200 lines
5.4 KiB
YAML
200 lines
5.4 KiB
YAML
# Default values for citrix-ingress-controller.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# Citrix Ingress Controller config details
|
|
imageRegistry: quay.io
|
|
imageRepository: citrix/citrix-k8s-ingress-controller
|
|
imageTag: 1.33.4
|
|
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
|
|
pullPolicy: IfNotPresent
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
openshift: false
|
|
adcCredentialSecret: # K8s Secret Name
|
|
# Enable secretStore to implement CSI Secret Provider classes for holding the nslogin credentials
|
|
secretStore:
|
|
enabled: false
|
|
username: {}
|
|
#valueFrom:
|
|
# configMapKeyRef:
|
|
# name: test1
|
|
# key: username
|
|
password: {}
|
|
#valueFrom:
|
|
# configMapKeyRef:
|
|
# name: test1
|
|
# key: password
|
|
nsIP: x.x.x.x
|
|
nsVIP:
|
|
nsSNIPS:
|
|
license:
|
|
accept: no
|
|
nsPort: 443
|
|
nsProtocol: HTTPS
|
|
nsEnableLabel: true
|
|
# nitroReadTimeout is timeout value in seconds for nitro api read timeout(default is 20)
|
|
nitroReadTimeout:
|
|
logLevel: INFO
|
|
jsonLog: false
|
|
entityPrefix:
|
|
kubernetesURL:
|
|
clusterName:
|
|
ingressClass:
|
|
setAsDefaultIngressClass: False
|
|
serviceClass:
|
|
defaultSSLCertSecret:
|
|
podIPsforServiceGroupMembers: False
|
|
ignoreNodeExternalIP: False
|
|
ipam: False
|
|
# API server Cert verification can be disabled, while communicating with API Server, if disableAPIServerCertVerify set to True
|
|
disableAPIServerCertVerify: False
|
|
logProxy:
|
|
nodeWatch: false
|
|
cncPbr: False
|
|
nodeSelector:
|
|
key:
|
|
value:
|
|
tolerations: []
|
|
updateIngressStatus: True
|
|
nsHTTP2ServerSide: "OFF"
|
|
nsCookieVersion: "0"
|
|
nsConfigDnsRec:
|
|
nsSvcLbDnsRec:
|
|
nsDnsNameserver:
|
|
optimizeEndpointBinding:
|
|
routeLabels:
|
|
namespaceLabels:
|
|
disableOpenshiftRoutes:
|
|
profileSslFrontend: {}
|
|
# preconfigured: my_ssl_profile
|
|
# OR
|
|
# config:
|
|
# tls13: 'ENABLED'
|
|
# hsts: 'ENABLED'
|
|
profileHttpFrontend: {}
|
|
# preconfigured: my_http_profile
|
|
# OR
|
|
# config:
|
|
# dropinvalreqs: 'ENABLED'
|
|
# websocket: 'ENABLED'
|
|
profileTcpFrontend: {}
|
|
# preconfigured: my_tcp_profile
|
|
# OR
|
|
# config:
|
|
# sack: 'ENABLED'
|
|
# nagle: 'ENABLED'
|
|
|
|
# Exporter config details
|
|
exporter:
|
|
required: false
|
|
imageRegistry: quay.io
|
|
imageRepository: citrix/citrix-adc-metrics-exporter
|
|
imageTag: 1.4.9
|
|
image: "{{ .Values.exporter.imageRegistry }}/{{ .Values.exporter.imageRepository }}:{{ .Values.exporter.imageTag }}"
|
|
pullPolicy: IfNotPresent
|
|
ports:
|
|
containerPort: 8888
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
extraVolumeMounts: []
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user.
|
|
#- name: github-key
|
|
# mountPath: /etc/config/keys/
|
|
# readOnly: true
|
|
#- name: agent-init-scripts
|
|
# mountPath: /docker-entrypoint.d/
|
|
|
|
# For CRDs supported by Citrix Ingress Controller
|
|
crds:
|
|
install: false
|
|
retainOnDelete: false
|
|
|
|
# Enable RBAC role (so called local role), by default CIC deployed with ClusterRole.
|
|
# below variable to deploy CIC with RBAC role, only ingress service supported with this config
|
|
rbacRole: False
|
|
|
|
# Config required to be done by Citrix Ingress Controller for sending metrics to Citrix Observability Exporter
|
|
analyticsConfig:
|
|
required: false
|
|
distributedTracing:
|
|
enable: false
|
|
samplingrate: 100
|
|
endpoint:
|
|
server:
|
|
service:
|
|
timeseries:
|
|
port: 30002
|
|
metrics:
|
|
enable: false
|
|
mode: 'avro'
|
|
auditlogs:
|
|
enable: false
|
|
events:
|
|
enable: false
|
|
transactions:
|
|
enable: false
|
|
port: 30001
|
|
|
|
nsLbHashAlgo:
|
|
required: false
|
|
hashFingers: 256
|
|
hashAlgorithm: 'DEFAULT'
|
|
|
|
# Specifies whether a ServiceAccount should be created
|
|
serviceAccount:
|
|
create: true
|
|
# The name of the ServiceAccount to use.
|
|
# If not set and `create` is true, a name is generated using the fullname template
|
|
# name:
|
|
|
|
podAnnotations: {}
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# Following values depends on no of ingresses configured by Ingress Controllers, so it is
|
|
# advised to test with maximum no of ingresses to set these values.
|
|
# limits:
|
|
# cpu: 1000m
|
|
# memory: 1000Mi
|
|
# requests:
|
|
# cpu: 500m
|
|
# memory: 500Mi
|
|
|
|
affinity: {}
|
|
|
|
extraVolumeMounts: []
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user.
|
|
#- name: github-key
|
|
# mountPath: /etc/config/keys/
|
|
# readOnly: true
|
|
#- name: agent-init-scripts
|
|
# mountPath: /docker-entrypoint.d/
|
|
|
|
extraVolumes: []
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user.
|
|
#- name: agent-init-scripts
|
|
# configMap:
|
|
# name: agent-init-scripts
|
|
# defaultMode: 0755
|
|
#- name: github-key
|
|
# secret:
|
|
# secretName: github-key
|
|
# defaultMode: 0744
|