-
Notifications
You must be signed in to change notification settings - Fork 187
/
arc-values.yaml
195 lines (180 loc) · 4.94 KB
/
arc-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
nameOverride: ""
fullnameOverride: ""
# One or more secrets to be used when pulling images
imagePullSecrets: []
# - name: myRegistryKeySecretName
# logging format json
# Default is text.
logFormatJSON: true
# log level. Uses V logs (klog)
logVerbosity: 0
linux:
image:
repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
tag: v1.2.0
pullPolicy: IfNotPresent
nodeSelector: {}
tolerations: []
enabled: true
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 50m
memory: 100Mi
podLabels: {}
podAnnotations: {}
priorityClassName: ""
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
privileged: false
# If provided, the userAgent string will be appended to the
# AKV provider user agents for all adal and keyvault requests.
customUserAgent: ""
healthzPort: 8989
healthzPath: "/healthz"
healthzTimeout: "5s"
volumes: []
volumeMounts: []
kubeletRootDir: /var/lib/kubelet
providersDir: /var/run/secrets-store-csi-providers
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
windows:
image:
repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
tag: v1.2.0
pullPolicy: IfNotPresent
nodeSelector: {}
tolerations: []
enabled: false
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 100m
memory: 200Mi
podLabels: {}
podAnnotations: {}
priorityClassName: ""
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
# If provided, the userAgent string will be appended to the
# AKV provider user agents for all adal and keyvault requests.
customUserAgent: ""
healthzPort: 8989
healthzPath: "/healthz"
healthzTimeout: "5s"
volumes: []
volumeMounts: []
kubeletRootDir: C:\var\lib\kubelet
providersDir: C:\k\secrets-store-csi-providers
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
## Configuration values for the secrets-store-csi-driver dependency.
## ref: https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver/README.md
##
secrets-store-csi-driver:
logFormatJSON: true
install: true
# By default helm will append the chart release name to the dependent chart names.
# Explicitly setting the fullnameOverride will override this behavior.
fullnameOverride: secrets-store-csi-driver
linux:
enabled: true
kubeletRootDir: /var/lib/kubelet
metricsAddr: ":8080"
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
tag: v1.2.0
pullPolicy: IfNotPresent
registrarImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
tag: v2.5.1
pullPolicy: IfNotPresent
livenessProbeImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
tag: v2.7.0
pullPolicy: IfNotPresent
crds:
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver-crds
tag: v1.2.0
pullPolicy: IfNotPresent
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
windows:
enabled: false
kubeletRootDir: C:\var\lib\kubelet
metricsAddr: ":8080"
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
tag: v1.2.0
pullPolicy: IfNotPresent
registrarImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
tag: v2.5.1
pullPolicy: IfNotPresent
livenessProbeImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
tag: v2.7.0
pullPolicy: IfNotPresent
enableSecretRotation: false
rotationPollInterval: 2m
# Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for more details on actions to take before enabling this feature
filteredWatchSecret: true
syncSecret:
enabled: false
tokenRequests:
- audience: api://AzureADTokenExchange
## Install default service account
rbac:
install: true
pspEnabled: false
# explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT
constructPEMChain: true
# Azure Arc Extension
enableArcExtension: true
# Values populated by Azure Arc K8s RP during the installation of the extension.
Azure:
Cluster:
ResourceId: ""
Region: ""
Distribution: ""
Infrastructure: ""
proxySettings:
isProxyEnabled: false
httpProxy: ""
httpsProxy: ""
noProxy: ""
proxyCert: ""
Identity:
isEnabled: false
Type: ""
Extension:
Name: ""
ResourceId: ""
# Arc monitoring
arc:
enableMonitoring: true