-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalues.yaml
82 lines (75 loc) · 2.93 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
---
# -- Dictionary of all the settings to configure this chart
# @default -- depends on the individual settings
golangExternalSecrets:
rbac:
# -- The name of the vault role when connecting to the vault from the hub
rolename: "hub-role"
# -- Settings relevant when using the kubernetes backend
# @default -- depends on the individual settings
kubernetes:
# -- The remote namespace used in the ClusterSecretStore
remoteNamespace: "validated-patterns-secrets"
server:
# -- The URL used in the ClusterSecretStore
url: 'https://kubernetes.default'
# -- Some vault configuration entries
# @default -- depends on the individual settings
vault:
# -- The vault secrets' path when connecting to it from the hub
mountPath: "hub"
# -- This controls how ESO connects to vault and it allows to specify where the public key
# of the CA that signed the API endpoint to talke to the vault
# @default -- depends on the individual settings
caProvider:
# -- When set to true this uses a custom CA to talk to vault
enabled: true # If vault is exposed via a route that is signed by a non internal CA you might want to disable this
# -- Where to fetch the CA that signed the vault API endpoint when on the hub cluster
# @default -- depends on the individual settings
hostCluster:
# -- Type of object where the CA is stored
type: ConfigMap
# -- Name of object where the CA is stored
name: kube-root-ca.crt
# -- Key of object where the CA is stored
key: ca.crt
# -- Namespace of object where the CA is stored
namespace: golang-external-secrets
# -- Where to fetch the CA that signed the vault API endpoint when on a spoke cluster
# @default -- depends on the individual settings
clientCluster:
# -- Type of object where the CA is stored
type: Secret
# -- Name of object where the CA is stored
name: hub-ca
# -- Key of object where the CA is stored
key: hub-kube-root-ca.crt
# -- Namespace of object where the CA is stored
namespace: golang-external-secrets
# -- The global namespace containes some globally used variables used in patterns
# @default -- depends on the individual settings
global:
# -- The DNS entry for the hub cluster
hubClusterDomain: hub.example.com
# -- The DNS entry for the cluster the chart is being rendered on
clusterDomain: foo.example.com
secretStore:
# -- The backend of ESO being used in the pattern
backend: "vault"
clusterGroup:
# -- The variable that defines when a cluster is the HUB
isHubCluster: true
# -- A few settings containing which images are being used
# @default -- depends on the individual settings
external-secrets:
image:
# -- Tag for the ESO main image
tag: v0.10.2-ubi
webhook:
image:
# -- Tag for the ESO webhook image
tag: v0.10.2-ubi
certController:
image:
# -- Tag for the ESO certController image
tag: v0.10.2-ubi