/
values.yaml
120 lines (99 loc) · 4.33 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Default values for jetstack-agent.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- default replicas, do not scale up
replicaCount: 1
image:
# -- Default to Open Source image repository
repository: registry.venafi.cloud/venafi-agent/venafi-agent
# -- Defaults to only pull if not already present
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion
tag: "v0.1.45"
# -- Specify image pull credentials if using a private registry
# example: - name: my-pull-secret
imagePullSecrets: []
# -- Helm default setting to override release name, usually leave blank.
nameOverride: ""
# -- Helm default setting, use this to shorten the full install name.
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations YAML to add to the service account
annotations: {}
# -- The name of the service account to use.
# If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release.
name: ""
# -- Additional YAML annotations to add the the pod.
podAnnotations: {}
# -- Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod.
podSecurityContext: {}
# runAsUser: 1000
# runAsGroup: 3000
# fsGroup: 2000
# -- Add Container specific SecurityContext settings to the container. Takes precedence over `podSecurityContext` when set. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
# -- Set custom resourcing settings for the pod. You may not want this if you intend to use a Vertical Pod Autoscaler.
resources:
requests:
memory: 200Mi
cpu: 200m
limits:
memory: 500Mi
cpu: 500m
# -- Embed YAML for nodeSelector settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
nodeSelector: {}
# -- Embed YAML for toleration settings, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# -- Embed YAML for Node affinity settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/.
affinity: {}
# -- Specify the command to run overriding default binary.
command: []
# -- Specify additional arguments to pass to the agent binary.
# For example `["--strict", "--oneshot"]`
extraArgs: []
# -- Authentication details for the Venafi Kubernetes Agent
authentication:
# -- Name of the secret containing the private key
secretName: agent-credentials
# -- Key name in the referenced secret
secretKey: "privatekey.pem"
# -- Configuration section for the Venafi Kubernetes Agent itself
config:
# -- Overrides the server if using a proxy in your environment
# For the EU variant use: https://api.venafi.eu/
server: "https://api.venafi.cloud/"
# -- The client-id returned from the Venafi Control Plane
clientId: ""
# -- Send data back to the platform every minute unless changed
period: "0h1m0s"
# -- Name for the cluster resource if it needs to be created in Venafi Control Plane
clusterName: ""
# -- Description for the cluster resource if it needs to be created in Venafi Control Plane
clusterDescription: ""
# -- Specify ConfigMap details to load config from an existing resource.
# This should be blank by default unless you have you own config.
configmap:
name:
key:
# -- Configure a PodDisruptionBudget for the agent's Deployment. If running with multiple
# replicas, consider setting podDisruptionBudget.enabled to true.
podDisruptionBudget:
# -- Enable or disable the PodDisruptionBudget resource, which helps prevent downtime
# during voluntary disruptions such as during a Node upgrade.
enabled: false
# -- Configure the minimum available pods for disruptions. Can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# Cannot be used if `maxUnavailable` is set.
# minAvailable: 1
# -- Configure the maximum unavailable pods for disruptions. Can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# Cannot be used if `minAvailable` is set.
# maxUnavailable: 1