-
Notifications
You must be signed in to change notification settings - Fork 9k
/
values.yaml
691 lines (663 loc) · 24.8 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
##
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section Traffic Exposure Parameters
##
## OAuth2 Proxy service parameters
##
service:
## @param service.type OAuth2 Proxy service type
##
type: ClusterIP
## @param service.port OAuth2 Proxy service HTTP port
##
port: 80
## Node ports to expose
## @param service.nodePorts.http Node port for HTTP
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
## @param service.clusterIP OAuth2 Proxy service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP OAuth2 Proxy service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges OAuth2 Proxy service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy OAuth2 Proxy service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for OAuth2 Proxy service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the OAuth2 Proxy installation
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation for OAuth2 Proxy
##
enabled: false
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: oaut2-proxy.local
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Rely on cert-manager to create it by setting the corresponding annotations
## - Rely on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false`
##
tls: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: oaut2-proxy.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - oaut2-proxy.local
## secretName: oaut2-proxy.local-tls
##
extraTls: []
## @param ingress.certManager Add the corresponding annotations for cert-manager integration
##
certManager: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.secrets Custom TLS certificates as secrets
## NOTE: 'key' and 'certificate' are expected in PEM format
## NOTE: 'name' should line up with a 'secretName' set further up
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## secrets:
## - name: %%COMPONENT_NAME%%.local-tls
## key: |-
## -----BEGIN RSA PRIVATE KEY-----
## ...
## -----END RSA PRIVATE KEY-----
## certificate: |-
## -----BEGIN CERTIFICATE-----
## ...
## -----END CERTIFICATE-----
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section OAuth2 Proxy Image parameters
##
## Bitnami OAuth2 Proxy image
## ref: https://hub.docker.com/r/bitnami/redis/tags/
## @param image.registry OAuth2 Proxy image registry
## @param image.repository OAuth2 Proxy image repository
## @param image.tag OAuth2 Proxy image tag (immutable tags are recommended)
## @param image.digest OAuth2 Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy OAuth2 Proxy image pull policy
## @param image.pullSecrets OAuth2 Proxy image pull secrets
##
image:
registry: docker.io
repository: bitnami/oauth2-proxy
tag: 7.4.0-debian-11-r53
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets
## Secrets must be manually created in the namespace
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section OAuth2 Proxy configuration parameters
##
## Configuration section
##
configuration:
## @param configuration.clientID OAuth client ID
##
clientID: "XXXXXXX"
## @param configuration.clientSecret OAuth client secret
##
clientSecret: "XXXXXXXX"
## Create a new secret with the following command openssl rand -base64 32 | head -c 32 | base64
## Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
##
## @param configuration.cookieSecret OAuth cookie secret
##
cookieSecret: "XXXXXXXXXXXXXXXX"
## @param configuration.existingSecret Secret with the client ID, secret and cookie secret
##
existingSecret: ""
## e.g:
## google:
## adminEmail: xxxx
## serviceAccountJson: xxxx
## existingSecret: google-secret
## Alternatively, use an existing secret (see secret-google.yaml for required fields)
##
## @param configuration.google.enabled Enable Google service account
## @param configuration.google.adminEmail Google admin email
## @param configuration.google.googleGroup Restrict logins to members of this google group
## @param configuration.google.serviceAccountJson Google Service account JSON
## @param configuration.google.existingSecret Existing secret containing Google Service Account
##
google:
enabled: false
adminEmail: ""
googleGroup: ""
serviceAccountJson: ""
existingSecret: ""
## Custom configuration file: oauth2_proxy.cfg
## content: |
## pass_basic_auth = false
## pass_access_token = true
##
## @param configuration.content [string] Default configuration
##
content: |
email_domains = [ "*" ]
upstreams = [ "file:///dev/null" ]
## @param configuration.existingConfigmap Configmap with the OAuth2 Proxy configuration
##
existingConfigmap: ""
## Authorize individual email addresses
## @param configuration.authenticatedEmailsFile.enabled Enable authenticated emails file
## @param configuration.authenticatedEmailsFile.content Restricted access list (one email per line)
## @param configuration.authenticatedEmailsFile.existingSecret Secret with the authenticated emails file
##
authenticatedEmailsFile:
enabled: false
## One email per line
## e.g:
## content: |-
## name1@domain
## name2@domain
## If you override the config with restricted_access it will configure a user list within this chart what takes care of the configmap
##
content: ""
existingSecret: ""
## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
## @param configuration.htpasswdFile.enabled Enable htpasswd file
## @param configuration.htpasswdFile.existingSecret Existing secret for htpasswd file
## @param configuration.htpasswdFile.content htpasswd file entries (one row per user)
##
htpasswdFile:
enabled: false
## Alternatively supply an existing secret which contains the required information
##
existingSecret: ""
## One row for each user
## e.g:
## entries: |
## testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv
##
content: ""
## @param configuration.oidcIssuerUrl OpenID Connect issuer URL
oidcIssuerUrl: ""
## @param configuration.redirectUrl OAuth Redirect URL
redirectUrl: ""
## @param configuration.whiteList Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains
whiteList: ""
## @section OAuth2 Proxy deployment parameters
##
## @param containerPort OAuth2 Proxy port number
##
containerPort: 4180
## @param extraContainerPorts Array of additional container ports for the OAuth2 Proxy container
## e.g:
## extraContainerPorts:
## - name: metrics
## containerPort: 9100
##
extraContainerPorts: []
## @param replicaCount Number of OAuth2 Proxy replicas to deploy
##
replicaCount: 1
## @param extraArgs add extra args to the default command
##
extraArgs: []
## Configure extra options for OAuth2 Proxy containers' startup, liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe on OAuth2 Proxy nodes
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 5
successThreshold: 1
## @param livenessProbe.enabled Enable livenessProbe on OAuth2 Proxy nodes
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 5
successThreshold: 1
## @param readinessProbe.enabled Enable readinessProbe on OAuth2 Proxy nodes
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## OAuth2 Proxy resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.limits The resources limits for the OAuth2 Proxy containers
## @param resources.requests The requested resources for the OAuth2 Proxy containers
##
resources:
limits: {}
requests: {}
## Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions
## e.g:
## podDisruptionBudget:
## minAvailable: 1
## maxUnavailable: 1
## @param pdb.create Enable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
pdb:
create: false
minAvailable: 1
maxUnavailable: ""
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled OAuth2 Proxy pods' Security Context
## @param podSecurityContext.fsGroup Set OAuth2 Proxy pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param containerSecurityContext.enabled Enabled OAuth2 Proxy containers' Security Context
## @param containerSecurityContext.runAsUser Set OAuth2 Proxy containers' Security Context runAsUser
##
containerSecurityContext:
enabled: true
runAsUser: 1001
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param hostAliases OAuth2 Proxy pods host aliases
## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param podLabels Extra labels for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for OAuth2 Proxy pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for OAuth2 Proxy pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for OAuth2 Proxy pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param updateStrategy.type OAuth2 Proxy statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param priorityClassName OAuth2 Proxy pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param lifecycleHooks for the OAuth2 Proxy container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param extraEnvVars Array with extra environment variables to add to OAuth2 Proxy nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for OAuth2 Proxy nodes
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for OAuth2 Proxy nodes
##
extraEnvVarsSecret: ""
## @param extraVolumes Optionally specify extra list of additional volumes for the OAuth2 Proxy pod(s)
##
extraVolumes: []
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OAuth2 Proxy container(s)
##
extraVolumeMounts: []
## @param sidecars Add additional sidecar containers to the OAuth2 Proxy pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Add additional init containers to the OAuth2 Proxy pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param dnsPolicy Pod DNS policy. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
##
dnsPolicy: ""
## @param dnsConfig Pod DNS configuration.
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
## e.g:
## dnsConfig:
## nameservers:
## - 8.8.8.8
## - 8.8.4.4
## options:
## - name: ndots
## value: "2"
## searches:
## - example.com
##
dnsConfig: {}
## ServiceAccount configuration
##
serviceAccount:
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
annotations: {}
## @section External Redis® parameters
##
externalRedis:
## @param externalRedis.host External Redis® server host
##
host: ""
## @param externalRedis.password External Redis® user password
##
password: ""
## @param externalRedis.port External Redis® server port
##
port: 6379
## @param externalRedis.existingSecret The name of an existing secret with Redis® credentials
## NOTE: Must contain key `redis-password`
## NOTE: When it's set, the `externalRedis.password` parameter is ignored
##
existingSecret: ""
## @section Redis® sub-chart parameters
##
redis:
## @param redis.enabled Deploy Redis® sub-chart
##
enabled: true
## @param redis.architecture Redis® architecture
##
architecture: "standalone"
master:
## @param redis.master.service.port Redis® (without Sentinel) service port
##
service:
port: 6379
replica:
## @param redis.replica.replicaCount Number of Redis® replicas
##
replicaCount: 3
auth:
## @param redis.auth.enabled Enable Redis® authentication
##
enabled: true
## @param redis.auth.existingSecret Secret with Redis® credentials
##
existingSecret: ""
## @param redis.auth.existingSecretPasswordKey Key inside the existing secret with Redis® credentials
##
existingSecretPasswordKey: ""
## @param redis.auth.sentinel Enable authentication in the Sentinel nodes
##
sentinel: true
sentinel:
## @param redis.sentinel.enabled Enable Redis® sentinel in the deployment
##
enabled: false
## @param redis.sentinel.masterSet Name of the Redis® Sentinel master set
##
masterSet: mymaster
service:
## @param redis.sentinel.service.port Redis® (with Sentinel) service port
##
port: 6379
## @param redis.sentinel.service.sentinelPort Redis® (with Sentinel) sentinel service port
##
sentinelPort: 26379