-
Notifications
You must be signed in to change notification settings - Fork 13
/
values.yaml
286 lines (235 loc) · 9.17 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
## Default values for tyk-gateway chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
## See Tyk Helm documentation for installation details:
## https://tyk.io/docs/tyk-oss/ce-helm-chart/
## Registry for all Tyk images - https://hub.docker.com/u/tykio
# nameOverride overrides the Chart name. It is truncated to 63 characters.
# Default value: tyk-gateway.name
nameOverride: ""
# fullnameOverride overrides App name. It is truncated to 63 characters.
# Default value: tyk-gateway.fullname
fullnameOverride: ""
global:
servicePorts:
# The port at which the dashboard service can be found at
dashboard: 3000
# The port at which the gateway service can be found at
gateway: 8080
tls:
gateway: false
# If set to true the Dashboard will use SSL connection.
# You will also need to set the:
# - TYK_DB_SERVEROPTIONS_CERTIFICATE_CERTFILE
# - TYK_DB_SERVEROPTIONS_CERTIFICATE_KEYFILE
# variables in extraEnvs object array to define your SSL cert and key files.
dashboard: false
components:
dashboard: false
secrets:
# APISecret sets node_secret and secret in tyk.conf
APISecret: CHANGEME
# useSecretName can be used if you don't want to store plaintext secrets in the Helm value file and would
# rather provide the k8s Secret externally.
# You can set following fields in the secret
# - APISecret - Sets node_secret and secret in tyk.conf
useSecretName: ""
redis:
# The addrs value will allow you to set your Redis addresses.
#
# If you are using Redis (e.g. Bitnami Redis at bitnami/redis) then enter single
# endpoint. If using sentinel connection mode for Redis, please update the port number (typically 26379).
#
# If using a Redis Cluster (e.g. bitnami/redis-cluster), you can list
# the endpoints of the redis instances or use the cluster configuration endpoint.
#
# Default value: redis.{{ .Release.Namespace }}.svc.cluster.local:6379
# addrs:
# Example using tyk simple redis chart
# - redis.tyk.svc.cluster.local:6379
# Example using bitnami/redis
# - tyk-redis-master.tyk.svc.cluster.local:6379
# Example using bitnami/redis with sentinel
# - tyk-redis.tyk.svc.cluster.local:26379
# Example using bitnami/redis-cluster
# - tyk-redis-redis-cluster.tyk.svc.cluster.local:6379
# Redis password
# If you're using Bitnami Redis chart (e.g. bitnami/redis) please input
# your password in the field below
# pass: ""
# Redis password can also be provided via a secret. Provide the name of the secret and key below.
# passSecret:
# name: ""
# keyName: ""
# Enables SSL for Redis connection. Redis instance will have to support that.
# Default value: false
# useSSL: true
# If using "Redis Cluster" set enableCluster to true
# (e.g. if using bitnami/redis-cluster)
# enableCluster: true
# Enables sentinel connection mode for Redis. If enabled, provide both
# mandatory values for sentinelPass and masterName.
# enableSentinel: false
# Redis sentinel master name, only required while enableSentinel is true.
# masterName: ""
# By default, the database index is 0. Setting the database index is not
# supported with redis cluster. As such, if you have enableCluster: true,
# then this value should be omitted or explicitly set to 0.
storage:
database: 0
remoteControlPlane:
# useSecretName can be used if you don't want to store plaintext values for remote control plane configurations in
# the Helm value file and would rather provide the k8s Secret externally.
# You should set following fields in the secret
# - orgId - Sets slave_options.rpc_key of Tyk Gateway
# - userApiKey - Sets slave_options.api_key of Tyk Gateway
# - groupID - Sets slave_options.group_id of Tyk Gateway
useSecretName: ""
enabled: false
# connection string used to connect to an MDCB deployment. For Tyk Cloud users, you can get it from Tyk Cloud Console and retrieve the MDCB connection string.
connectionString: ""
# orgID of your dashboard user
orgId: ""
# API key of your dashboard user
userApiKey: ""
# needed in case you want to have multiple data-planes connected to the same redis instance
groupID: ""
# enable/disable ssl
useSSL: true
# Disables SSL certificate verification
sslInsecureSkipVerify: true
gateway:
# The hostname to bind the Gateway to.
hostName: tyk-gw.local
tls:
# When true, it will install the certificate present in the templates folder, set to false when using
# a custom TLS certificate to avoid overwriting yours
useDefaultTykCertificate: true
# The name of the secret which should contain the TLS certificate you want to use with the gateway deployment
secretName: tyk-default-tls-secret
# kind is type of k8s object to be created for gateway.
kind: Deployment
# podAnnotations is annotations to be added to Tyk Gateway pod.
# It takes key-value pairs.
# There are no required annotation field for Tyk Gateway.
#
# podAnnotations:
# yourkey: value
# image: yourhub
podAnnotations: {}
# replicaCount specifies number of replicas to be created if kind is Deployment.
replicaCount: 1
image:
# image repository for Tyk Gateway
repository: docker.tyk.io/tyk-gateway/tyk-gateway
# image tag for Tyk Gateway
tag: v5.1.0
# image pull policy for Tyk Gateway
pullPolicy: IfNotPresent
# image pull secrets to use when pulling images from repository
imagePullSecrets: []
# The port which will be exposed on the container for tyk-gateway
containerPort: 8080
# By default, APIs, policies, and middleware are stored on a volume mount,
# enable to instead store them in the container's filesystem
# (policies will be stored in a single json file)
disableInitContainer: false
service:
# type of service
type: NodePort
# external traffic policy of the service. Set it only if you are using LoadBalancer service type
externalTrafficPolicy: Local
# annotations for service
annotations: {}
control:
# If enabled, exposes control port of the gateway
enabled: false
# control port of gateway
containerPort: 9696
# port number for control port service
port: 9696
# service type for control port service
type: ClusterIP
# annotations for control port service
annotations: {}
# Creates an ingress object in k8s. Will require an ingress-controller and
# annotation to that ingress controller.
ingress:
# if enabled, creates an ingress resource for the gateway
enabled: false
# specify ingress controller class name
className: ""
# annotations for ingress
annotations: {}
# ingress rules
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
# tls configuration for ingress
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
tls: []
# Sharding gateway allows you to selectively load APIs to specific gateways.
# If enabled make sure you have at least one gateway that is not sharded.
# Also be sure to match API segmentation tags with the tags selected below.
sharding:
enabled: false
tags: ""
# We usually recommend not to specify default resources and to leave this
# as a conscious choice for the user. This also increases chances charts
# run on environments with little resources, such as Minikube. If you do
# want to specify resources, uncomment the following lines, adjust them
# as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources: {}
# securityContext values for gateway pod
securityContext:
runAsUser: 1000
fsGroup: 2000
# containerSecurityContext values for gateway container
containerSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
capabilities:
drop:
- all
# node labels for gateway pod assignment
nodeSelector: {}
# tolerations for gateway pod assignment
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
# affinity for gateway pod assignment
affinity: {}
# extraEnvs is used to set gateway env variables
# - name: TYK_GW_HTTPSERVEROPTIONS_SSLINSECURESKIPVERIFY
# value: "true"
extraEnvs: []
## extraVolumes is a list of volumes to be added to the pod
## extraVolumes:
## - name: ca-certs
## secret:
## defaultMode: 420
## secretName: ca-certs
extraVolumes: []
## extraVolumeMounts is a list of volume mounts to be added to the pod
## extraVolumeMounts:
## - name: ca-certs
## mountPath: /etc/ssl/certs/ca-certs.crt
## readOnly: true
extraVolumeMounts: []
# analyticsEnabled property is used to enable or disable analytics.
analyticsEnabled: "false"
# used to decide whether to send the results back directly to Tyk without a hybrid pump
# if you want to send analytics to control plane instead of pump, change analyticsConfigType to "rpc"
analyticsConfigType: ""