andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/ambassador/ambassador/values.yaml

522 lines
15 KiB
YAML
Raw Blame History

# Default values for ambassador.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Manually set metadata for the Release.
#
# Defaults to .Chart.Name
nameOverride: ''
# Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador"
fullnameOverride: ''
# Defaults to .Release.Namespace
namespaceOverride: ''
replicaCount: 3
daemonSet: false
# This will enable the test-ready Pod (https://github.com/datawire/ambassador-chart/blob/master/templates/tests/test-ready.yaml).
# It will spawn a busybox container to call Ambassador's check_ready endpoint to validate it is working correctly.
test:
enabled: true
image: busybox
# Enable autoscaling using HorizontalPodAutoscaler
# daemonSet: true, autoscaling will be disabled
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
podDisruptionBudget: {}
# namespace:
# name: default
# Additional container environment variable
# Uncomment or add additional environment variables for the container here.
env: {}
# Exposing statistics via StatsD
# STATSD_ENABLED: true
# STATSD_HOST: statsd-sink
# sets the minimum number of seconds between Envoy restarts
# AMBASSADOR_RESTART_TIME: 15
# sets the number of seconds that the Envoy will wait for open connections to drain on a restart
# AMBASSADOR_DRAIN_TIME: 5
# sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart
# AMBASSADOR_SHUTDOWN_TIME: 10
# labels Ambassador with an ID to allow for configuring multiple Ambassadors in a cluster
# AMBASSADOR_ID: default
# Additional container environment variable in raw YAML format
# Uncomment or add additional environment variables for the container here.
envRaw: {}
# - name: REDIS_PASSWORD
# value: password
# valueFrom:
# secretKeyRef:
# name: redis-password
# key: password
# - name: POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
imagePullSecrets: []
security:
# Security Context for all containers in the pod.
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core
podSecurityContext:
runAsUser: 8888
# Security Context for the Ambassador container specifically
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core
containerSecurityContext:
allowPrivilegeEscalation: false
# A basic PodSecurityPolicy to ensure Ambassador is running with appropriate security permissions
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
#
# A set of reasonable defaults is outlined below. This is not created by default as it should only
# be created by a one Release. If you want to use the PodSecurityPolicy in the chart, create it in
# the "master" Release and then leave it unset in all others. Set the `rbac.podSecurityPolicies`
# in all non-"master" Releases.
podSecurityPolicy: {}
# # Add AppArmor and Seccomp annotations
# # https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
# annotations:
# spec:
# seLinux:
# rule: RunAsAny
# supplementalGroups:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# fsGroup:
# rule: 'MustRunAs'
# ranges:
# # Forbid adding the root group.
# - min: 1
# max: 65535
# privileged: false
# allowPrivilegeEscalation: false
# runAsUser:
# rule: MustRunAsNonRoot
image:
ossTag: 1.13.8
aesTag: 1.13.8
pullPolicy: IfNotPresent
ossRepository: docker.io/datawire/ambassador
aesRepository: docker.io/datawire/aes
dnsPolicy: ClusterFirst
hostNetwork: false
service:
type: LoadBalancer
# Note that target http ports need to match your ambassador configurations service_port
# https://www.getambassador.io/reference/modules/#the-ambassador-module
ports:
- name: http
port: 80
targetPort: 8080
# protocol: TCP
# nodePort: 30080
# hostPort: 80
- name: https
port: 443
targetPort: 8443
# protocol: TCP
# nodePort: 30443
# hostPort: 443
# TCPMapping_Port
# port: 2222
# targetPort: 2222
# protocol: TCP
# nodePort: 30222
externalTrafficPolicy:
sessionAffinity:
sessionAffinityConfig:
externalIPs: []
annotations: {}
#############################################################################
## Ambassador should be configured using CRD definition. If you want
## to use annotations, the following is an example of annotating the
## Ambassador service with global configuration manifest.
##
## See https://www.getambassador.io/reference/core/ambassador and
## https://www.getambassador.io/reference/core/tls for more info
#############################################################################
#
# getambassador.io/config: |
# ---
# apiVersion: ambassador/v1
# kind: TLSContext
# name: ambassador
# secret: ambassador-certs
# hosts: ["*"]
# ---
# apiVersion: ambassador/v1
# kind: Module
# name: ambassador
# config:
# admin_port: 8001
# diag_port: 8877
# diagnostics:
# enabled: true
# enable_grpc_http11_bridge: false
# enable_grpc_web: false
# enable_http10: false
# enable_ipv4: true
# enable_ipv6: false
# liveness_probe:
# enabled: true
# lua_scripts:
# readiness_probe:
# enabled: true
# server_name: envoy
# service_port: 8080
# use_proxy_proto: false
# use_remote_address: true
# xff_num_trusted_hops: 0
# x_forwarded_proto_redirect: false
# load_balancer:
# policy: round_robin
# circuit_breakers:
# max_connections: 2048
# retry_policy:
# retry_on: "5xx"
# cors:
# Manually set the name of the generated Service
nameOverride:
adminService:
create: true
type: ClusterIP
port: 8877
snapshotPort: 8005
# NodePort used if type is NodePort
# nodePort: 38877
annotations: {}
rbac:
# Specifies whether RBAC resources should be created
create: true
# List of Pod Security Policies to use on the container.
# If security.podSecurityPolicy is set, it will be appended to the list
podSecurityPolicies: []
# Name of the RBAC resources defaults to the name of the release.
# Set nameOverride when installing Ambassador with cluster-wide scope in
# different namespaces with the same release name to avoid conflicts.
nameOverride:
scope:
# tells Ambassador to only use resources in the namespace or namespace set by namespace.name
singleNamespace: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
deploymentStrategy:
type: RollingUpdate
restartPolicy:
terminationGracePeriodSeconds:
initContainers: []
sidecarContainers: []
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 3
failureThreshold: 3
volumes: []
volumeMounts: []
podLabels: {}
podAnnotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "9102"
deploymentLabels: {}
deploymentAnnotations: {}
# configmap.reloader.stakater.com/auto: "true"
resources:
# Recommended resource requests and limits for Ambassador
limits:
cpu: 1000m
memory: 600Mi
requests:
cpu: 200m
memory: 300Mi
priorityClassName: ''
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
ambassadorConfig: ''
crds:
enabled: true
create: true
keep: true
# Prometheus Operator ServiceMonitor configuration
# See documentation: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor
metrics:
serviceMonitor:
enabled: false
# interval: 30s
# scrapeTimeout: 30s
# selector: {}
################################################################################
## Ambassador Edge Stack Configuration ##
################################################################################
# The Ambassador Edge Stack is free for limited use without a license key.
# Go to https://{ambassador-host}/edge_stack/admin/#dashboard to register
# for a community license key.
enableAES: true
# Set createSecret: false is installing multiple releases of The Ambassador
# Edge Stack in the same namespace.
licenseKey:
value:
createSecret: true
secretName:
# Annotations to attach to the license-key-secret.
annotations: {}
# The DevPortal is exposed at /docs/ endpoint in the AES container.
# Setting this to true will automatically create routes for the DevPortal.
createDevPortalMappings: true
devportal:
docsPrefix: /documentation/
# The Ambassador Edge Stack uses a redis instance for managing authentication,
# rate limiting, and sharing minor configuration details between pods for
# centralized management. These values configure the redis instance that ships
# by default with The Ambassador Edge Stack.
#
# URL of your redis instance. Defaults to redis instance created below.
redisURL:
# Ambassador ships with a basic redis instance. Configure the deployment with the options below.
redis:
create: true
image:
repository: redis
tag: 5.0.1
pullPolicy: IfNotPresent
# Annotations for Ambassador Pro's redis instance.
annotations:
deployment: {}
service: {}
resources: {}
# If you want to specify resources, uncomment the following
# lines and remove the curly braces after 'resources:'.
# These are placeholder values and must be tuned.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
nodeSelector: {}
affinity: {}
tolerations: {}
# Configures the AuthService that ships with the Ambassador Edge Stack.
# Setting authService.create: false will not install the AES AuthService and
# allow you to define your own.
#
# Typically when using the AES, you will want to keep this set to true and use
# the External Filter to communicate with a custom authentication service.
# https://www.getambassador.io/reference/filter-reference/#filter-type-external
authService:
deploymentExtraName: auth
create: true
# Set additional configuration options. See https://www.getambassador.io/reference/services/auth-service for more information
optional_configurations: {}
# include_body:
# max_bytes: 4096
# allow_partial: true
# status_on_error:
# code: 403
# failure_mode_allow: false
# retry_policy:
# retry_on: "5xx"
# num_retries: 2
# add_linkerd_headers: true
# timeout_ms: 30000
# Configures the RateLimitService in the Ambassador Edge Stack.
# Keep this enabled to configure RateLimits in AES.
rateLimit:
create: true
deploymentExtraName: ratelimit
# Projects are a beta feature of Ambassador that allow developers to stage and
# deploy code with nothing more than a Github repository.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/using/projects/
registry:
create: false
# Resolvers are used to configure the discovery service strategy for Ambasador Edge Stack.
# See: https://www.getambassador.io/docs/edge-stack/latest/topics/running/resolvers/
resolvers:
endpoint:
create: false
name: endpoint
consul:
create: false
name: consul-dc1
spec: {}
# Configuration for a Consul Resolver
# address: consul-server.default.svc.cluster.local:8500
# datacenter: dc1
# Create and manage an Ambassador Module from the Helm Chart. See:
# https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador
# for more info on the available options.
#
# Note: The Module can only be named ambassador. There can only be one Module
# installed per-namespace.
module: {}
################################################################################
## DEPRECATED configuration objects ##
################################################################################
# DEPRECATED: Ambassador now exposes the /metrics endpoint in Envoy.
# DEPRECATED: See https://www.getambassador.io/user-guide/monitoring#deployment for more information on how to use the /metrics endpoint
#
# DEPRECATED: Enabling the prometheus exporter creates a sidecar and configures ambassador to use it
prometheusExporter:
enabled: false
repository: prom/statsd-exporter
tag: v0.8.1
pullPolicy: IfNotPresent
resources: {}
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 256Mi
# requests:
# cpu: 50m
# memory: 128Mi
# You can configure the statsd exporter to modify the behavior of mappings and other features.
# See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration
# Uncomment the following line if you wish to specify a custom configuration:
# configuration: |
# ---
# mappings:
# - match: 'envoy.cluster.*.upstream_cx_connect_ms'
# name: "envoy_cluster_upstream_cx_connect_time"
# timer_type: 'histogram'
# labels:
# cluster_name: "$1"
# DEPRECATED: Use security.podSecurityContext
# securityContext:
# runAsUser: 8888
# Configures Service Preview that ships with the Ambassador Edge Stack and edgectl.
# Setting servicePreview.enabled: true will install the Traffic Agent Service Account, Traffic Manager with RBAC, and ambassador-injector
servicePreview:
enabled: false
trafficManager:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
serviceAccountName: traffic-manager
trafficAgent:
image:
# Leave blank to use image.repository and image.tag
repository:
tag:
singleNamespace: true
serviceAccountName: traffic-agent
port: 9900
# Configure the ambassador-injector webhook for Service Preview Traffic Agent automatic sidecar injection.
injector:
enabled: true
# If no injector.crtPEM and injector.keyPEM are provided, a self-signed certificate will be issued
# for the Common Name (CN) of `<ambassador-injector>.<namespace>.svc`, which is the cluster-internal DNS name
# for the service.
crtPEM: ''
keyPEM: ''
# Configure the ambassador agent
agent:
enabled: true
# this will be empty when it first gets applied, then the user will edit the agent to
# make it start reporting
cloudConnectToken: ''
rpcAddress: https://app.getambassador.io/
createArgoRBAC: true
image:
# Leave blank to use image.repository and image.tag
tag:
repository:
deploymentTool: ''
# configure docker to pull from private registry
docker: {}
createNamespace: false
enableTestService: false
Reference in New Issue View Git Blame Copy Permalink