-
Notifications
You must be signed in to change notification settings - Fork 141
/
Copy pathvalues.yaml
196 lines (186 loc) · 4.58 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# special handling for "openshift" and "gke-autopilot" (deprecated)
platform: ""
#image qualifier; OBSOLETE -> use imageref instead!
# supply either image or imageref; if both supplied, imageref will be disregarded
image: ""
#image description using tags
#resulting image will be named <repository>:v<tag>
imageRef:
repository: "" #path to repo
tag: "" #defaults to chart version
customPullSecret: ""
installCRD: true
operator:
nodeSelector: {}
tolerations: []
labels: {}
annotations: {}
apparmor: false
securityContext:
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
podSecurityContext:
seccompProfile:
type: RuntimeDefault
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
webhook:
hostNetwork: false
nodeSelector: {}
tolerations: []
labels: {}
annotations: {}
apparmor: false
securityContext:
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
podSecurityContext:
seccompProfile:
type: RuntimeDefault
requests:
cpu: 300m
memory: 128Mi
limits:
cpu: 300m
memory: 128Mi
highAvailability: true
validatingWebhook:
timeoutSeconds: 10
mutatingWebhook:
failurePolicy: Ignore
timeoutSeconds: 10
csidriver:
enabled: true
nodeSelector: {}
kubeletPath: "/var/lib/kubelet"
existingPriorityClassName: "" # if defined, use this priorityclass instead of creating a new one
priorityClassValue: "1000000"
maxUnmountedVolumeAge: "" # defined in days, must be a plain number
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
labels: {}
annotations: {}
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
csiInit:
securityContext:
runAsUser: 0
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: false
seLinuxOptions:
level: s0
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 50m
memory: 100Mi
server:
securityContext:
runAsUser: 0
privileged: true # Needed for mountPropagation
allowPrivilegeEscalation: true # Needed for privileged
readOnlyRootFilesystem: true
runAsNonRoot: false
seLinuxOptions:
level: s0
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 50m
memory: 100Mi
provisioner:
securityContext:
runAsUser: 0
privileged: true # Needed for mountPropagation
allowPrivilegeEscalation: true # Needed for privileged
readOnlyRootFilesystem: true
runAsNonRoot: false
seLinuxOptions:
level: s0
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 300m
memory: 100Mi
registrar:
securityContext:
runAsUser: 0
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 20m
memory: 30Mi
limits:
cpu: 20m
memory: 30Mi
livenessprobe:
securityContext:
runAsUser: 0
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 20m
memory: 30Mi
limits:
cpu: 20m
memory: 30Mi