This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16.8k
/
values.yaml
340 lines (312 loc) · 11.5 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
halyard:
spinnakerVersion: 1.19.4
image:
repository: gcr.io/spinnaker-marketplace/halyard
tag: 1.32.0
pullSecrets: []
# Set to false to disable persistence data volume for halyard
persistence:
enabled: true
# Uncomment to add storage class for the persistence data volume
# storageClass: <storageclass_name>
# Provide additional parameters to halyard deploy apply command
additionalInstallParameters: []
# Provide a config map with Hal commands that will be run the core config (storage)
# The config map should contain a script in the config.sh key
additionalScripts:
enabled: false
configMapName: my-halyard-config
configMapKey: config.sh
# If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap
# The content will be passed through `tpl`, so value interpolation is supported.
create: false
data: {}
additionalSecrets:
create: false
data: {}
## Uncomment if you want to use a pre-created secret rather than feeding data in via helm.
# name:
additionalConfigMaps:
create: false
data: {}
## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm.
# name:
## Define custom profiles for Spinnaker services. Read more for details:
## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles
## The contents of the files will be passed through `tpl`, so value interpolation is supported.
additionalProfileConfigMaps:
data: {}
## if you're running spinnaker behind a reverse proxy such as a GCE ingress
## you may need the following profile settings for the gate profile.
## see https://github.com/spinnaker/spinnaker/issues/1630
## otherwise its harmless and will likely become default behavior in the future
## According to the linked github issue.
# gate-local.yml:
# server:
# tomcat:
# protocolHeader: X-Forwarded-Proto
# remoteIpHeader: X-Forwarded-For
# internalProxies: .*
# httpsServerPort: X-Forwarded-Port
## Define custom settings for Spinnaker services. Read more for details:
## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings
## You can use it to add annotations for pods, override the image, etc.
additionalServiceSettings: {}
# deck.yml:
# artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808
# kubernetes:
# podAnnotations:
# iam.amazonaws.com/role: <role_arn>
# clouddriver.yml:
# kubernetes:
# podAnnotations:
# iam.amazonaws.com/role: <role_arn>
## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details:
## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
bom: ~
# artifactSources:
# debianRepository: https://dl.bintray.com/spinnaker-releases/debians
# dockerRegistry: gcr.io/spinnaker-marketplace
# gitPrefix: https://github.com/spinnaker
# googleImageProject: marketplace-spinnaker-release
# services:
# clouddriver:
# commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5
# version: 6.3.0-20190904130744
# deck:
# commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a
# version: 2.12.0-20190916141821
# ...
# timestamp: '2019-09-16 18:18:44'
# version: 1.16.1
## Define local configuration for Spinnaker services.
## The contents of these files would be copies of the configuration normally retrieved from
## `gs://halconfig/<service-name>`, but instead need to be available locally on the halyard pod to facilitate
## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a
## service version.
## Read more for details:
## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
## The key for each entry must be the name of the service and a file name separated by the '_' character.
serviceConfigs: {}
# clouddriver_clouddriver-ro.yml: |-
# ...
# clouddriver_clouddriver-rw.yml: |-
# ...
# clouddriver_clouddriver.yml: |-
# ...
# deck_settings.json: |-
# ...
# echo_echo.yml: |-
# ...
## Uncomment if you want to add extra commands to the init script
## run by the init container before halyard is started.
## The content will be passed through `tpl`, so value interpolation is supported.
# additionalInitScript: |-
## Uncomment if you want to add annotations on halyard and install-using-hal pods
# annotations:
# iam.amazonaws.com/role: <role_arn>
## Uncomment the following resources definitions to control the cpu and memory
# resources allocated for the halyard pod
resources: {}
# requests:
# memory: "1Gi"
# cpu: "100m"
# limits:
# memory: "2Gi"
# cpu: "200m"
## Uncomment if you want to set environment variables on the Halyard pod.
# env:
# - name: JAVA_OPTS
# value: -Dhttp.proxyHost=proxy.example.com
customCerts:
## Enable to override the default cacerts with your own one
enabled: false
secretName: custom-cacerts
# Define which registries and repositories you want available in your
# Spinnaker pipeline definitions
# For more info visit:
# https://www.spinnaker.io/setup/providers/docker-registry/
# Configure your Docker registries here
dockerRegistries:
- name: dockerhub
address: index.docker.io
repositories:
- library/alpine
- library/ubuntu
- library/centos
- library/nginx
# - name: gcr
# address: https://gcr.io
# username: _json_key
# password: '<INSERT YOUR SERVICE ACCOUNT JSON HERE>'
# email: 1234@5678.com
# - name: ecr
# address: <AWS-ACCOUNT-ID>.dkr.ecr.<REGION>.amazonaws.com
# username: AWS
# passwordCommand: aws --region <REGION> ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d | sed 's/^AWS://'
# If you don't want to put your passwords into a values file
# you can use a pre-created secret instead of putting passwords
# (specify secret name in below `dockerRegistryAccountSecret`)
# per account above with data in the format:
# <name>: <password>
# dockerRegistryAccountSecret: myregistry-secrets
kubeConfig:
# Use this when you want to register arbitrary clusters with Spinnaker
# Upload your ~/kube/.config to a secret
enabled: false
# secretName: my-kubeconfig
# secretKey: config
# Use this when you want to configure halyard to reference a kubeconfig from s3
# This allows you to keep your kubeconfig in an encrypted s3 bucket
# For more info visit:
# https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3
# encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig
# List of contexts from the kubeconfig to make available to Spinnaker
contexts:
- default
deploymentContext: default
# Use this to limit the namespaces this kubernetes account will access.
# Note, if you use nameSpaces, omittedNameSpaces will not be used.
# Note, the casing of the nameSpace variable here.
# nameSpaces:
# - namespace1
# - namespace2
omittedNameSpaces:
- kube-system
- kube-public
onlySpinnakerManaged:
enabled: false
# When false, clouddriver will skip the permission checks for all kubernetes kinds at startup.
# This can save a great deal of time during clouddriver startup when you have many kubernetes
# accounts configured. This disables the log messages at startup about missing permissions.
checkPermissionsOnStartup: true
# A list of resource kinds this Spinnaker account can deploy to and will cache.
# When no kinds are configured, this defaults to ‘all kinds'.
# kinds:
# -
# A list of resource kinds this Spinnaker account cannot deploy to or cache.
# This can only be set when –kinds is empty or not set.
# omittedKinds:
# -
# When true, clouddriver will query manifest status during pipeline executions using live
# data rather than the cache. This eliminates all time spent in the “force cache refresh”
# task in pipelines, greatly reducing execution time.
liveManifestCalls: false
# Change this if youd like to expose Spinnaker outside the cluster
ingress:
enabled: false
# host: spinnaker.example.org
# annotations:
# ingress.kubernetes.io/ssl-redirect: 'true'
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# tls:
# - secretName: -tls
# hosts:
# - domain.com
ingressGate:
enabled: false
# host: gate.spinnaker.example.org
# annotations:
# ingress.kubernetes.io/ssl-redirect: 'true'
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# tls:
# - secretName: -tls
# hosts:
# - domain.com
# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable
# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit
# spinnakerFeatureFlags:
# - artifacts
# - pipeline-templates
spinnakerFeatureFlags:
- artifacts
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
# nodeSelector to provide to each of the Spinnaker components
nodeSelector: {}
# Node tolerations
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# Redis password to use for the in-cluster redis service
# Enable redis to use in-cluster redis
redis:
enabled: true
# External Redis option will be enabled if in-cluster redis is disabled
external:
host: "<EXTERNAL-REDIS-HOST-NAME>"
port: 6379
# password: ""
password: password
nodeSelector: {}
cluster:
enabled: false
# Uncomment if you don't want to create a PVC for redis
# master:
# persistence:
# enabled: false
# Minio access/secret keys for the in-cluster S3 usage
# Minio is not exposed publically
minio:
enabled: true
image:
tag: RELEASE.2020-01-03T19-12-21Z
service:
type: ClusterIP
accessKey: spinnakeradmin
secretKey: spinnakeradmin
defaultBucket:
enabled: true
name: "spinnaker"
nodeSelector: {}
# Uncomment if you don't want to create a PVC for minio
# persistence:
# enabled: false
# Google Cloud Storage
gcs:
enabled: false
project: my-project-name
bucket: "<GCS-BUCKET-NAME>"
## if jsonKey is set, will create a secret containing it
jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
## override the name of the secret to use for jsonKey, if `jsonKey`
## is empty, it will not create a secret assuming you are creating one
## external to the chart. the key for that secret should be `key.json`.
secretName:
# AWS Simple Storage Service
s3:
enabled: false
bucket: "<S3-BUCKET-NAME>"
# rootFolder: "front50"
# region: "us-east-1"
# endpoint: ""
# accessKey: ""
# secretKey: ""
# assumeRole: "<role to assume>"
## Here you can pass extra arguments to configure s3 storage options
extraArgs: []
# - "--path-style-access true"
# Azure Storage Account
azs:
enabled: false
# storageAccountName: ""
# accessKey: ""
# containerName: "spinnaker"
rbac:
# Specifies whether RBAC resources should be created
create: true
# Specifies whether PSP resources should be created
pspEnabled: false
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccounts to use.
# If left blank it is auto-generated from the fullname of the release
halyardName:
spinnakerName:
serviceAccountAnnotations: {}
securityContext:
# Specifies permissions to write for user/group
runAsUser: 1000
fsGroup: 1000