mirror of https://git.rancher.io/rke2-charts
114 lines
2.7 KiB
YAML
Executable File
114 lines
2.7 KiB
YAML
Executable File
rbac:
|
|
# Specifies whether RBAC resources should be created
|
|
create: true
|
|
pspEnabled: false
|
|
|
|
serviceAccount:
|
|
# Specifies whether a ServiceAccount should be created
|
|
create: true
|
|
# The name of the ServiceAccount to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name:
|
|
|
|
apiService:
|
|
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
|
|
#
|
|
# You typically want this enabled! If you disable API service creation you have to
|
|
# manage it outside of this chart for e.g horizontal pod autoscaling to
|
|
# work with this release.
|
|
create: true
|
|
|
|
hostNetwork:
|
|
# Specifies if metrics-server should be started in hostNetwork mode.
|
|
#
|
|
# You would require this enabled if you use alternate overlay networking for pods and
|
|
# API server unable to communicate with metrics-server. As an example, this is required
|
|
# if you use Weave network on EKS
|
|
enabled: false
|
|
|
|
image:
|
|
repository: rancher/hardened-k8s-metrics-server
|
|
tag: v0.3.6-build20210223
|
|
pullPolicy: IfNotPresent
|
|
|
|
imagePullSecrets: []
|
|
# - registrySecretName
|
|
|
|
args:
|
|
# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
|
|
# - --kubelet-insecure-tls
|
|
- --kubelet-preferred-address-types=InternalIP
|
|
|
|
resources: {}
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
replicas: 1
|
|
|
|
extraContainers: []
|
|
|
|
podLabels: {}
|
|
|
|
podAnnotations: {}
|
|
# The following annotations guarantee scheduling for critical add-on pods.
|
|
# See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
|
|
# scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
|
|
## Set a pod priorityClassName
|
|
priorityClassName: system-node-critical
|
|
|
|
extraVolumeMounts: []
|
|
# - name: secrets
|
|
# mountPath: /etc/kubernetes/secrets
|
|
# readOnly: true
|
|
|
|
extraVolumes: []
|
|
# - name: secrets
|
|
# secret:
|
|
# secretName: kube-apiserver
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: https
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 20
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: https
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 20
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["all"]
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 10001
|
|
runAsNonRoot: true
|
|
runAsUser: 10001
|
|
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
# Add these labels to have metrics-server show up in `kubectl cluster-info`
|
|
# kubernetes.io/cluster-service: "true"
|
|
# kubernetes.io/name: "Metrics-server"
|
|
port: 443
|
|
type: ClusterIP
|
|
|
|
podDisruptionBudget:
|
|
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
enabled: false
|
|
minAvailable:
|
|
maxUnavailable:
|
|
|
|
global:
|
|
systemDefaultRegistry: ""
|