# -- Allows overriding the name to use instead of "microgateway". nameOverride: "" # -- Allows overriding the name to use as full name of resources. fullnameOverride: "" # -- Labels to add to all resources. commonLabels: {} # -- Annotations to add to all resources. commonAnnotations: {} # -- ImagePullSecrets to use when pulling images. imagePullSecrets: [] # - name: myRegistryKeySecretName crds: # -- Whether to skip the sanity check which prevents installing/upgrading the helm chart in a cluster with outdated Airlock Microgateway CRDs. # The check aims to prevent unexpected behavior and issues due to Helm v3 not automatically upgrading CRDs which are already present in the cluster # when performing a "helm install/upgrade". skipVersionCheck: false operator: # -- Number of replicas for the operator Deployment. replicaCount: 2 # -- Specifies the operator update strategy. updateStrategy: type: RollingUpdate # Specifies the Airlock Microgateway Operator image. image: # -- Image repository from which to pull the Airlock Microgateway Operator image. repository: "quay.io/airlock/microgateway-operator" # -- Image tag to pull. tag: "4.3.1" # -- SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). # Overrides tag when specified. digest: "sha256:84b6eb914103d4c62024d9f761b7dd4371ea3ba8996fb04095d87ebfaf3db2bb" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. podAnnotations: {} # -- Labels to add to all Pods. podLabels: {} # -- Annotations to add to the Service. serviceAnnotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "8080" # -- Labels to add to the Service. serviceLabels: {} # -- Resource restrictions to apply to the operator container. resources: {} # We recommend at least the following resource specification. # limits: # cpu: 1000m # memory: 512Mi # requests: # cpu: 100m # memory: 512Mi # -- Custom nodeSelector to apply to the operator Deployment in order to constrain its Pods to certain nodes. nodeSelector: {} # -- Custom tolerations to apply to the operator Deployment in order to allow its Pods to run on tainted nodes. tolerations: [] # -- Custom affinity to apply to the operator Deployment. Used to influence the scheduling. affinity: {} # Parameters for the operator configuration. config: # -- Operator application log level. logLevel: "info" # Configures the generation of the ServiceAccount. serviceAccount: # -- Whether a ServiceAccount should be created. create: true # -- Annotations to add to the ServiceAccount. annotations: {} # -- Name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template. name: "" # -- Allows to restrict the operator to specific namespaces, depending on your needs. # For a `OwnNamespace` or `SingleNamespace` installation the list may only contain one namespace (e.g., `watchNamespaces: ["airlock-microgateway-system"]`). # In case of the `OwnNamespace` installation mode the specified namespace should be equal to the installation namespace. # For a static `MultiNamespace` installation, the complete list of namespaces must be provided in the `watchNamespaces`. # An `AllNamespaces` installation or the usage of the `watchNamespaceSelector` requires the `watchNamespaces` to be empty. # Regardless of the installation modes supported by `watchNamespaces`, RBAC is created only namespace-scoped (using Roles and RoleBindings) in the respective namespaces. # Please note that this feature requires a Premium license. watchNamespaces: [] # -- Allows to dynamically select watch namespaces of the operator and the scope of the webhooks based on a Namespace label selector. # It is able to detect and reconcile resources in all namespaces that match the label selector automatically, even for new namespaces, without restarting the operator. # This facilitates a dynamic `MultiNamespace` installation mode, but still requires cluster-scoped permissions (i.e., ClusterRoles and ClusterRoleBindings). # An `AllNamespaces` installation or the usage of the `watchNamespaces` requires the `watchNamespaceSelector` to be empty. # Please note that this feature requires a Premium license. watchNamespaceSelector: {} # For further examples, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements. # matchLabels: # microgateway.airlock.com/enable: "true" # matchExpressions: # - { key: environment, operator: NotIn, values: [dev] } # Configures the generation of Role and RoleBinding as well as ClusterRoles and ClusterRoleBinding pairs for the ServiceAccount specified above. rbac: # -- Whether to create RBAC resources which are required for the Airlock Microgateway Operator to function. create: true # Configures the generation of a Prometheus Operator ServiceMonitor. serviceMonitor: # -- Whether to create a ServiceMonitor resource for monitoring. create: false # -- Labels to add to the ServiceMonitor. labels: {} # release: "" engine: # Specifies the Airlock Microgateway Engine image. image: # -- Image repository from which to pull the Airlock Microgateway Engine image. repository: "quay.io/airlock/microgateway-engine" # -- Image tag to pull. tag: "4.3.1" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. digest: "sha256:6be782cc3f3206bfa61f462812d2a495e114ae13c59a7cdaed7ca406d5bc1b01" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Engine container. resources: {} # We recommend at least the following resource specification. # limits: # cpu: 500m # memory: 128Mi # requests: # cpu: 10m # memory: 40Mi # Additional configuration when deployed as a sidecar. sidecar: # Configures the generation of a Prometheus Operator PodMonitor. podMonitor: # -- Whether to create a PodMonitor resource for monitoring. create: false # -- Labels to add to the PodMonitor. labels: {} # release: "" networkValidator: # Specifies the Airlock Microgateway Network Validator image to be injected as an init-container. image: # -- Image repository from which to pull the netcat image for the Airlock Microgateway Network Validator init-container. repository: "cgr.dev/chainguard/netcat" # -- Image tag to pull. tag: "" # -- SHA256 image digest to pull (in the format "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84"). # Overrides tag when specified. digest: "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84" # -- Pull policy for this image. pullPolicy: IfNotPresent sessionAgent: # Specifies the Airlock Microgateway Session Agent image. image: # -- Image repository from which to pull the Airlock Microgateway Session Agent image. repository: "quay.io/airlock/microgateway-session-agent" # -- Image tag to pull. tag: "4.3.1" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. digest: "sha256:d62bdb16c74d340a81791be1696d620950d8232437676910bb6e5548411f2afd" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Session Agent container. resources: {} # We recommend at least the following resource specification. # limits: # cpu: 150m # memory: 32Mi # requests: # cpu: 10m # memory: 8Mi license: # -- Name of the secret containing the "microgateway-license.txt" key. secretName: "airlock-microgateway-license" # Creates dashboards in the form of ConfigMaps that can be imported # by Grafana using its sidecar setup. dashboards: # -- Whether to create any ConfigMaps containing Grafana dashboards to import. create: false config: # Configures the necessary label and annotations along with their values # to enable Grafana to correctly identify the ConfigMaps containing # dashboards and file them within a dedicated folder in the dashboard overview. # These settings need to match the Grafana sidecar configuration. grafana: folderAnnotation: # -- Name of the annotation containing the folder name to file dashboards into. name: "grafana_folder" # -- Name of the folder dashboards are filed into within the Grafana UI. value: "Airlock Microgateway" dashboardLabel: # -- Name of the label that lets Grafana identify ConfigMaps that represent dashboards. name: "grafana_dashboard" # -- Value of the label that lets Grafana identify ConfigMaps that represent dashboards. value: "1" instances: # Available dashboard instances that can be individually created/deployed. overview: # -- Whether to create the overview dashboard. create: true license: # -- Whether to create the license dashboard. create: true blockMetrics: # -- Whether to create the block metrics dashboard. create: true blockLogs: # -- Whether to create the block logs dashboard. create: true # Check whether the installation of the Airlock Microgateway Helm Chart was successful. # Requires a secret with a valid Airlock Microgateway license key already to be present. tests: # -- Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts). # If set to false, `helm test` will not run any tests. enabled: false