/
values.yaml
244 lines (209 loc) · 5.57 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
linux:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver
tag: v1.4.3
#digest: sha256:
pullPolicy: IfNotPresent
crds:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver-crds
tag: v1.4.3
pullPolicy: IfNotPresent
## Optionally override resource limits for crd hooks(jobs)
resources: {}
# requests:
# cpu: "100m"
# memory: "128Mi"
# limits:
# cpu: "500m"
# memory: "512Mi"
annotations: {}
podLabels: {}
## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
driver:
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
registrarImage:
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.10.0
#digest: sha256:
pullPolicy: IfNotPresent
registrar:
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
logVerbosity: 5
livenessProbeImage:
repository: registry.k8s.io/sig-storage/livenessprobe
tag: v2.12.0
#digest: sha256:
pullPolicy: IfNotPresent
livenessProbe:
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
kubeletRootDir: /var/lib/kubelet
providersDir: /var/run/secrets-store-csi-providers
additionalProvidersDirs:
- /etc/kubernetes/secrets-store-csi-providers
nodeSelector: {}
# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
# An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
tolerations:
- operator: "Exists"
metricsAddr: ":8095"
env: []
priorityClassName: ""
daemonsetAnnotations: {}
podAnnotations: {}
podLabels: {}
# volumes is a list of volumes made available to secrets store csi driver.
volumes: null
# - name: foo
# emptyDir: {}
# volumeMounts is a list of volumeMounts for secrets store csi driver.
volumeMounts: null
# - name: foo
# mountPath: /bar
# readOnly: true
windows:
enabled: false
image:
repository: registry.k8s.io/csi-secrets-store/driver
tag: v1.4.3
#digest: sha256:
pullPolicy: IfNotPresent
## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
driver:
resources:
limits:
cpu: 400m
memory: 400Mi
requests:
cpu: 100m
memory: 100Mi
registrarImage:
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.10.0
#digest: sha256:
pullPolicy: IfNotPresent
registrar:
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
logVerbosity: 5
livenessProbeImage:
repository: registry.k8s.io/sig-storage/livenessprobe
tag: v2.12.0
#digest: sha256:
pullPolicy: IfNotPresent
livenessProbe:
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
kubeletRootDir: C:\var\lib\kubelet
providersDir: C:\\k\\secrets-store-csi-providers
additionalProvidersDirs:
nodeSelector: {}
# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
# An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
tolerations:
- operator: "Exists"
metricsAddr: ":8095"
env: []
priorityClassName: ""
daemonsetAnnotations: {}
podAnnotations: {}
podLabels: {}
# volumes is a list of volumes made available to secrets store csi driver.
volumes: null
# - name: foo
# emptyDir: {}
# volumeMounts is a list of volumeMounts for secrets store csi driver.
volumeMounts: null
# - name: foo
# mountPath: /bar
# readOnly: true
# log level. Uses V logs (klog)
logVerbosity: 0
# logging format JSON
logFormatJSON: false
livenessProbe:
port: 9808
logLevel: 2
## Maximum size in bytes of gRPC response from plugins
maxCallRecvMsgSize: 4194304
## Install Default RBAC roles and bindings
rbac:
install: true
pspEnabled: false
## Install RBAC roles and bindings required for K8S Secrets syncing if true
syncSecret:
enabled: false
## Enable secret rotation feature [alpha]
enableSecretRotation: false
## Secret rotation poll interval duration
rotationPollInterval:
## Provider HealthCheck
providerHealthCheck: false
## Provider HealthCheck interval
providerHealthCheckInterval: 2m
imagePullSecrets: []
## This allows CSI drivers to impersonate the pods that they mount the volumes for.
# refer to https://kubernetes-csi.github.io/docs/token-requests.html for more details.
# Supported only for Kubernetes v1.20+
tokenRequests: []
# - audience: aud1
# - audience: aud2
# -- Labels to apply to all resources
commonLabels: {}
# team_name: dev