-
Notifications
You must be signed in to change notification settings - Fork 92
/
values.yaml
226 lines (208 loc) · 8.5 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
global:
# -- Reference to one or more secrets to be used when pulling images
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: "image-pull-secret"
k8gb:
# -- image repository
imageRepo: "docker.io/absaoss/k8gb"
# -- ( string ) image tag defaults to Chart.AppVersion, see Chart.yaml, but can be overrided with imageTag key
imageTag:
# -- whether it should also deploy the gslb and dnsendpoints CRDs
deployCrds: true
# -- whether it should also deploy the service account, cluster role and cluster role binding
deployRbac: true
# -- dnsZone controlled by gslb
dnsZone: "cloud.example.com"
# -- Negative TTL for SOA record
dnsZoneNegTTL: 300
# -- main zone which would contain gslb zone to delegate
edgeDNSZone: "example.com" # main zone which would contain gslb zone to delegate
# -- host/ip[:port] format is supported here where port defaults to 53
edgeDNSServers:
# -- use this DNS server as a main resolver to enable cross k8gb DNS based communication
- "1.1.1.1"
# -- used for places where we need to distinguish between different Gslb instances
clusterGeoTag: "eu"
# -- comma-separated list of external gslb geo tags to pair with
extGslbClustersGeoTags: "us"
# -- Reconcile time in seconds
reconcileRequeueSeconds: 30
# -- Extra CoreDNS plugins to be enabled (yaml object)
coredns:
extra_plugins: []
log:
# -- log format (simple,json)
format: simple # log format (simple,json)
# -- log level (panic,fatal,error,warn,info,debug,trace)
level: info # log level (panic,fatal,error,warn,info,debug,trace)
# -- Enable SplitBrain check (Infoblox only)
splitBrainCheck: false
# -- Metrics server address
metricsAddress: "0.0.0.0:8080"
securityContext:
# -- For more options consult https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
# -- Exposing metrics
exposeMetrics: false
# -- enable ServiceMonitor
serviceMonitor:
enabled: false
externaldns:
# -- `.spec.template.spec.dnsPolicy` for ExternalDNS deployment
dnsPolicy: "ClusterFirst"
# -- extra environment variables
extraEnv: []
# -- extra volumes
extraVolumes: []
# -- extra volume mounts
extraVolumeMounts: []
# -- external-dns image repo:tag
# It is important to use the image from k8gb external-dns fork to get the full
# functionality. See links below
# https://github.com/k8gb-io/external-dns
# https://github.com/k8gb-io/external-dns/pkgs/container/external-dns
image: ghcr.io/k8gb-io/external-dns:v0.13.4-azure-ns-multiarch
# -- external-dns sync interval
interval: "20s"
securityContext:
# -- For more options consult https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
runAsUser: 1000
# -- For ExternalDNS to be able to read Kubernetes and AWS token files
fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files
runAsNonRoot: true
coredns:
# -- service: refer to https://www.k8gb.io/docs/service_upgrade.html for upgrading CoreDNS service steps
isClusterService: false
deployment:
# -- Skip CoreDNS creation and uses the one shipped by k8gb instead
skipConfig: true
image:
# -- CoreDNS CRD plugin image
repository: absaoss/k8s_crd
# -- image tag
tag: v0.0.11
# -- Creates serviceAccount for coredns
serviceAccount:
create: true
name: coredns
infoblox:
# -- infoblox provider enabled
enabled: false
# -- WAPI address
gridHost: 10.0.0.1
# -- WAPI version
wapiVersion: 2.3.1
# -- WAPI port
wapiPort: 443
# -- use SSL
sslVerify: true
# -- Request Timeout in secconds
httpRequestTimeout: 20
# -- Size of connections pool
httpPoolConnections: 10
route53:
# -- Enable Route53 provider
enabled: false
# -- Route53 ZoneID
hostedZoneID: ZXXXSSS
# -- specify IRSA Role in AWS ARN format or disable it by setting to `null`
irsaRole: arn:aws:iam::111111:role/external-dns
# -- specify IRSA Role in AWS ARN format for assume role permissions or disable it by setting to `null`
assumeRoleArn: null
# -- alternatively specify the secret name with static credentials for IAM user (make sure this user has limited privileges)
# this can be useful when IRSA is not present or when using say Azure cluster and Route53
# docs: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#create-iam-user-and-attach-the-policy
secret: null
ns1:
# -- Enable NS1 provider
enabled: false
# -- optional custom NS1 API endpoint for on-prem setups
# endpoint: https://api.nsone.net/v1/
ignoreSSL: false
rfc2136:
enabled: false
rfc2136Opts:
- host: host.k3d.internal
- port: 1053
rfc2136auth:
insecure:
enabled: false
tsig:
enabled: true
tsigCreds:
- tsig-secret-alg: hmac-sha256
- tsig-keyname: externaldns-key
gssTsig:
enabled: false
kerberosConfigMap: kerberos-config
gssTsigCreds:
- kerberos-username: ad-user
- kerberos-password: ad-user-pass
- kerberos-realm: ad-domain-realm
azuredns:
enabled: false
# -- External-dns secret name which contains Azure credentials.
# See https://github.com/k8gb-io/external-dns/blob/master/docs/tutorials/azure.md#configuration-file for expected format
authSecretName: external-dns-secret-azure
createAuthSecret:
# -- Create an authentication secret for Azure DNS based on the values below
# alternatively, you can create the secret manually and pass its name in the `azuredns.authSecretName` value
enabled: true
# -- Azure tenant ID which holds the managed identity
tenantId: myTenantId
# -- subscription id which holds the Azure DNS zone
subscriptionId: mySubscriptionId
# -- Azure Resource Group which holds the Azure DNS Zone (which is defined as 'k8gb.edgeDNSZone')
resourceGroup: myDnsResourceGroup
# -- Azure client ID that is associated with the Service Principal.
aadClientId: myAadClientId
# -- Azure client secret that is associated with the Service Principal.
aadClientSecret: myAadClientSecret
# -- Use either AKS Kubelet Identity or AAD Pod Identities
useManagedIdentityExtension : false
# -- Client id from the Managed identitty when using the AAD Pod Identities
userAssignedIdentityID: myUserAssignedIdentityID
# -- Use AKS workload identity extension
useWorkloadIdentityExtension: false
cloudflare:
# -- Enable Cloudflare provider
enabled: false
# -- Cloudflare Zone ID
# follow https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/
# to find your zoneID value
zoneID: replaceme
# -- Configure how many DNS records to fetch per request
# see https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md#throttling
dnsRecordsPerPage: 5000
openshift:
# -- Install OpenShift specific RBAC
enabled: false
tracing:
# -- if the application should be sending the traces to OTLP collector (env var `TRACING_ENABLED`)
enabled: false
# -- should the Jaeger be deployed together with the k8gb operator? In case of using another OpenTracing solution,
# make sure that configmap for OTEL agent has the correct exporters set up (`tracing.otelConfig`).
deployJaeger: false
# -- `host:port` where the spans from the applications (traces) should be sent, sets the `OTEL_EXPORTER_OTLP_ENDPOINT` env var
# This is not the final destination where all the traces are going. Otel collector has its configuration in the associated configmap (`tracing.otelConfig`).
endpoint: localhost:4318
# -- float representing the ratio of how often the span should be kept/dropped (env var `TRACING_SAMPLING_RATIO`)
# if not specified, the AlwaysSample will be used which is the same as 1.0. `0.1` would mean that 10% of samples will be kept
samplingRatio: null
# -- configuration for OTEL collector, this will be represented as configmap called `agent-config`
otelConfig: null
sidecarImage:
# -- OpenTelemetry collector into which the k8gb operator sends the spans. It can be further configured to send its data
# to somewhere else using exporters (Jaeger for instance)
repository: otel/opentelemetry-collector
tag: 0.57.2
pullPolicy: Always
jaegerImage:
# -- if `tracing.deployJaeger==true` this image will be used in the deployment for Jaeger
repository: jaegertracing/all-in-one
tag: 1.37.0
pullPolicy: Always