-
Notifications
You must be signed in to change notification settings - Fork 31
/
defaults.yml
108 lines (107 loc) · 6.66 KB
/
defaults.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Copyright 2017-2019 The FIAAS Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
version: 3
replicas:
# Autoscaler scales from replicas.minimum to replicas.maximum (if minimum < maximum and maximum > 1). Need fiaas.resources.requests.cpu. Scales up on mean cpu utilisation of >cpu_threshold_percentage. See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#how-does-a-horizontalpodautoscaler-work. Note that currently, only resource metric scaling is supported, and CPU is the only supported resource metric.
minimum: 2 # Set minimum to the same as maximum for no autoscaling
maximum: 5
cpu_threshold_percentage: 50
singleton: true # Whether there should be a maximum of a single running instance at any one time. Only operational if maximum replicas is one. Set to false to have multiple replicas running during deployment, avoiding downtime.
ingress: # Generate ingress rules for access from outside cluster. To disable, specify as []
- host: # Optional. External hostname to be exposed on. If defined (and at least one http port exists), Ingresses for {host}/{paths[x].path} is created. See https://kubernetes.io/docs/concepts/services-networking/ingress
paths: # List of paths exposed to which application port
- path: / # Path the application answers on
port: http # Name of the port path is served on
annotations: {}
healthchecks: # Healthchecks defined for your application. If omitted and a single port is defined, liveness will default to http or tcp depending on port type, and readiness will be a copy of liveness. If no ports or multiple ports are defined, healthchecks are not provided and should be defined explicitly
liveness:
# Valid configuration requires exactly one of execute|http|tcp
execute:
command: # Command to execute inside the container.
http:
path: /_/health # Path to GET
port: http # port to connect to on the container. Must either be port number or name
http_headers: {} # optional http headers (free form map)
tcp:
port: # tcp port number we will connect to on the container. Will receive a SYN and must complete the TCP handshake. Must either be port number or name
initial_delay_seconds: 10 # Number of seconds after the container has started before liveness probes are initiated.
period_seconds: 10 # How often (in seconds) to perform the probe.
success_threshold: 1 # Minimum consecutive successes for the probe to be considered successful after having failed.
failure_threshold: 3 # Minimum consecutive failures for the probe to be considered failed after having succeeded.
timeout_seconds: 1 # Number of seconds after which the probe times out.
readiness: # If readiness is left out and liveness is defined, the readiness settings are copied from liveness.
# Valid configuration requires exactly one of execute|http|tcp
execute:
command: # Command to execute inside the container.
http:
path: /_/ready # Path to GET
port: http # port to connect to on the container. Must either be port number or name
http_headers: {} # optional http headers
tcp:
port: # tcp port number we will connect to on the container. Will receive a SYN and must complete the TCP handshake. Must either be port number or name
initial_delay_seconds: 10 # Number of seconds after the container has started before readiness probes are initiated.
period_seconds: 10 # How often (in seconds) to perform the probe.
success_threshold: 1 # Minimum consecutive successes for the probe to be considered successful after having failed.
failure_threshold: 3 # Minimum consecutive failures for the probe to be considered failed after having succeeded.
timeout_seconds: 1 # Number of seconds after which the probe times out.
resources: # Optional. See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers
limits:
cpu: 400m # app will have its cpu usage throttled if exceeding this limit
memory: 512Mi # app will be killed if exceeding these limits
requests: # app will be scheduled on nodes with at least this amount resources available
cpu: 200m
memory: 256Mi
metrics:
prometheus:
enabled: true # if false the pod will not be scraped for metrics by prometheus
port: http # Name of HTTP port prometheus is served on
path: /_/metrics # Path to prometheus-metrics
datadog:
enabled: false # if true, attach a datadog sidecar
tags: {} # A map of custom tags to add to all metrics exposed by the pods
ports: # A list of ports the application listens on. For no exposed ports, specify as []
- protocol: http # [http|tcp]
name: http # A logical name for port discovery. Must be <= 63 characters and match [a-z0-9]([-a-z0-9]*[a-z0-9])? (DNS_LABEL)
port: 80 # port number that will be exposed. For protocol=tcp, the available port range is (1024-32767).
target_port: 8080 # the port number which is exposed by the container and should receive traffic routed to `port`
annotations: # Annotations to be set on generated objects
deployment: {}
horizontal_pod_autoscaler: {}
service_account: {}
ingress: {}
service: {}
pod: {}
pod_disruption_budget: {}
role_binding: {}
labels: # Labels to be set on generated objects
deployment: {}
horizontal_pod_autoscaler: {}
service_account: {}
ingress: {}
service: {}
pod: {}
pod_disruption_budget: {}
role_binding: {}
secrets_in_environment: false # If a Secret of the same name exists, it is exposed to the pod as environment variables
admin_access: false # What access the pod has to the k8s api server
extensions:
strongbox: # This is only enabled if fiaas-deploy-daemon runs with --strongbox-init-container-image set
iam_role: # AWS IAM role assumed before pulling secrets from Strongbox
aws_region: eu-west-1 # AWS region to get Strongbox secrets from
groups: [] # Strongbox secret groups. Will get all secrets present in each group
tls: # TLS is only enabled if fiaas-deploy-daemon is run with a value for --use-ingress-tls other than `disabled`
enabled: false # This is dynamically set based on the value for --use-ingress-tls passed to the instance
certificate_issuer: # the name of certificate-issuer cert-manager should use
secrets: {}