This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 277
/
values.yaml
255 lines (218 loc) · 7.78 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# Default values for osm.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
OpenServiceMesh:
#
# -- OSM control plane image parameters
image:
# -- Container image registry
registry: openservicemesh
# -- Container image pull policy
pullPolicy: IfNotPresent
# -- Container image tag
tag: v0.9.2
# -- `osm-controller` image pull secret
imagePullSecrets: []
# -- Envoy sidecar image
sidecarImage: envoyproxy/envoy-alpine:v1.18.3
#
# -- OSM controller parameters
osmController:
# -- OSM controller's replica count (ignored when autoscale.enable is true)
replicaCount: 1
# -- OSM controller's container resource parameters
resource:
limits:
cpu: "1.5"
memory: "512M"
requests:
cpu: "0.5"
memory: "128M"
# -- OSM controller's pod labels
podLabels: {}
# -- Enable Pod Disruption Budget
enablePodDisruptionBudget: false
# -- Auto scale configuration
autoScale:
# -- Enable Autoscale
enable: false
# -- Minimum replicas for autoscale
minReplicas: 1
# -- Maximum replicas for autoscale
maxReplicas: 5
# -- Average target CPU utilization (%)
targetAverageUtilization: 80
#
# -- Prometheus parameters
prometheus:
# -- Prometheus's container resource parameters
resources:
limits:
cpu: "1"
memory: "2G"
requests:
cpu: "0.5"
memory: "512M"
# -- Prometheus service's port
port: 7070
# -- Prometheus data rentention configuration
retention:
# -- Prometheus data retention time
time: 15d
# -- The Certificate manager type: `tresor`, `vault` or `cert-manager`
certificateManager: tresor
#
# -- Hashicorp Vault configuration
vault:
# -- Hashicorp Vault host/service - where Vault is installed
host: ""
# -- protocol to use to connect to Vault
protocol: http
# -- token that should be used to connect to Vault
token: ""
# -- Vault role to be used by Open Service Mesh
role: openservicemesh
#
# -- cert-manager.io configuration
certmanager:
# -- cert-manager issuer namecert-manager issuer name
issuerName: osm-ca
# -- cert-manager issuer kind
issuerKind: Issuer
# -- cert-manager issuer group
issuerGroup: cert-manager
# -- Service certificate validity duration for certificate issued to workloads to communicate over mTLS
serviceCertValidityDuration: 24h
# -- The Kubernetes secret name to store CA bundle for the root CA used in OSM
caBundleSecretName: osm-ca-bundle
#
# -- Grafana parameters
grafana:
# -- Grafana service's port
port: 3000
# -- Enable Remote Rendering in Grafana
enableRemoteRendering: false
# -- Enable the debug HTTP server on OSM controller
enableDebugServer: false
# -- Enable permissive traffic policy mode
enablePermissiveTrafficPolicy: false
# -- Enable egress in the mesh
enableEgress: false
# -- Deploy Prometheus with OSM installation
deployPrometheus: false
# -- Deploy Grafana with OSM installation
deployGrafana: false
# -- Enable Fluent Bit sidecar deployment on OSM controller's pod
enableFluentbit: false
#
# -- FluentBit parameters
fluentBit:
# -- Fluent Bit sidecar container name
name: fluentbit-logger
# -- Registry for Fluent Bit sidecar container
registry: fluent
# -- Fluent Bit sidecar image tag
tag: 1.6.4
# -- PullPolicy for Fluent Bit sidecar container
pullPolicy: IfNotPresent
# -- Fluent Bit output plugin
outputPlugin: stdout
# -- WorkspaceId for Fluent Bit output plugin to Log Analytics
workspaceId: ""
# -- Primary Key for Fluent Bit output plugin to Log Analytics
primaryKey: ""
# -- Enable proxy support toggle for Fluent Bit
enableProxySupport: false
# -- Optional HTTP proxy endpoint for Fluent Bit
httpProxy: ""
# -- Optional HTTPS proxy endpoint for Fluent Bit
httpsProxy: ""
# -- Identifier for the instance of a service mesh within a cluster
meshName: osm
# -- Enable mesh-wide HTTPS ingress capability (HTTP ingress is the default)
useHTTPSIngress: false
# -- Log level for the Envoy proxy sidecar
envoyLogLevel: error
# -- Sets the max data plane connections allowed for an instance of osm-controller, set to 0 to not enforce limits
maxDataPlaneConnections: 0
# -- Sets the resync interval for regular proxy broadcast updates, set to 0s to not enforce any resync
configResyncInterval: "0s"
# -- Controller log verbosity
controllerLogLevel: info
# -- Enforce only deploying one mesh in the cluster
enforceSingleMesh: false
# -- Prefix used in name of the webhook configuration resources
webhookConfigNamePrefix: osm-webhook
# -- Namespace to deploy OSM in. If not specified, the Helm release namespace is used.
osmNamespace: ""
# -- Deploy Jaeger during OSM installation
deployJaeger: false
#
# -- Tracing parameters
#
# The following section configures a destination collector where tracing
# data is sent to. Current implementation supports only Zipkin format
# backends (https://github.com/openservicemesh/osm/issues/1596)
tracing:
# -- Toggles Envoy's tracing functionality on/off for all sidecar proxies in the mesh
enable: false
# -- Address of the tracing collector service (must contain the namespace). When left empty, this is computed in helper template to "jaeger.<osm-namespace>.svc.cluster.local". Please override for BYO-tracing as documented in tracing.md
address: ""
# -- Port of the tracing collector service
port: 9411
# -- Tracing collector's API path where the spans will be sent to
endpoint: "/api/v2/spans"
# -- Specifies a global list of IP ranges to exclude from outbound traffic interception by the sidecar proxy.
# If specified, must be a list of IP ranges of the form a.b.c.d/x.
outboundIPRangeExclusionList: []
# -- Specifies a global list of ports to exclude from outbound traffic interception by the sidecar proxy.
# If specified, must be a list of positive integers.
outboundPortExclusionList: []
# -- Specifies a global list of ports to exclude from inbound traffic interception by the sidecar proxy.
# If specified, must be a list of positive integers.
inboundPortExclusionList: []
#
# -- OSM's sidecar injector parameters
injector:
# -- Sidecar injector's replica count (ignored when autoscale.enable is true)
replicaCount: 1
# -- Sidecar injector's container resource parameters
resource:
limits:
cpu: "0.5"
memory: "64M"
requests:
cpu: "0.3"
memory: "64M"
# -- Sidecar injector's pod labels
podLabels: {}
# -- Enable Pod Disruption Budget
enablePodDisruptionBudget: false
# -- Auto scale configuration
autoScale:
# -- Enable Autoscale
enable: false
# -- Minimum replicas for autoscale
minReplicas: 1
# -- Maximum replicas for autoscale
maxReplicas: 5
# -- Average target CPU utilization (%)
targetAverageUtilization: 80
# -- Run init container in privileged mode
enablePrivilegedInitContainer: false
#
# -- Feature flags for experimental features
featureFlags:
# -- Enable extra Envoy statistics generated by a custom WASM extension
enableWASMStats: false
# -- Enable OSM's Egress policy API.
# If specified, fine grained control over Egress (external) traffic is enforced
enableEgressPolicy: true
# -- Enable Multicluster mode.
# If specified, multicluster mode will be enabled in OSM
enableMulticlusterMode: false
# -- Run OSM with PodSecurityPolicy configured
pspEnabled: false
# -- Node tolerations applied to control plane pods.
# The specified tolerations allow pods to schedule onto nodes with matching taints.
controlPlaneTolerations: []