forked from ydb-platform/ydb-kubernetes-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
101 lines (90 loc) · 2.63 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
## Docker image configuration
##
image:
## Operator container pull policy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
repository: cr.yandex/yc/ydb-kubernetes-operator
tag: "REPLACED_BY_CHART_APP_VERSION_IF_UNSPECIFIED"
## Secrets to use for Docker registry access
## Secrets must be provided manually.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
nodeSelector: {}
nameOverride: ""
fullnameOverride: ""
## Resource quotas
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
## The resource limits for Operator container
## Example:
## limits:
## cpu: 250m
## memory: 512Mi
limits: {}
## The requested resources for Operator container
## Example:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
service:
port: 8080
type: ClusterIP
metrics:
## Create ServiceMonitor resources
##
enabled: false
webhook:
enabled: true
service:
type: ClusterIP
port: 9443
## If type is NodePort:
# nodePort: 9443
#
## Arbitrary fqdn for WebhookConfiguration instead of a default Service cluster fqdn:
# fqdn: example.org
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
## certs ahead of time if you wish.
##
patch:
enabled: true
image:
repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen
tag: v1.0
sha: "f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068"
pullPolicy: IfNotPresent
resources: {}
## Provide a priority class name to the webhook patching job
##
priorityClassName: ""
podAnnotations: {}
nodeSelector: {}
affinity: {}
tolerations: []
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non-root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
# Use cert-manager to generate webhook certs
certManager:
enabled: false
# self-signed root certificate
rootCert:
duration: "" # default to be 5y
admissionCert:
duration: "" # default to be 1y
# issuerRef:
# name: "issuer"
# kind: "ClusterIssuer"