-
Notifications
You must be signed in to change notification settings - Fork 16
/
values.yaml
101 lines (94 loc) · 3.31 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
## Spin Operator configuration
## controllerManager represents the Spin Operator deployment.
controllerManager:
## manager represents the Spin Operator container.
manager:
## args are the default arguments to supply to the operator.
## In general, these should be left as-is.
args:
- --health-probe-bind-address=:8082
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --enable-webhooks
## containerSecurityContext defines privilege and access control for the
## container.
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
## image indicates which repository and tag combination will be used for
## pulling the operator image.
image:
repository: ghcr.io/spinkube/spin-operator
## By default, .Chart.AppVersion is used as the tag.
## Updating this value to a version not aligned with the current chart
## version may lead to unexpected or broken behavior.
# tag: latest
imagePullPolicy: IfNotPresent
## resources represent default cpu/mem limits for the operator container.
resources:
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
## kubeRbacProxy handles RBAC authorization with the Kubernetes API server.
kubeRbacProxy:
## args are the default arguments to supply to the RBAC proxy.
## In general, these should be left as-is.
args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
## containerSecurityContext defines privilege and access control for the
## container.
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
## image indicates which repository and tag combination will be used for
## pulling the RBAC proxy image.
image:
repository: gcr.io/kubebuilder/kube-rbac-proxy
tag: v0.15.0
## resources represent default cpu/mem limits for the RBAC proxy container.
resources:
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
# replicas represent how many pod replicas of the controllerManager to run.
replicas: 1
# serviceAccount represents configuration for the controllerManager Service Account.
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
annotations: {}
## kubernetesClusterDomain represents the domain used for service DNS within the cluster.
kubernetesClusterDomain: cluster.local
## metricsService configuration.
## This configuration should only be updated in tandem with corresponding
## controller and RBAC proxy configuration.
metricsService:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
type: ClusterIP
## webhookService configuration.
webhookService:
ports:
- port: 443
protocol: TCP
targetPort: 9443
type: ClusterIP