-
Notifications
You must be signed in to change notification settings - Fork 197
/
Copy pathvalues.yaml
183 lines (168 loc) · 5.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
nameOverride: ""
fullnameOverride: ""
# One or more secrets to be used when pulling images
imagePullSecrets: []
# - name: myRegistryKeySecretName
# logging format json
# Default is text.
logFormatJSON: false
# log level. Uses V logs (klog)
logVerbosity: 0
enableArcExtension: false
linux:
image:
repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
tag: v1.6.2
pullPolicy: IfNotPresent
nodeSelector: {}
# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
# An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
tolerations:
- operator: Exists
enabled: true
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 50m
memory: 100Mi
podLabels: {}
podAnnotations: {}
priorityClassName: ""
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
privileged: false
# If provided, the userAgent string will be appended to the
# AKV provider user agents for all adal and keyvault requests.
customUserAgent: ""
healthzPort: 8989
healthzPath: "/healthz"
healthzTimeout: "5s"
volumes: []
volumeMounts: []
kubeletRootDir: /var/lib/kubelet
providersDir: /var/run/secrets-store-csi-providers
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""
windows:
image:
repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
tag: v1.6.2
pullPolicy: IfNotPresent
nodeSelector: {}
# ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
# An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
tolerations:
- operator: Exists
enabled: false
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 100m
memory: 200Mi
podLabels: {}
podAnnotations: {}
priorityClassName: ""
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
# If provided, the userAgent string will be appended to the
# AKV provider user agents for all adal and keyvault requests.
customUserAgent: ""
healthzPort: 8989
healthzPath: "/healthz"
healthzTimeout: "5s"
volumes: []
volumeMounts: []
kubeletRootDir: C:\var\lib\kubelet
providersDir: C:\k\secrets-store-csi-providers
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
## Configuration values for the secrets-store-csi-driver dependency.
## ref: https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver/README.md
##
secrets-store-csi-driver:
install: true
# By default helm will append the chart release name to the dependent chart names.
# Explicitly setting the fullnameOverride will override this behavior.
fullnameOverride: secrets-store-csi-driver
linux:
enabled: true
kubeletRootDir: /var/lib/kubelet
metricsAddr: ":8080"
priorityClassName: ""
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
tag: v1.4.7
pullPolicy: IfNotPresent
registrarImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
tag: v2.11.1
pullPolicy: IfNotPresent
livenessProbeImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
tag: v2.13.1
pullPolicy: IfNotPresent
crds:
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver-crds
tag: v1.4.7
pullPolicy: IfNotPresent
providersDir: /var/run/secrets-store-csi-providers
windows:
enabled: false
kubeletRootDir: C:\var\lib\kubelet
metricsAddr: ":8080"
priorityClassName: ""
image:
repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
tag: v1.4.7
pullPolicy: IfNotPresent
registrarImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
tag: v2.11.1
pullPolicy: IfNotPresent
livenessProbeImage:
repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
tag: v2.13.1
pullPolicy: IfNotPresent
enableSecretRotation: false
rotationPollInterval: 2m
# Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for more details on actions to take before enabling this feature
filteredWatchSecret: true
syncSecret:
enabled: false
tokenRequests:
- audience: api://AzureADTokenExchange
## Install default service account
rbac:
install: true
pspEnabled: false
# explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT
constructPEMChain: true
# Write cert and key in separate files. The individual files will be named as <secret-name>.crt and <secret-name>.key. These files will be created in addition to the single file.
writeCertAndKeyInSeparateFiles: false
# Port that serves metrics
metricsAddr: "8898"