManager containers' Security Context runAsNonRoot
## @param envoy.shutdownManager.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param envoy.shutdownManager.containerSecurityContext.privileged Set envoy.shutdownManager container's Security Context privileged
## @param envoy.shutdownManager.containerSecurityContext.allowPrivilegeEscalation Set envoy shutdownManager container's Security Context allowPrivilegeEscalation
## @param envoy.shutdownManager.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param envoy.shutdownManager.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
## @param envoy.shutdownManager.livenessProbe.enabled Enable livenessProbe
## @param envoy.shutdownManager.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param envoy.shutdownManager.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param envoy.shutdownManager.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param envoy.shutdownManager.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param envoy.shutdownManager.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 120
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param envoy.shutdownManager.readinessProbe.enabled Enable/disable the readiness probe
## @param envoy.shutdownManager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param envoy.shutdownManager.readinessProbe.periodSeconds How often to perform the probe
## @param envoy.shutdownManager.readinessProbe.timeoutSeconds When the probe times out
## @param envoy.shutdownManager.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param envoy.shutdownManager.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param envoy.shutdownManager.startupProbe.enabled Enable/disable the startup probe
## @param envoy.shutdownManager.startupProbe.initialDelaySeconds Delay before startup probe is initiated
## @param envoy.shutdownManager.startupProbe.periodSeconds How often to perform the probe
## @param envoy.shutdownManager.startupProbe.timeoutSeconds When the probe times out
## @param envoy.shutdownManager.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param envoy.shutdownManager.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
startupProbe:
enabled: false
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param envoy.shutdownManager.customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param envoy.shutdownManager.customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param envoy.shutdownManager.customStartupProbe Override default startup probe
##
customStartupProbe: {}
## Envoy Initconfig initcontainer security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param envoy.initConfig.containerSecurityContext.enabled Enabled envoy initConfig containers' Security Context
## @param envoy.initConfig.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param envoy.initConfig.containerSecurityContext.runAsUser Set envoy initConfig containers' Security Context runAsUser
## @param envoy.initConfig.containerSecurityContext.runAsGroup Set envoy initConfig containers' Security Context runAsUser
## @param envoy.initConfig.containerSecurityContext.runAsNonRoot Set envoy initConfig containers' Security Context runAsNonRoot
## @param envoy.initConfig.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param envoy.initConfig.containerSecurityContext.privileged Set contraller container's Security Context privileged
## @param envoy.initConfig.containerSecurityContext.allowPrivilegeEscalation Set contraller container's Security Context allowPrivilegeEscalation
## @param envoy.initConfig.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param envoy.initConfig.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
initConfig:
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
## @param envoy.kind Install as deployment or daemonset
##
kind: daemonset
## @param envoy.replicaCount Desired number of Controller pods
##
replicaCount: 1
## @param envoy.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup.
##
lifecycleHooks: {}
## @param envoy.updateStrategy [object] Strategy to use to update Pods
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param envoy.minReadySeconds The minimum number of seconds for which a newly created Pod should be ready
##
minReadySeconds: 0
## @param envoy.revisionHistoryLimit The number of old history to retain to allow rollback
##
revisionHistoryLimit: 10
## Controller Autoscaling configuration
## @param envoy.autoscaling.enabled Enable autoscaling for Controller
## @param envoy.autoscaling.minReplicas Minimum number of Controller replicas
## @param envoy.autoscaling.maxReplicas Maximum number of Controller replicas
## @param envoy.autoscaling.targetCPU Target CPU utilization percentage
## @param envoy.autoscaling.targetMemory Target Memory utilization percentage
## @param envoy.autoscaling.behavior HPA Behavior
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPU: ""
targetMemory: ""
behavior: {}
## @param envoy.podAffinityPreset Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## @param envoy.podAntiAffinityPreset Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: ""
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param envoy.nodeAffinityPreset.type Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param envoy.nodeAffinityPreset.key Envoy Node label key to match Ignored if `affinity` is set.
## @param envoy.nodeAffinityPreset.values [array] Envoy Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param envoy.affinity [object] Affinity for Envoy pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param envoy.nodeSelector [object] Node labels for Envoy pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param envoy.tolerations [array] Tolerations for Envoy pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param envoy.podAnnotations [object] Envoy Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param envoy.podLabels Extra labels for Envoy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param envoy.podSecurityContext.enabled Envoy Pod securityContext
## @param envoy.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param envoy.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param envoy.podSecurityContext.fsGroup User ID for the for the mounted volumes
## @param envoy.podSecurityContext.sysctls Array of sysctl options to allow
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
supplementalGroups: []
fsGroup: 0
sysctls: []
## Envoy container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param envoy.containerSecurityContext.enabled Enabled envoy containers' Security Context
## @param envoy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param envoy.containerSecurityContext.runAsUser Set envoy containers' Security Context runAsUser
## @param envoy.containerSecurityContext.runAsGroup Set envoy containers' Security Context runAsGroup
## @param envoy.containerSecurityContext.runAsNonRoot Set envoy containers' Security Context runAsNonRoot
## @param envoy.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param envoy.containerSecurityContext.privileged Set envoy container's Security Context privileged
## @param envoy.containerSecurityContext.allowPrivilegeEscalation Set envoy container's Security Context allowPrivilegeEscalation
## @param envoy.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param envoy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
## @param envoy.hostNetwork Envoy Pod host network access
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces
##
hostNetwork: false
## @param envoy.dnsPolicy Envoy Pod Dns Policy's DNS Policy
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
##
dnsPolicy: ClusterFirst
## @param envoy.tlsExistingSecret Name of the existingSecret to be use in Envoy deployment
##
tlsExistingSecret: ""
## @param envoy.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param envoy.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
## @param envoy.serviceAccount.automountServiceAccountToken Whether to auto mount API credentials for a service account
## @param envoy.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## @param envoy.livenessProbe.enabled Enable livenessProbe
## @param envoy.livenessProbe.port LivenessProbe port
## @param envoy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param envoy.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param envoy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param envoy.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param envoy.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
port: 8002
initialDelaySeconds: 120
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param envoy.readinessProbe.enabled Enable/disable the readiness probe
## @param envoy.readinessProbe.port ReadinessProbe port
## @param envoy.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param envoy.readinessProbe.periodSeconds How often to perform the probe
## @param envoy.readinessProbe.timeoutSeconds When the probe times out
## @param envoy.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param envoy.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
readinessProbe:
enabled: true
port: 8002
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param envoy.startupProbe.enabled Enable/disable the startup probe
## @param envoy.startupProbe.port StartupProbe port
## @param envoy.startupProbe.initialDelaySeconds Delay before startup probe is initiated
## @param envoy.startupProbe.periodSeconds How often to perform the probe
## @param envoy.startupProbe.timeoutSeconds When the probe times out
## @param envoy.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param envoy.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
startupProbe:
enabled: false
port: 8002
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param envoy.customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param envoy.customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param envoy.customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param envoy.terminationGracePeriodSeconds Envoy termination grace period in seconds
##
terminationGracePeriodSeconds: 300
## @param envoy.logLevel Envoy log level
##
logLevel: info
## Envoy Service properties
##
service:
## @param envoy.service.name envoy service name
##
name: ""
## The multi az feature renders multiple service, so you could attach different service provider loadbalancer to it.
## This feature is primarily used to achieve a high availability with multiple loadbalancer
## @param envoy.service.multiAz.enabled enables the rendering of the multiple services
## @param envoy.service.multiAz.zones defines different zones their annotations and loadBalancerIPs
##
multiAz:
enabled: false
zones: []
## Example
## - name: "zone1"
## loadBalancerIP: "1.2.3.4"
## annotations:
## service.beta.kubernetes.io/loadbalancer-zone: zone1
## - name: "zone2"
## loadBalancerIP: "5.6.7.8"
## annotations:
## service.beta.kubernetes.io/loadbalancer-zone: zone2
##
## @param envoy.service.targetPorts [object] Map the controller service HTTP/HTTPS port
##
targetPorts:
http: http
https: https
metrics: metrics
## @param envoy.service.type Type of Envoy service to create
##
type: LoadBalancer
## @param envoy.service.externalTrafficPolicy Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer
##
externalTrafficPolicy: Local
## @param envoy.service.labels Labels to add to te envoy service
##
labels: {}
## @param envoy.service.clusterIP Internal envoy cluster service IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param envoy.service.externalIPs [array] Envoy service external IP addresses
##
externalIPs: []
## @param envoy.service.loadBalancerIP IP address to assign to load balancer (if supported)
##
loadBalancerIP: ""
## @param envoy.service.loadBalancerSourceRanges [array] List of IP CIDRs allowed access to load balancer (if supported)
##
loadBalancerSourceRanges: []
## @param envoy.service.loadBalancerClass Envoy service Load Balancer Class
## ref https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
##
loadBalancerClass: ""
## @param envoy.service.ipFamilyPolicy [string], support SingleStack, PreferDualStack and RequireDualStack
##
ipFamilyPolicy: ""
## @param envoy.service.ipFamilies [array] List of IP families (e.g. IPv4, IPv6) assigned to the service.
## Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
## E.g.
## ipFamilies:
## - IPv6
##
ipFamilies: []
## @param envoy.service.annotations [object] Annotations for Envoy service
##
annotations: {}
ports:
## @param envoy.service.ports.http Sets service http port
##
http: 80
## @param envoy.service.ports.https Sets service https port
##
https: 443
## @param envoy.service.ports.metrics Sets service metrics port
##
metrics: 8002
## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
## @param envoy.service.nodePorts.http HTTP Port. If `envoy.service.type` is NodePort and this is non-empty
## @param envoy.service.nodePorts.https HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty
## @param envoy.service.nodePorts.metrics Metrics Port. If `envoy.service.type` is NodePort and this is non-empty
##
nodePorts:
http: ""
https: ""
metrics: ""
## @param envoy.service.extraPorts [array] Extra ports to expose (normally used with the `sidecar` value)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
##
extraPorts: []
## @param envoy.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param envoy.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @param envoy.service.exposeMetrics Setting to expose the metrics port in the service
exposeMetrics: false
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param envoy.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param envoy.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param envoy.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param envoy.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param envoy.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param envoy.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param envoy.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @param envoy.useHostPort.http Enable/disable `hostPort` for TCP/80
## @param envoy.useHostPort.https Enable/disable `hostPort` TCP/443
## @param envoy.useHostPort.metrics Enable/disable `hostPort` for TCP/8002
##
useHostPort:
http: false
https: false
metrics: false
## @param envoy.useHostIP Enable/disable `hostIP`
##
useHostIP: false
## @param envoy.hostPorts.http Sets `hostPort` http port
## @param envoy.hostPorts.https Sets `hostPort` https port
## @param envoy.hostPorts.metrics Sets `hostPort` metrics port
##
hostPorts:
http: 80
https: 443
metrics: 8002
## @param envoy.hostIPs.http Sets `hostIP` http IP
## @param envoy.hostIPs.https Sets `hostIP` https IP
## @param envoy.hostIPs.metrics Sets `hostIP` metrics IP
##
hostIPs:
http: 127.0.0.1
https: 127.0.0.1
metrics: 127.0.0.1
## Configures the ports the Envoy proxy listens on
## @param envoy.containerPorts.http Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user)
## @param envoy.containerPorts.https Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user)
## @param envoy.containerPorts.metrics Sets metrics port inside Envoy pod (change this to >1024 to run envoy as a non-root user)
##
containerPorts:
http: 8080
https: 8443
metrics: 8002
## @param envoy.initContainers [array] Attach additional init containers to Envoy pods
## For example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
##
initContainers: []
## @param envoy.sidecars Add additional sidecar containers to the Envoy pods
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param envoy.extraVolumes [array] Array to add extra volumes
##
extraVolumes: []
## @param envoy.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes)
##
extraVolumeMounts: []
## @param envoy.extraEnvVars [array] Array containing extra env vars to be added to all Envoy containers
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param envoy.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Envoy containers
##
extraEnvVarsCM: ""
## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers
##
extraEnvVarsSecret: ""
## PodDisruptionBudget for default backend
## Envoy Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param envoy.pdb.create Enable Pod Disruption Budget configuration
## @param envoy.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled
## @param envoy.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @section Gateway API parameters
##
gatewayAPI:
## @param gatewayAPI.manageCRDs Manage the creation, upgrade and deletion of Gateway API CRDs.
##
manageCRDs: false
## @section Default backend parameters
##
## Default 404 backend
##
defaultBackend:
## @param defaultBackend.enabled Enable a default backend based on NGINX
##
enabled: false
## Bitnami NGINX image
## ref: https://hub.docker.com/r/bitnami/nginx/tags/
## @param defaultBackend.image.registry [default: REGISTRY_NAME] Default backend image registry
## @param defaultBackend.image.repository [default: REPOSITORY_NAME/nginx] Default backend image name
## @skip defaultBackend.image.tag Default backend image tag
## @param defaultBackend.image.digest Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param defaultBackend.image.pullPolicy Image pull policy
## @param defaultBackend.image.pullSecrets [array] Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.27.3-debian-12-r5
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param defaultBackend.extraArgs [object] Additional command line arguments to pass to NGINX container
##
extraArgs: {}
## @param defaultBackend.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup.
##
lifecycleHooks: {}
## @param defaultBackend.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param defaultBackend.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers
##
extraEnvVarsCM: ""
## @param defaultBackend.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers
##
extraEnvVarsSecret: ""
## @param defaultBackend.extraVolumes [array] Array to add extra volumes
##
extraVolumes: []
## @param defaultBackend.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes)
##
extraVolumeMounts: []
## @param defaultBackend.initContainers [array] Attach additional init containers to the http backend pods
## For example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
##
initContainers: []
## @param defaultBackend.sidecars [array] Add additional sidecar containers to the default backend
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## Configures the ports the http backend listens on
## @param defaultBackend.containerPorts.http Set http port inside Contour pod
##
containerPorts:
http: 8001
## @param defaultBackend.updateStrategy Strategy to use to update Pods
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy: {}
## @param defaultBackend.command Override default command
##
command: []
## @param defaultBackend.args Override default args
##
args: []
## @param defaultBackend.hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param defaultBackend.replicaCount Desired number of default backend pods
##
replicaCount: 1
## Default backend pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param defaultBackend.podSecurityContext.enabled Default backend Pod securityContext
## @param defaultBackend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param defaultBackend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param defaultBackend.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param defaultBackend.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Default backend containers' Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param defaultBackend.containerSecurityContext.enabled Enabled defaultBackend containers' Security Context
## @param defaultBackend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param defaultBackend.containerSecurityContext.runAsUser Set defaultBackend containers' Security Context runAsUser
## @param defaultBackend.containerSecurityContext.runAsGroup Set defaultBackend containers' Security Context runAsGroup
## @param defaultBackend.containerSecurityContext.runAsNonRoot Set defaultBackend containers' Security Context runAsNonRoot
## @param defaultBackend.containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's Security Conte
## @param defaultBackend.containerSecurityContext.privileged Set defaultBackend container's Security Context privileged
## @param defaultBackend.containerSecurityContext.allowPrivilegeEscalation Set defaultBackend container's Security Context allowPrivilegeEscalation
## @param defaultBackend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param defaultBackend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
## Default backend containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
## @param defaultBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param defaultBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Default backend containers' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param defaultBackend.livenessProbe.enabled Enable livenessProbe
## @param defaultBackend.livenessProbe.httpGet [object] Path, port and scheme for the livenessProbe
## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
## Default backend containers' readiness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param defaultBackend.readinessProbe.enabled Enable readinessProbe
## @param defaultBackend.readinessProbe.httpGet [object] Path, port and scheme for the readinessProbe
## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 0
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
## @param defaultBackend.startupProbe.enabled Enable/disable the startup probe
## @param defaultBackend.startupProbe.initialDelaySeconds Delay before startup probe is initiated
## @param defaultBackend.startupProbe.periodSeconds How often to perform the probe
## @param defaultBackend.startupProbe.timeoutSeconds When the probe times out
## @param defaultBackend.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded.
## @param defaultBackend.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed.
##
startupProbe:
enabled: false
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param defaultBackend.customLivenessProbe [object] Override default liveness probe, it overrides the default one (evaluated as a template)
##
customLivenessProbe: {}
## @param defaultBackend.customReadinessProbe [object] Override default readiness probe, it overrides the default one (evaluated as a template)
##
customReadinessProbe: {}
## @param defaultBackend.customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param defaultBackend.podLabels [object] Extra labels for Controller pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param defaultBackend.podAnnotations [object] Annotations for Controller pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param defaultBackend.priorityClassName Priority class assigned to the pods
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
##
priorityClassName: ""
## @param defaultBackend.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param defaultBackend.terminationGracePeriodSeconds In seconds, time the given to the default backend pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: 60
## @param defaultBackend.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
## @param defaultBackend.nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param defaultBackend.affinity [object] Affinity for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param defaultBackend.nodeSelector [object] Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param defaultBackend.tolerations [array] Tolerations for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Default backend Service parameters
## @param defaultBackend.service.type Service type
## @param defaultBackend.service.ports.http Service port
## @param defaultBackend.service.annotations Annotations to add to the service
##
service:
type: ClusterIP
ports:
http: 80
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param defaultBackend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param defaultBackend.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param defaultBackend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param defaultBackend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param defaultBackend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param defaultBackend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param defaultBackend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## PodDisruptionBudget for default backend
## Default backend Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param defaultBackend.pdb.create Enable Pod Disruption Budget configuration
## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled
## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Ingress parameters
##
ingress:
## @param ingress.enabled Ingress configuration enabled
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
## Enable Ingress.
##
enabled: false
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.certManager Add annotations for cert-manager
##
certManager: false
## @param ingress.annotations Annotations to be added to the web ingress.
## Example:
## kubernetes.io/ingress.class: nginx
## kubernetes.io/tls-acme: 'true'
##
annotations: {}
## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled.
## `hosts` sets up the Ingress with default rules per provided hostname.
## @param ingress.hostname Hostname for the Ingress object
##
hostname: contour.local
## @param ingress.path The Path to Concourse
##
path: /
## @param ingress.rulesOverride Ingress rules override
## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled.
## `rulesOverride` allows the user to define the full set of ingress rules, for more complex Ingress setups.
##
rulesOverride: []
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
##
ingressClassName: ""
## @param ingress.extraPaths Add additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
##
extraPaths: []
## @param ingress.tls TLS configuration.
## Secrets must be manually created in the namespace.
## Example:
## - secretName: concourse-web-tls
## hosts:
## - concourse.domain.com
##
tls: false
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: concourse.local
## path: /
##
extraHosts: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - concourse.local
## secretName: concourse.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: concourse.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Metrics parameters
##
metrics:
## Prometheus Operator service monitors
##
serviceMonitor:
## @param metrics.serviceMonitor.namespace Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart)
##
namespace: ""
## @param metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator.
##
enabled: false
## @param metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: "app.kubernetes.io/name"
## @param metrics.serviceMonitor.interval Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used.
##
interval: ""
## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics.
##
metricRelabelings: []
## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling.
##
relabelings: []
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
##
honorLabels: false
## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.selector Specify honorLabels parameter to add the scrape endpoint
##
selector: {}
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## Prometheus Operator prometheusRules
##
prometheusRule:
## @param metrics.prometheusRule.enabled Creates a Prometheus Operator prometheusRule
##
enabled: false
## @param metrics.prometheusRule.namespace Namespace for the prometheusRule Resource (defaults to the Release Namespace)
##
namespace: ""
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRule will be discovered by Prometheus
##
additionalLabels: {}
## @param metrics.prometheusRule.rules Prometheus Rule definitions
##
rules: []
## @section Other parameters
##
## @param rbac.create Create the RBAC roles for API accessibility
##
rbac:
create: true
## @param rbac.rules [array] Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## @param tlsExistingSecret Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled.
##
tlsExistingSecret: ""
## @param useCertManager Use Cert-manager instead of Contour certgen to issue certificates for TLS connection between Contour and Envoy.
useCertManager: false
Reference in New Issue View Git Blame Copy Permalink