mirror of
https://github.com/bitnami/charts.git
synced 2026-02-20 03:58:02 +08:00
792 lines
31 KiB
YAML
792 lines
31 KiB
YAML
## @section Global parameters
|
|
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
|
|
|
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
|
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
|
##
|
|
global:
|
|
imageRegistry: ""
|
|
## E.g.
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
storageClass: ""
|
|
|
|
## @section Common parameters
|
|
|
|
## @param nameOverride Release name override
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride Release full name override
|
|
##
|
|
fullnameOverride: ""
|
|
## @param commonLabels Labels to add to all deployed objects
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Annotations to add to all deployed objects
|
|
##
|
|
commonAnnotations: {}
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
##
|
|
extraDeploy: []
|
|
|
|
## @section kiam image parameters
|
|
|
|
## @param image.registry kiam image registry
|
|
## @param image.repository kiam image name
|
|
## @param image.tag kiam image tag
|
|
## @param image.pullPolicy kiam image pull policy
|
|
## @param image.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/kiam
|
|
tag: 3.6.0-debian-10-r444
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## Example:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
|
|
## @section kiam server parameters
|
|
|
|
## kiam server properties
|
|
##
|
|
server:
|
|
## @param server.enabled Deploy the kiam server
|
|
##
|
|
enabled: true
|
|
## @param server.containerPort HTTPS port to expose at container level
|
|
##
|
|
containerPort: 8443
|
|
## @param server.resourceType Specify how to deploy the server (allowed values: `daemonset` and `deployment`)
|
|
##
|
|
resourceType: daemonset
|
|
## @param server.hostAliases Add deployment host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param server.useHostNetwork Use host networking (ports will be directly exposed in the host)
|
|
##
|
|
useHostNetwork: false
|
|
## @param server.replicaCount Number of replicas to deploy (when `server.resourceType` is `daemonset`)
|
|
##
|
|
replicaCount: 1
|
|
## @param server.logJsonOutput Use JSON format for logs
|
|
##
|
|
logJsonOutput: true
|
|
## @param server.logLevel Logging level
|
|
##
|
|
logLevel: info
|
|
## @param server.sslCertHostPath Path to the host system SSL certificates (necessary for contacting the AWS metadata server)
|
|
##
|
|
sslCertHostPath: /etc/ssl/certs
|
|
## @param server.podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
|
## @param server.podSecurityPolicy.allowedHostPaths Extra host paths to allow in the PodSecurityPolicy
|
|
##
|
|
podSecurityPolicy:
|
|
create: true
|
|
allowedHostPaths: []
|
|
## @param server.priorityClassName Server priorityClassName
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## Configure extra options for liveness probe
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param server.livenessProbe.enabled Enable livenessProbe
|
|
## @param server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param server.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param server.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param server.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
## Configure extra options for readiness probe
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param server.readinessProbe.enabled Enable readinessProbe
|
|
## @param server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param server.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param server.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param server.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
## @param server.extraArgs Extra arguments to add to the default kiam command
|
|
##
|
|
extraArgs: {}
|
|
## @param server.command Override kiam default command
|
|
##
|
|
command: []
|
|
## @param server.args Override kiam default args
|
|
##
|
|
args: []
|
|
## @param server.tlsFiles [object] Base64-encoded PEM values for server's CA certificate(s), certificate and private key
|
|
##
|
|
tlsFiles:
|
|
ca: ""
|
|
cert: ""
|
|
key: ""
|
|
## @param server.gatewayTimeoutCreation Timeout when creating the kiam gateway
|
|
##
|
|
gatewayTimeoutCreation: 1s
|
|
## @param server.tlsSecret Name of a secret with TLS certificates for the container
|
|
##
|
|
tlsSecret: ""
|
|
## @param server.dnsPolicy Pod DNS policy
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy
|
|
##
|
|
dnsPolicy: Default
|
|
## @param server.roleBaseArn Base ARN for IAM roles. If not set kiam will detect it automatically
|
|
## If not specified use EC2 metadata service to detect ARN prefix
|
|
##
|
|
roleBaseArn: ""
|
|
## @param server.cacheSyncInterval Cache synchronization interval
|
|
##
|
|
cacheSyncInterval: 1m
|
|
## @param server.assumeRoleArn IAM role for the server to assume
|
|
##
|
|
assumeRoleArn: ""
|
|
## @param server.sessionDuration Session duration for STS tokens
|
|
##
|
|
sessionDuration: 15m
|
|
## @param server.tlsCerts [object] Agent TLS Certificate filenames
|
|
##
|
|
tlsCerts:
|
|
certFileName: cert.pem
|
|
keyFileName: key.pem
|
|
caFileName: ca.pem
|
|
## Kiam server resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## We usually recommend not to specify default resources and to leave this as a conscious
|
|
## choice for the user. This also increases chances charts run on environments with little
|
|
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
## @param server.resources.limits The resources limits for the kiam container
|
|
## @param server.resources.requests The requested resources for the kiam container
|
|
##
|
|
resources:
|
|
## Example:
|
|
## limits:
|
|
## cpu: 200m
|
|
## memory: 256Mi
|
|
limits: {}
|
|
## Examples:
|
|
## requests:
|
|
## cpu: 200m
|
|
## memory: 10Mi
|
|
requests: {}
|
|
## SecurityContext configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param server.containerSecurityContext.enabled Enabled kiam server containers' Security Context
|
|
## @param server.containerSecurityContext.runAsUser Set kiam server container's Security Context runAsUser
|
|
## @param server.containerSecurityContext.runAsNonRoot Set kiam server container's Security Context runAsNonRoot
|
|
## @param server.containerSecurityContext.seLinuxOptions Set kiam server container's Security Context SE Linux options
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
seLinuxOptions: {}
|
|
## @param server.podSecurityContext.enabled Enabled kiam server pods' Security Context
|
|
## @param server.podSecurityContext.fsGroup Set kiam server pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## @param server.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param server.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Node affinity preset
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param server.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param server.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param server.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param server.affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
## @param server.nodeSelector Node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param server.tolerations Tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param server.podLabels Extra labels for kiam pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param server.podAnnotations Annotations for kiam pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param server.lifecycleHooks lifecycleHooks for the kiam server container to automate configuration before or after startup.
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param server.customLivenessProbe Override default liveness probe
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param server.customReadinessProbe Override default readiness probe
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param server.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
|
|
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
|
|
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
|
|
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @param server.extraEnvVars Array containing extra env vars to configure kiam server
|
|
## For example:
|
|
## - name: BEARER_AUTH
|
|
## value: true
|
|
##
|
|
extraEnvVars: []
|
|
## @param server.extraEnvVarsCM ConfigMap containing extra env vars to configure kiam server
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param server.extraEnvVarsSecret Secret containing extra env vars to configure kiam server (in case of sensitive data)
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param server.extraVolumes Optionally specify extra list of additional volumes for kiam pods
|
|
##
|
|
extraVolumes: []
|
|
## @param server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for kiam container(s)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param server.initContainers Add additional init containers to the kiam pods
|
|
## Example:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## @param server.sidecars Add additional sidecar containers to the kiam pods
|
|
## Example:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
|
|
## @section kiam server exposure parameters
|
|
|
|
## Service configuration
|
|
##
|
|
service:
|
|
## @param server.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param server.service.port Service HTTPS port
|
|
##
|
|
port: 8443
|
|
## @param server.service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
metrics: ""
|
|
## @param server.service.clusterIP kiam service clusterIP IP
|
|
##
|
|
clusterIP: None
|
|
## @param server.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
|
|
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param server.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## Example:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param server.service.externalTrafficPolicy Enable client source IP preservation
|
|
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param server.service.annotations Annotations for kiam service
|
|
##
|
|
annotations: {}
|
|
|
|
## @section kiam server Service Account parameters
|
|
|
|
## Specifies whether a ServiceAccount should be created
|
|
##
|
|
serviceAccount:
|
|
## @param server.serviceAccount.create Enable the creation of a ServiceAccount for kiam pods
|
|
##
|
|
create: true
|
|
## @param server.serviceAccount.name Name of the created ServiceAccount
|
|
## If not set and create is true, a name is generated using the fullname template
|
|
##
|
|
name: ""
|
|
|
|
## @section kiam server metrics parameters
|
|
|
|
metrics:
|
|
## @param server.metrics.enabled Enable exposing kiam statistics
|
|
##
|
|
enabled: false
|
|
## @param server.metrics.port Metrics port
|
|
##
|
|
port: 9621
|
|
## @param server.metrics.syncInterval Metrics synchronization interval statistics
|
|
##
|
|
syncInterval: 5s
|
|
## @param server.metrics.annotations [object] Annotations for enabling prometheus to access the metrics endpoints
|
|
##
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: '{{ .Values.server.metrics.port }}'
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
## @param server.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
|
|
##
|
|
enabled: false
|
|
## @param server.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
##
|
|
namespace: ""
|
|
## @param server.metrics.serviceMonitor.interval Interval at which metrics should be scraped
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
interval: 30s
|
|
## @param server.metrics.serviceMonitor.metricRelabelings Specify Metric Relabellings to add to the scrape endpoint
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
|
|
##
|
|
metricRelabelings: []
|
|
## @param server.metrics.serviceMonitor.relabelings Specify Relabelings to add to the scrape endpoint
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
|
|
##
|
|
relabelings: []
|
|
## @param server.metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
scrapeTimeout: ""
|
|
## @param server.metrics.serviceMonitor.selector metrics service selector
|
|
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
|
|
##
|
|
selector: {}
|
|
|
|
## @section kiam agent parameters
|
|
|
|
## kiam agent properties
|
|
##
|
|
agent:
|
|
## @param agent.enabled Deploy the kiam agent
|
|
##
|
|
enabled: true
|
|
## Logging settings
|
|
## @param agent.logJsonOutput Use JSON format for logs
|
|
## @param agent.logLevel Logging level
|
|
##
|
|
logJsonOutput: true
|
|
logLevel: info
|
|
## @param agent.priorityClassName Server priorityClassName
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param agent.allowRouteRegExp Regexp with the allowed paths for agents to redirect
|
|
##
|
|
allowRouteRegExp: ""
|
|
## @param agent.hostAliases Add deployment host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## Host networking settings
|
|
## @param agent.containerPort HTTPS port to expose at container level
|
|
## @param agent.iptables Have the agent modify the host iptables rules
|
|
## @param agent.iptablesRemoveOnShutdown Remove iptables rules when shutting down the agent node
|
|
## @param agent.hostInterface Interface for agents for redirecting requests
|
|
##
|
|
containerPort: 8183
|
|
iptables: false
|
|
## Do not remove iptables forwarding rules when kiam-agent terminates
|
|
## needed for RollingUpdate strategy and for security reasons
|
|
iptablesRemoveOnShutdown: false
|
|
hostInterface: cali+
|
|
## gRPC keepalive variables
|
|
## @param agent.keepaliveParams.permitWithoutStream Permit keepalive without stream
|
|
## @param agent.keepaliveParams.time Keepalive time
|
|
## @param agent.keepaliveParams.timeout Keepalive timeout
|
|
##
|
|
keepaliveParams:
|
|
time: ""
|
|
timeout: ""
|
|
permitWithoutStream: false
|
|
## @param agent.enableDeepProbe Use the probes using the `/health` endpoint
|
|
## able to communicate with servers, which may happen on
|
|
## certificate change
|
|
##
|
|
enableDeepProbe: false
|
|
## @param agent.dnsPolicy Pod DNS policy
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy
|
|
##
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
## @param agent.sslCertHostPath Path to the host system SSL certificates (necessary for contacting the AWS metadata agent)
|
|
##
|
|
sslCertHostPath: /etc/ssl/certs
|
|
## @param agent.tlsFiles [object] Base64-encoded PEM values for server's CA certificate(s), certificate and private key
|
|
##
|
|
tlsFiles:
|
|
ca: ""
|
|
cert: ""
|
|
key: ""
|
|
## @param agent.podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
|
## @param agent.podSecurityPolicy.allowedHostPaths Extra host paths to allow in the PodSecurityPolicy
|
|
##
|
|
podSecurityPolicy:
|
|
create: true
|
|
allowedHostPaths: []
|
|
## @param agent.tlsSecret Name of a secret with TLS certificates for the container
|
|
##
|
|
tlsSecret: ""
|
|
## @param agent.useHostNetwork Use host networking (ports will be directly exposed in the host)
|
|
## This is necessary for intercepting the metadata URL for nodes.
|
|
##
|
|
useHostNetwork: true
|
|
## @param agent.tlsCerts [object] Agent TLS Certificate filenames
|
|
##
|
|
tlsCerts:
|
|
certFileName: cert.pem
|
|
keyFileName: key.pem
|
|
caFileName: ca.pem
|
|
## Configure extra options for liveness probe
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param agent.livenessProbe.enabled Enable livenessProbe
|
|
## @param agent.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param agent.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param agent.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param agent.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param agent.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
## Configure extra options for readiness probe
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param agent.readinessProbe.enabled Enable readinessProbe
|
|
## @param agent.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param agent.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param agent.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param agent.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param agent.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
## @param agent.extraArgs Extra arguments to add to the default kiam command
|
|
##
|
|
extraArgs: {}
|
|
## @param agent.gatewayTimeoutCreation Timeout when creating the kiam gateway
|
|
##
|
|
gatewayTimeoutCreation: 1s
|
|
## @param agent.command Override kiam default command
|
|
##
|
|
command: []
|
|
## @param agent.args Override kiam default args
|
|
##
|
|
args: []
|
|
## Container resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## We usually recommend not to specify default resources and to leave this as a conscious
|
|
## choice for the user. This also increases chances charts run on environments with little
|
|
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
## @param agent.resources.limits The resources limits for the kiam container
|
|
## @param agent.resources.requests The requested resources for the kiam container
|
|
##
|
|
resources:
|
|
## Example:
|
|
## limits:
|
|
## cpu: 200m
|
|
## memory: 256Mi
|
|
limits: {}
|
|
## Examples:
|
|
## requests:
|
|
## cpu: 200m
|
|
## memory: 10Mi
|
|
requests: {}
|
|
## SecurityContext configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param agent.containerSecurityContext.enabled Enabled agent containers' Security Context
|
|
## @param agent.containerSecurityContext.runAsUser Set agent container's Security Context runAsUser
|
|
## @param agent.containerSecurityContext.runAsNonRoot Set agent container's Security Context runAsNonRoot
|
|
## @param agent.containerSecurityContext.seLinuxOptions Set agent container's Security Context SE Linux options
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
seLinuxOptions: {}
|
|
## @param agent.podSecurityContext.enabled Enabled agent pods' Security Context
|
|
## @param agent.podSecurityContext.fsGroup Set agent pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## @param agent.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param agent.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Node affinity preset
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param agent.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param agent.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param agent.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param agent.affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
## @param agent.nodeSelector Node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param agent.tolerations Tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param agent.podLabels Extra labels for kiam pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param agent.podAnnotations Annotations for kiam pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param agent.lifecycleHooks LifecycleHooks to set additional configuration at startup.
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param agent.customLivenessProbe Override default liveness probe
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param agent.customReadinessProbe Override default readiness probe
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param agent.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
|
|
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
|
|
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
|
|
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @param agent.extraEnvVars Array containing extra env vars to configure kiam agent
|
|
## For example:
|
|
## - name: BEARER_AUTH
|
|
## value: true
|
|
##
|
|
extraEnvVars: []
|
|
## @param agent.extraEnvVarsCM ConfigMap containing extra env vars to configure kiam agent
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param agent.extraEnvVarsSecret Secret containing extra env vars to configure kiam agent (in case of sensitive data)
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param agent.extraVolumes Optionally specify extra list of additional volumes for kiam pods
|
|
##
|
|
extraVolumes: []
|
|
## @param agent.extraVolumeMounts Optionally specify extra list of additional volumeMounts for kiam container(s)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param agent.initContainers Add additional init containers to the kiam pods
|
|
## Example:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## @param agent.sidecars Add additional sidecar containers to the kiam pods
|
|
## Example:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
|
|
## @section kiam agent exposure parameters
|
|
|
|
## Service configuration (essentially for metrics)
|
|
##
|
|
service:
|
|
## @param agent.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param agent.service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
metrics: ""
|
|
## @param agent.service.clusterIP kiam service clusterIP IP
|
|
##
|
|
clusterIP: ""
|
|
## @param agent.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
|
|
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param agent.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## Example:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param agent.service.externalTrafficPolicy Enable client source IP preservation
|
|
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param agent.service.annotations Annotations for kiam service
|
|
##
|
|
annotations: {}
|
|
|
|
## @section kiam agent Service Account parameters
|
|
|
|
serviceAccount:
|
|
## @param agent.serviceAccount.create Enable the creation of a ServiceAccount for kiam pods
|
|
##
|
|
create: true
|
|
## @param agent.serviceAccount.name Name of the created ServiceAccount
|
|
## If not set and create is true, a name is generated using the fullname template
|
|
##
|
|
name: ""
|
|
|
|
## @section kiam agent metrics parameters
|
|
|
|
metrics:
|
|
## @param agent.metrics.enabled Enable exposing kiam statistics
|
|
##
|
|
enabled: false
|
|
## @param agent.metrics.port Service HTTP management port
|
|
##
|
|
port: 9620
|
|
## @param agent.metrics.syncInterval Metrics synchronization interval statistics
|
|
##
|
|
syncInterval: 5s
|
|
## @param agent.metrics.annotations [object] Annotations for enabling prometheus to access the metrics endpoints
|
|
##
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: '{{ .Values.agent.metrics.port }}'
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
## @param agent.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
|
|
##
|
|
enabled: false
|
|
## @param agent.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
|
|
##
|
|
namespace: ""
|
|
## @param agent.metrics.serviceMonitor.interval Interval at which metrics should be scraped
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
interval: 30s
|
|
## @param agent.metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
|
|
##
|
|
metricRelabelings: []
|
|
## @param agent.metrics.serviceMonitor.relabelings Specify Relabelings to add to the scrape endpoint
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
|
|
##
|
|
relabelings: []
|
|
## @param agent.metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
scrapeTimeout: ""
|
|
## @param agent.metrics.serviceMonitor.selector metrics service selector
|
|
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
|
|
##
|
|
selector: {}
|
|
|
|
## @section RBAC parameters
|
|
|
|
## Specifies whether RBAC resources should be created
|
|
## @param rbac.create Whether to create and use RBAC resources or not
|
|
##
|
|
rbac:
|
|
create: true
|