andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/airlock/microgateway/4.3.1/values.yaml

214 lines
9.8 KiB
YAML
Raw Blame History

# -- Allows overriding the name to use instead of "microgateway".
nameOverride: ""
# -- Allows overriding the name to use as full name of resources.
fullnameOverride: ""
# -- Labels to add to all resources.
commonLabels: {}
# -- Annotations to add to all resources.
commonAnnotations: {}
# -- ImagePullSecrets to use when pulling images.
imagePullSecrets: []
# - name: myRegistryKeySecretName
crds:
# -- Whether to skip the sanity check which prevents installing/upgrading the helm chart in a cluster with outdated Airlock Microgateway CRDs.
# The check aims to prevent unexpected behavior and issues due to Helm v3 not automatically upgrading CRDs which are already present in the cluster
# when performing a "helm install/upgrade".
skipVersionCheck: false
operator:
# -- Number of replicas for the operator Deployment.
replicaCount: 2
# -- Specifies the operator update strategy.
updateStrategy:
type: RollingUpdate
# Specifies the Airlock Microgateway Operator image.
image:
# -- Image repository from which to pull the Airlock Microgateway Operator image.
repository: "quay.io/airlock/microgateway-operator"
# -- Image tag to pull.
tag: "4.3.1"
# -- SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63").
# Overrides tag when specified.
digest: "sha256:84b6eb914103d4c62024d9f761b7dd4371ea3ba8996fb04095d87ebfaf3db2bb"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
# -- Annotations to add to all Pods.
podAnnotations: {}
# -- Labels to add to all Pods.
podLabels: {}
# -- Annotations to add to the Service.
serviceAnnotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "8080"
# -- Labels to add to the Service.
serviceLabels: {}
# -- Resource restrictions to apply to the operator container.
resources: {}
# We recommend at least the following resource specification.
# limits:
# cpu: 1000m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
# -- Custom nodeSelector to apply to the operator Deployment in order to constrain its Pods to certain nodes.
nodeSelector: {}
# -- Custom tolerations to apply to the operator Deployment in order to allow its Pods to run on tainted nodes.
tolerations: []
# -- Custom affinity to apply to the operator Deployment. Used to influence the scheduling.
affinity: {}
# Parameters for the operator configuration.
config:
# -- Operator application log level.
logLevel: "info"
# Configures the generation of the ServiceAccount.
serviceAccount:
# -- Whether a ServiceAccount should be created.
create: true
# -- Annotations to add to the ServiceAccount.
annotations: {}
# -- Name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
# -- Allows to restrict the operator to specific namespaces, depending on your needs.
# For a `OwnNamespace` or `SingleNamespace` installation the list may only contain one namespace (e.g., `watchNamespaces: ["airlock-microgateway-system"]`).
# In case of the `OwnNamespace` installation mode the specified namespace should be equal to the installation namespace.
# For a static `MultiNamespace` installation, the complete list of namespaces must be provided in the `watchNamespaces`.
# An `AllNamespaces` installation or the usage of the `watchNamespaceSelector` requires the `watchNamespaces` to be empty.
# Regardless of the installation modes supported by `watchNamespaces`, RBAC is created only namespace-scoped (using Roles and RoleBindings) in the respective namespaces.
# Please note that this feature requires a Premium license.
watchNamespaces: []
# -- Allows to dynamically select watch namespaces of the operator and the scope of the webhooks based on a Namespace label selector.
# It is able to detect and reconcile resources in all namespaces that match the label selector automatically, even for new namespaces, without restarting the operator.
# This facilitates a dynamic `MultiNamespace` installation mode, but still requires cluster-scoped permissions (i.e., ClusterRoles and ClusterRoleBindings).
# An `AllNamespaces` installation or the usage of the `watchNamespaces` requires the `watchNamespaceSelector` to be empty.
# Please note that this feature requires a Premium license.
watchNamespaceSelector: {}
# For further examples, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements.
# matchLabels:
# microgateway.airlock.com/enable: "true"
# matchExpressions:
# - { key: environment, operator: NotIn, values: [dev] }
# Configures the generation of Role and RoleBinding as well as ClusterRoles and ClusterRoleBinding pairs for the ServiceAccount specified above.
rbac:
# -- Whether to create RBAC resources which are required for the Airlock Microgateway Operator to function.
create: true
# Configures the generation of a Prometheus Operator ServiceMonitor.
serviceMonitor:
# -- Whether to create a ServiceMonitor resource for monitoring.
create: false
# -- Labels to add to the ServiceMonitor.
labels: {}
# release: "<prometheus-operator-release>"
engine:
# Specifies the Airlock Microgateway Engine image.
image:
# -- Image repository from which to pull the Airlock Microgateway Engine image.
repository: "quay.io/airlock/microgateway-engine"
# -- Image tag to pull.
tag: "4.3.1"
# -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3").
# Overrides tag when specified.
digest: "sha256:6be782cc3f3206bfa61f462812d2a495e114ae13c59a7cdaed7ca406d5bc1b01"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
# -- Resource restrictions to apply to the Airlock Microgateway Engine container.
resources: {}
# We recommend at least the following resource specification.
# limits:
# cpu: 500m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 40Mi
# Additional configuration when deployed as a sidecar.
sidecar:
# Configures the generation of a Prometheus Operator PodMonitor.
podMonitor:
# -- Whether to create a PodMonitor resource for monitoring.
create: false
# -- Labels to add to the PodMonitor.
labels: {}
# release: "<prometheus-operator-release>"
networkValidator:
# Specifies the Airlock Microgateway Network Validator image to be injected as an init-container.
image:
# -- Image repository from which to pull the netcat image for the Airlock Microgateway Network Validator init-container.
repository: "cgr.dev/chainguard/netcat"
# -- Image tag to pull.
tag: ""
# -- SHA256 image digest to pull (in the format "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84").
# Overrides tag when specified.
digest: "sha256:6626ab44066867687baa7bfcabedafce5adc50446be1207c90c3b211bd922f84"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
sessionAgent:
# Specifies the Airlock Microgateway Session Agent image.
image:
# -- Image repository from which to pull the Airlock Microgateway Session Agent image.
repository: "quay.io/airlock/microgateway-session-agent"
# -- Image tag to pull.
tag: "4.3.1"
# -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3").
# Overrides tag when specified.
digest: "sha256:d62bdb16c74d340a81791be1696d620950d8232437676910bb6e5548411f2afd"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
# -- Resource restrictions to apply to the Airlock Microgateway Session Agent container.
resources: {}
# We recommend at least the following resource specification.
# limits:
# cpu: 150m
# memory: 32Mi
# requests:
# cpu: 10m
# memory: 8Mi
license:
# -- Name of the secret containing the "microgateway-license.txt" key.
secretName: "airlock-microgateway-license"
# Creates dashboards in the form of ConfigMaps that can be imported
# by Grafana using its sidecar setup.
dashboards:
# -- Whether to create any ConfigMaps containing Grafana dashboards to import.
create: false
config:
# Configures the necessary label and annotations along with their values
# to enable Grafana to correctly identify the ConfigMaps containing
# dashboards and file them within a dedicated folder in the dashboard overview.
# These settings need to match the Grafana sidecar configuration.
grafana:
folderAnnotation:
# -- Name of the annotation containing the folder name to file dashboards into.
name: "grafana_folder"
# -- Name of the folder dashboards are filed into within the Grafana UI.
value: "Airlock Microgateway"
dashboardLabel:
# -- Name of the label that lets Grafana identify ConfigMaps that represent dashboards.
name: "grafana_dashboard"
# -- Value of the label that lets Grafana identify ConfigMaps that represent dashboards.
value: "1"
instances:
# Available dashboard instances that can be individually created/deployed.
overview:
# -- Whether to create the overview dashboard.
create: true
license:
# -- Whether to create the license dashboard.
create: true
blockMetrics:
# -- Whether to create the block metrics dashboard.
create: true
blockLogs:
# -- Whether to create the block logs dashboard.
create: true
# Check whether the installation of the Airlock Microgateway Helm Chart was successful.
# Requires a secret with a valid Airlock Microgateway license key already to be present.
tests:
# -- Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts).
# If set to false, `helm test` will not run any tests.
enabled: false
Reference in New Issue View Git Blame Copy Permalink