-
Notifications
You must be signed in to change notification settings - Fork 85
/
Copy pathvalues.yaml
339 lines (268 loc) · 12.4 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
# Default values for dex.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- Number of replicas (pods) to launch.
replicaCount: 1
# -- Labels to apply to all resources and selectors.
commonLabels: {}
# team_name: dev
image:
# -- Name of the image repository to pull the container image from.
repository: ghcr.io/dexidp/dex
# -- [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for updating already existing images on a node.
pullPolicy: IfNotPresent
# -- Image tag override for the default value (chart appVersion).
tag: ""
# -- Reference to one or more secrets to be used when [pulling images](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) (from private registries).
imagePullSecrets: []
# -- A name in place of the chart name for `app:` labels.
nameOverride: ""
# -- A name to substitute for the full names of resources.
fullnameOverride: ""
# -- A list of hosts and IPs that will be injected into the pod's hosts file if specified.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hostname-and-name-resolution)
hostAliases: []
https:
# -- Enable the HTTPS endpoint.
enabled: false
grpc:
# -- Enable the gRPC endpoint.
# Read more in the [documentation](https://dexidp.io/docs/api/).
enabled: false
configSecret:
# -- Enable creating a secret from the values passed to `config`.
# If set to false, name must point to an existing secret.
create: true
# -- The name of the secret to mount as configuration in the pod.
# If not set and create is true, a name is generated using the fullname template.
# Must point to secret that contains at least a `config.yaml` key.
name: ""
# -- Application configuration.
# See the [official documentation](https://dexidp.io/docs/).
config: {}
# -- Additional storage [volumes](https://kubernetes.io/docs/concepts/storage/volumes/).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details.
volumes: []
# -- Additional [volume mounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details.
volumeMounts: []
# -- Additional environment variables mounted from [secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) or [config maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details.
envFrom: []
# -- Additional environment variables passed directly to containers.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details.
env: {}
# -- Similar to env but with support for all possible configurations.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details.
envVars: []
# - name: SOME_ENV_VAR
# value: value
# - name: SOME_ENV_VAR2
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
# - name: SOME_ENV_VAR3
# valueFrom:
# configMapKeyRef:
# name: config-map-name
# key: config-map-key
serviceAccount:
# -- Enable service account creation.
create: true
# -- Annotations to be added to the service account.
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
rbac:
# -- Specifies whether RBAC resources should be created.
# If disabled, the operator is responsible for creating the necessary resources based on the templates.
create: true
# -- Specifies which RBAC resources should be created.
# If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's)
createClusterScoped: true
# -- Annotations to be added to deployment.
deploymentAnnotations: {}
# -- Labels to be added to deployment.
deploymentLabels: {}
# -- Annotations to be added to pods.
podAnnotations: {}
# -- Labels to be added to pods.
podLabels: {}
podDisruptionBudget:
# -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/).
# It is **highly recommended** for webhooks as disruptions can prevent launching new pods.
enabled: false
# -- (int/percentage) Number or percentage of pods that must remain available.
minAvailable:
# -- (int/percentage) Number or percentage of pods that can be unavailable.
maxUnavailable:
# -- Specify a priority class name to set [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority).
priorityClassName: ""
# -- Pod [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) for details.
podSecurityContext: {}
# fsGroup: 2000
# -- Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept.
# May be set to 0 in case of GitOps deployment approach.
revisionHistoryLimit: 10
# -- Container [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) for details.
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
# -- Annotations to be added to the service.
annotations: {}
# -- Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
type: ClusterIP
# -- Internal cluster service IP (when applicable)
clusterIP: ""
# -- Load balancer service IP (when applicable)
loadBalancerIP: ""
ports:
http:
# -- HTTP service port
port: 5556
# -- (int) HTTP node port (when applicable)
nodePort:
https:
# -- HTTPS service port
port: 5554
# -- (int) HTTPS node port (when applicable)
nodePort:
grpc:
# -- gRPC service port
port: 5557
# -- (int) gRPC node port (when applicable)
nodePort:
ingress:
# -- Enable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/).
enabled: false
# -- Ingress [class name](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class).
className: ""
# -- Annotations to be added to the ingress.
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# -- Ingress host configuration.
# @default -- See [values.yaml](values.yaml).
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
# -- Ingress TLS configuration.
# @default -- See [values.yaml](values.yaml).
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
serviceMonitor:
# -- Enable Prometheus ServiceMonitor.
# See the [documentation](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/design.md#servicemonitor) and the [API reference](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) for details.
enabled: false
# -- Namespace where the ServiceMonitor resource should be deployed.
# @default -- Release namespace.
namespace: ""
# -- (duration) Prometheus scrape interval.
interval:
# -- (duration) Prometheus scrape timeout.
scrapeTimeout:
# -- Labels to be added to the ServiceMonitor.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
labels: {}
# -- Annotations to be added to the ServiceMonitor.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
annotations: {}
# -- HTTP scheme to use for scraping.
# Can be used with `tlsConfig` for example if using istio mTLS.
scheme: ""
# -- HTTP path to scrape for metrics.
path: /metrics
# -- TLS configuration to use when scraping the endpoint.
# For example if using istio mTLS.
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
tlsConfig: {}
# -- Prometheus scrape bearerTokenFile
bearerTokenFile:
# -- HonorLabels chooses the metric's labels on collisions with target labels.
honorLabels: false
# -- Prometheus scrape metric relabel configs
# to apply to samples before ingestion.
## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# -- Relabel configs to apply
# to samples before ingestion.
## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
# -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details.
# @default -- No requests or limits.
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- Autoscaling configuration (see [values.yaml](values.yaml) for details).
# @default -- Disabled by default.
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# -- [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration.
nodeSelector: {}
# -- [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for node taints.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details.
tolerations: []
# -- [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) configuration.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details.
affinity: {}
# -- [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
# See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details.
topologySpreadConstraints: []
# -- Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) configuration.
strategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
networkPolicy:
# -- Create [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
enabled: false
# -- A list of network policy egress rules
egressRules: []
# Allow DNS egress traffic
# - ports:
# - port: 53
# protocol: UDP
# - port: 53
# protocol: TCP
# Example to allow LDAP connector to reach LDAPs port on 1.2.3.4 server
# - to:
# - ipBlock
# cidr: 1.2.3.4/32
# ports:
# - port: 636
# protocol: TCP