-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalues.yaml
94 lines (93 loc) · 4.82 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# -- Allows overriding the name to use instead of "microgateway-cni".
nameOverride: ""
# -- Allows overriding the name to use as full name of resources.
fullnameOverride: ""
# -- Labels to add to all resources.
commonLabels: {}
# -- Annotations to add to all resources.
commonAnnotations: {}
# -- ImagePullSecrets to use when pulling images.
imagePullSecrets: []
# - name: myRegistryKeySecretName
# Specifies the Airlock Microgateway CNI image.
image:
# -- Image repository from which to pull the Airlock Microgateway CNI image.
repository: "quay.io/airlock/microgateway-cni"
# -- Image tag to pull.
tag: "4.4.3"
# -- SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a").
# Overrides tag when specified.
digest: "sha256:8398d2f2c2b57aecd2f53e165789ef0b229a9ea55e3b87ccb6e08e36c06f47c6"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
# -- Annotations to add to all Pods.
podAnnotations: {}
# -- Labels to add to all Pods.
podLabels: {}
# -- Resource restrictions to apply to the CNI installer container.
resources:
requests:
cpu: 10m
memory: 100Mi
# -- NodeSelector to apply to the CNI DaemonSet in order to only deploy the CNI plugin on specific nodes.
nodeSelector:
kubernetes.io/os: linux
# -- Custom affinity for the DaemonSet to only deploy the CNI plugin on specific nodes.
affinity: {}
# Configures the generation of RBAC Roles and RoleBindings.
rbac:
# -- Whether to create RBAC resources which are required for the CNI plugin to function.
create: true
# -- (OpenShift) Whether to create RBAC resources which allow the CNI installer to use the "privileged" security context constraint.
createSCCRole: false
# -- Whether the DaemonSet should run in privileged mode. Must be enabled for environments which require it for writing files to the host (e.g. OpenShift).
privileged: false
# Configures the generation of the ServiceAccount.
serviceAccount:
# -- Whether a ServiceAccount should be created.
create: true
# -- Annotations to add to the ServiceAccount.
annotations: {}
# -- Name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
# Configures the generation of a NetworkAttachmentDefinition for use with Multus CNI (OpenShift)
multusNetworkAttachmentDefinition:
# -- Whether a NetworkAttachmentDefinition CR should be created, which can be used for applying the CNI plugin to Pods.
create: false
# -- Namespace in which the NetworkAttachmentDefinition is deployed.
# Note: If namespace is set to a custom value, referencing the created NetworkAttachmentDefinition from other namespaces
# may not work if Multus namespace isolation is enabled. https://github.com/k8snetworkplumbingwg/multus-cni/blob/v4.0.2/docs/configuration.md#namespace-isolation
namespace: default
# Parameters for the CNI installer configuration.
config:
# -- Whether to install the CNI plugin as a `chained` plugin (default, required with most interface CNI providers),
# as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift)
# or in `manual` mode, where no CNI network configuration is written.
installMode: "chained"
# -- Specifies the repair mode
# There is a race condition regarding the installation of the CNI Plugin and creation of Pods when starting a Node.
# This would cause Pods to be unprotected, because the CNI did not reconfigure the Pod's network.
# The Airlock Microgateway Network Validator prevents this and causes the Pod to fail on purpose.
# Pods can be repaired by choosing the appropriate repair mode.
# Available options are:
# `deletePods` will delete failing Pods, such that the CNI Plugin can correctly configure them
# `none` will not perform any action for failing Pods
repairMode: "none"
# -- Log level for the CNI installer and plugin.
logLevel: info
# -- Directory where the CNI config files reside on the host.
# This path can either be found in the documentation of your Kubernetes distribution or CNI provider.
# It can also be queried by running the command `crictl info -o go-template --template '{{.config.cni.confDir}}'` on your Kubernetes node.
cniNetDir: "/etc/cni/net.d"
# -- Directory where the CNI plugin binaries reside on the host.
# This path can either be found in the documentation of your Kubernetes distribution or CNI provider.
# It can also be queried by running the command `crictl info -o go-template --template '{{.config.cni.binDir}}'` on your Kubernetes node.
cniBinDir: "/opt/cni/bin"
# -- Namespaces for which this CNI plugin should not apply any modifications.
excludeNamespaces:
- kube-system
tests:
# -- Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts).
# If set to false, `helm test` will not run any tests.
enabled: false