-
Notifications
You must be signed in to change notification settings - Fork 26
/
values.yaml
373 lines (365 loc) · 12.5 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
# Default values for kube-image-keeper.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- Delay in days before deleting an unused CachedImage
cachedImagesExpiryDelay: 30
# -- List of architectures to put in cache
architectures: [amd64]
# -- Insecure registries to allow to cache and proxify images from
insecureRegistries: []
# -- Root certificate authorities to trust
rootCertificateAuthorities: {}
# secretName: some-secret
# keys: []
controllers:
# Maximum number of CachedImages that can be handled and reconciled at the same time (put or remove from cache)
maxConcurrentCachedImageReconciles: 3
# -- Number of controllers
replicas: 2
image:
# -- Controller image repository. Also available: `quay.io/enix/kube-image-keeper`
repository: ghcr.io/enix/kube-image-keeper
# -- Controller image pull policy
pullPolicy: IfNotPresent
# -- Controller image tag. Default chart appVersion
tag: ""
# -- Controller logging verbosity
verbosity: INFO
# -- Specify secrets to be used when pulling controller image
imagePullSecrets: []
# -- Annotations to add to the controller pod
podAnnotations: {}
# -- Security context for the controller pod
podSecurityContext: {}
# -- Security context for containers of the controller pod
securityContext: {}
# -- Node selector for the controller pod
nodeSelector: {}
# -- Toleration for the controller pod
tolerations: []
# -- Set the PriorityClassName for the controller pod
priorityClassName: ""
pdb:
# -- Create a PodDisruptionBudget for the controllers
create: false
# -- Minimum available pods
minAvailable: 1
# -- Maximum unavailable pods
maxUnavailable: ""
# -- Affinity for the controller pod
affinity: {}
# -- Extra env variables for the controllers pod
env: []
# -- Readiness probe definition for the controllers pod
readinessProbe:
httpGet:
path: /readyz
port: 8081
# -- Liveness probe definition for the controllers pod
livenessProbe:
httpGet:
path: /healthz
port: 8081
resources:
requests:
# -- Cpu requests for the controller pod
cpu: "50m"
# -- Memory requests for the controller pod
memory: "50Mi"
limits:
# -- Cpu limits for the controller pod
cpu: "1"
# -- Memory limits for the controller pod
memory: "512Mi"
webhook:
# -- Don't enable image caching for pods scheduled into these namespaces
ignoredNamespaces: []
# -- Don't enable image caching if the image match the following regexes
ignoredImages: []
# -- Don't enable image caching if the image is configured with imagePullPolicy: Always
ignorePullPolicyAlways: true
# -- If true, create the issuer used to issue the webhook certificate
createCertificateIssuer: true
# -- Issuer reference to issue the webhook certificate, ignored if createCertificateIssuer is true
certificateIssuerRef:
kind: Issuer
name: kube-image-keeper-selfsigned-issuer
objectSelector:
# -- Run the webhook if the object has matching labels. (See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselectorrequirement-v1-meta)
matchExpressions: []
podMonitor:
# -- Should a PodMonitor object be installed to scrape kuik controller metrics. For prometheus-operator (kube-prometheus) users.
create: false
# -- Target scrape interval set in the PodMonitor
scrapeInterval: 60s
# -- Target scrape timeout set in the PodMonitor
scrapeTimeout: 30s
# -- Additional labels to add to PodMonitor objects
extraLabels: {}
# -- Relabel config for the PodMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig
relabelings: []
proxy:
image:
# -- Proxy image repository. Also available: `quay.io/enix/kube-image-keeper`
repository: ghcr.io/enix/kube-image-keeper
# -- Proxy image pull policy
pullPolicy: IfNotPresent
# -- Proxy image tag. Default chart appVersion
tag: ""
# -- whether to run the proxy daemonset in hostNetwork mode
hostNetwork: false
# -- hostPort used for the proxy pod
hostPort: 7439
# -- hostIp used for the proxy pod
hostIp: "127.0.0.1"
# -- metricsPort used for the proxy pod (to expose prometheus metrics)
metricsPort: 8080
# -- Verbosity level for the proxy pod
verbosity: 1
# -- Specify secrets to be used when pulling proxy image
imagePullSecrets: []
# -- Annotations to add to the proxy pod
podAnnotations: {}
# -- Security context for the proxy pod
podSecurityContext: {}
# -- Security context for containers of the proxy pod
securityContext: {}
# -- Node selector for the proxy pod
nodeSelector: {}
# -- Toleration for the proxy pod
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/disk-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/pid-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/network-unavailable
operator: Exists
# -- Set the PriorityClassName for the proxy pod
priorityClassName: system-node-critical
# -- Affinity for the proxy pod
affinity: {}
# -- Extra env variables for the proxy pod
env: []
# -- Readiness probe definition for the proxy pod
readinessProbe:
httpGet:
path: /readyz
port: 7439
# -- Liveness probe definition for the proxy pod
livenessProbe:
httpGet:
path: /healthz
port: 7439
resources:
requests:
# -- Cpu requests for the proxy pod
cpu: "50m"
# -- Memory requests for the proxy pod
memory: "50Mi"
limits:
# -- Cpu limits for the proxy pod
cpu: "1"
# -- Memory limits for the proxy pod
memory: "512Mi"
podMonitor:
# -- Should a PodMonitor object be installed to scrape kuik proxy metrics. For prometheus-operator (kube-prometheus) users.
create: false
# -- Target scrape interval set in the PodMonitor
scrapeInterval: 60s
# -- Target scrape timeout set in the PodMonitor
scrapeTimeout: 30s
# -- Additional labels to add to PodMonitor objects
extraLabels: {}
# -- Relabel config for the PodMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig
relabelings: []
kubeApiRateLimits: {}
# -- Try higher values if there's a lot of CRDs installed in the cluster and proxy start takes a long time because of throttling
# qps: 5
# burst: 10
registry:
image:
# -- Registry image repository
repository: registry
# -- Registry image pull policy
pullPolicy: IfNotPresent
# -- Registry image tag
tag: "2.8"
# -- Number of replicas for the registry pod
replicas: 1
persistence:
# -- AccessMode for persistent volume
accessModes: ReadWriteOnce
# -- If true, enable persistent storage (ignored when using minio or S3)
enabled: false
# -- StorageClass for persistent volume
storageClass: null
# -- Registry persistent volume size
size: 20Gi
# -- External S3 configuration (needed only if you don't enable minio) (see https://github.com/docker/docs/blob/main/registry/storage-drivers/s3.md)
s3: {}
s3ExistingSecret: ""
# -- Disable blobs redirection to S3 bucket (useful if your S3 instance is not accessible from kubelet)
disableS3Redirections: false
garbageCollection:
# -- Garbage collector cron schedule. Use standard crontab format.
schedule: "0 0 * * 0"
# -- If true, delete untagged manifests. Default to false since there is a known bug in **docker distribution** garbage collect job.
deleteUntagged: false
image:
# -- Cronjob image repository
repository: bitnami/kubectl
# -- Cronjob image pull policy
pullPolicy: IfNotPresent
# -- Cronjob image tag. Default 'latest'
tag: "latest"
service:
# -- Registry service type
type: ClusterIP
# -- A secret used to sign state that may be stored with the client to protect against tampering, generated if empty (see https://github.com/distribution/distribution/blob/main/docs/configuration.md#http)
httpSecret: ""
# -- Extra env variables for the registry pod
env: []
# -- Readiness probe definition for the registry pod
readinessProbe:
httpGet:
path: /v2/
port: 5000
# -- Liveness probe definition for the proxy pod
livenessProbe:
httpGet:
path: /v2/
port: 5000
resources:
requests:
# -- Cpu requests for the registry pod
cpu: "50m"
# -- Memory requests for the registry pod
memory: "256Mi"
limits:
# -- Cpu limits for the registry pod
cpu: "1"
# -- Memory limits for the registry pod
memory: "1Gi"
# -- Specify secrets to be used when pulling registry image
imagePullSecrets: []
# -- Annotations to add to the registry pod
podAnnotations: {}
# -- Security context for the registry pod
podSecurityContext: {}
# -- Security context for containers of the registry pod
securityContext: {}
# -- Node selector for the registry pod
nodeSelector: {}
# -- Toleration for the registry pod
tolerations: []
# -- Set the PriorityClassName for the registry pod
priorityClassName: ""
# -- Affinity for the registry pod
affinity: {}
pdb:
# -- Create a PodDisruptionBudget for the registry
create: false
# -- Minimum available pods
minAvailable: 1
# -- Maximum unavailable pods
maxUnavailable: ""
serviceMonitor:
# -- Should a ServiceMonitor object be installed to scrape kuik registry metrics. For prometheus-operator (kube-prometheus) users.
create: false
# -- Target scrape interval set in the ServiceMonitor
scrapeInterval: 60s
# -- Target scrape timeout set in the ServiceMonitor
scrapeTimeout: 30s
# -- Additional labels to add to ServiceMonitor objects
extraLabels: {}
# -- Relabel config for the ServiceMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig
relabelings: []
serviceAccount:
# -- Annotations to add to the servicateAccount
annotations: {}
registryUI:
# -- If true, enable the registry user interface
enabled: false
image:
# -- Registry UI image repository
repository: parabuzzle/craneoperator
# -- Registry UI image pull policy
pullPolicy: IfNotPresent
# -- Registry UI image tag
tag: "2.2.5"
auth:
# -- Registry UI username
username: "admin"
# -- Registry UI password
password: ""
# -- CPU / Memory resources requests / limits for the registry UI pod
resources: {}
# -- Specify secrets to be used when pulling registry UI image
imagePullSecrets: []
# -- Annotations to add to the registry UI pod
podAnnotations: {}
# -- Security context for the registry UI pod
podSecurityContext: {}
# -- Security context for containers of the registry UI pod
securityContext: {}
# -- Node selector for the registry UI pod
nodeSelector: {}
# -- Toleration for the registry UI pod
tolerations: []
# -- Affinity for the registry UI pod
affinity: {}
minio:
# -- If true, install minio as a local storage backend for the registry
enabled: false
fullnameOverride: "kube-image-keeper-minio"
mode: distributed
provisioning:
enabled: true
buckets:
- name: registry
usersExistingSecrets:
- kube-image-keeper-minio-registry-users
extraVolumes:
- name: registry-keys
secret:
defaultMode: 420
secretName: kube-image-keeper-s3-registry-keys
extraVolumeMounts:
- name: registry-keys
mountPath: /opt/bitnami/minio/svcacct/registry/
extraCommands:
- |
(mc admin user svcacct info provisioning $(cat /opt/bitnami/minio/svcacct/registry/accessKey) 2> /dev/null ||
mc admin user svcacct add
--access-key "$(cat /opt/bitnami/minio/svcacct/registry/accessKey)"
--secret-key "$(cat /opt/bitnami/minio/svcacct/registry/secretKey)"
provisioning registry) > /dev/null
serviceAccount:
# -- Annotations to add to the servicateAccount
annotations: {}
# -- Name of the serviceAccount
name: ""
psp:
# -- If True, create the PodSecurityPolicy
create: false