## Allowed external IP cidrs
allowedExternalIPCidrs: ""
## Certificates generation for webhook
certificates:
  certManager:
    # Enable cert manager integration. Cert manager should be already installed at the k8s cluster
    enabled: true
    version: ""
  # If cert-manager integration is disabled, add self signed ca.crt in base64 format
  caBundle: ""
  # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace
  secretName: webhook-server-cert
## Details about the image to be pulled.
image:
  pullPolicy: IfNotPresent
  pullSecrets: []
  repository: rancher/externalip-webhook
  tag: v1.0.1
## Enabling metrics endpoint
# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation
metrics:
  enabled: false
  port: 8443
  # Enable webhook metrics export to Prometheus
  prometheusExport: false
  # Webhook metrics auth proxy. This option is just available for amd64 arch
  authProxy:
    enabled: false
    port: 8080
    image:
      pullPolicy: IfNotPresent
      pullSecrets: []
      repository: rancher/mirrored-kube-rbac-proxy
      tag: v0.5.0
    resources:
      limits:
        memory: 30Mi
        cpu: 100m
      requests:
        memory: 20Mi
        cpu: 100m
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## RBAC
rbac:
  apiVersion: v1
## CPU and Memory limit and request for externalip-webhook
resources:
  limits:
    memory: 30Mi
    cpu: 100m
  requests:
    memory: 20Mi
    cpu: 100m
service:
  metricsPort: 8443
  webhookPort: 443
## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false
serviceAccountName: default
## List of node taints to tolerate (requires Kubernetes >= 1.6)
tolerations: []
## Webhook server pod port
webhookPort: 9443
global:
  cattle:
    systemDefaultRegistry: ""