-
-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathvalues.yaml
205 lines (172 loc) · 5.06 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# -- The number of pods to run
replicaCount: 1
# -- Max number of old replicasets to retain
revisionHistoryLimit: 10
# -- If set to true, the application has only the permission to view sealed secrets in the current namespace
includeLocalNamespaceOnly: false
# -- If set to true secrets cannot be read from this tool, only seal new ones
disableLoadSecrets: false
# -- Define you custom initial secret file
initialSecretFile:
# -- The context the application is running on. (for example, if it is served via a reverse proxy)
webContext:
sealedSecrets:
# -- Namespace of the sealed secrets service
namespace: sealed-secrets
# -- Name of the sealed secrets service
serviceName: sealed-secrets
# -- URL sealed secrets certificate (required if sealed secrets is not reachable with in cluster service)
# Validation api will be disabled when cert URL is used.
certURL: ""
image:
# -- Repository to use
repository: ghcr.io/bakito/sealed-secrets-web
# -- Overrides the image tag (default is the chart appVersion)
tag:
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Additional command args
# -- Secrets with credentials to pull images from a private registry. Registry secret names as an array.
imagePullSecrets: []
# -- Additional volumeMounts to the image updater main container
volumeMounts: []
# -- Additional volumes to the image updater pod
volumes: []
# -- String to partially override "argo-rollouts.fullname" template
nameOverride: ""
# -- String to fully override "argo-rollouts.fullname" template
fullnameOverride: ""
rbac:
# -- Specifies whether rbac should be created
create: true
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- The name of the service account to use.
name: sealed-secrets-web
# -- Automatically mount the service account token
automountServiceAccountToken: true
service:
# -- Sets the type of the Service
type: ClusterIP
# -- Service port
port: 80
# -- Service annotations
annotations: {}
# -- Kubernetes Service clusterIP
clusterIP: ""
# -- Kubernetes Service loadBalancerIP
loadBalancerIP: ""
# -- Kubernetes Service loadBalancerSourceRanges
loadBalancerSourceRanges: []
# -- Kubernetes Service Nodeport
nodePort: null
# -- Additional ports to add to the service
extraPorts: []
# - name: oauth-proxy
# port: 8081
# targetPort: 8081
# - name: oauth-metrics
# port: 8082
# targetPort: 8082
ingress:
# -- Enable ingress support
enabled: false
# -- Ingress class name
className: ""
# -- Ingress annotations
annotations: {}
# # -- Specifies number of requests accepted from a given IP each minute
# nginx.ingress.kubernetes.io/limit-rpm: "180"
# nginx.ingress.kubernetes.io/rewrite-target: /$2
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: 'true'
# -- Ingress labels
labels: {}
# -- Ingress hosts
hosts:
- paths:
- path: /
pathType: ImplementationSpecific
# host: example.internal
# -- set this to true and leave tls an empty array to use the default TLS certificate (works at least in openshift)
defaultTls: false
# -- Ingress tls
tls: []
# - hosts:
# - example.internal
# - another-example.internal
# secretName: sealed-secrets-web-tls
# -- Resource limits and requests for the pods.
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
deployment:
# -- Readiness Probes
readinessProbe:
failureThreshold: 3
# periodSeconds: 5
# successThreshold: 1
# timeoutSeconds: 10
# initialDelaySeconds: 30
httpGet:
path: /_health
port: http
# -- Liveness Probes
livenessProbe:
failureThreshold: 3
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 10
# initialDelaySeconds: 15
httpGet:
path: /_health
port: http
# -- Hardening security
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 1000
runAsUser: 1001
# -- Default process arguments are used, while additional can be added too
args:
defaultArgsEnabled: true
# additionalArgs:
# - --disable-load-secrets
# - --format=yaml
# -- Using environment variables
# env:
# sealedSecretsControllerNamespace: sealed-secrets
# sealedSecretsControllerName: sealed-secrets
# -- [Node selector]
nodeSelector: {}
# -- [Tolerations] for use with node taints
tolerations: []
# -- Assign custom [affinity] rules to the deployment
affinity: {}
# -- Optional labels to apply to all resources
commonLabels: {}
# -- Additional containers to run in the pod
extraContainers: []
# extraContainers:
# - name: oauth-proxy
# image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
# args:
# - --upstream=http://127.0.0.1:80
# - --http-address=0.0.0.0:8081
# - --metrics-address=0.0.0.0:8082
# ports:
# - containerPort: 8081
# name: oauth-proxy
# protocol: TCP
# - containerPort: 8082
# name: oauth-metrics
# protocol: TCP
# resources: {}