kubelatte-ce
Форк от sbertech/kubelatte-ce
150 строк · 3.1 Кб
1rbac:
2create: true
3
4serviceAccount:
5create: true
6name: kubelatte-sa
7annotations: {}
8
9
10podSecurityContext:
11enabled: true
12fsGroup: 1006380000
13runAsNonRoot: true
14# seccompProfile:
15# type: "RuntimeDefault"
16
17terminationGracePeriodSeconds: 10
18restartPolicy: Always
19
20image:
21registry: kubelatte
22repository: kubelatte
23tag: latest
24
25## Specify a imagePullPolicy
26## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
27## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
28##
29pullPolicy: IfNotPresent
30## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
31## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
32## e.g:
33## pullSecrets:
34## - myRegistryKeySecretName
35##
36pullSecrets:
37- pull
38
39# Webhooks
40webhookConfigs:
41enabled: true
42mutating:
43- name: kubelatte-ce
44webhooks:
45- name: kubelatte.community.edition
46rules:
47- operations:
48- CREATE
49apiGroups:
50- ''
51apiVersions:
52- v1
53resources:
54- pods
55scope: '*'
56failurePolicy: Ignore
57namespaceSelector:
58matchExpressions:
59- key: kubelatte-injection
60operator: In
61values:
62- enabled
63objectSelector: {}
64timeoutSeconds: 5
65
66validating:
67- name: kubelatte-ce
68webhooks:
69- name: kubelatte.community.edition
70rules:
71- operations:
72- CREATE
73apiGroups:
74- ''
75apiVersions:
76- v1
77resources:
78- pods
79scope: '*'
80failurePolicy: Ignore
81namespaceSelector:
82matchExpressions:
83- key: kubelatte-injection
84operator: In
85values:
86- enabled
87objectSelector: {}
88timeoutSeconds: 5
89
90auth:
91tls:
92certBase64:
93keyBase64:
94caCertBase64:
95
96resources:
97limits:
98cpu: 300m
99memory: 500Mi
100requests:
101cpu: 300m
102memory: 500Mi
103
104livenessProbe:
105enabled: true
106initialDelaySeconds: 15
107timeoutSeconds: 1
108periodSeconds: 20
109successThreshold: 1
110failureThreshold: 30
111readinessProbe:
112enabled: true
113## may be your own
114initialDelaySeconds: 1
115timeoutSeconds: 1
116periodSeconds: 2
117successThreshold: 1
118failureThreshold: 30
119
120containerSecurityContext:
121enabled: true
122## may be your own
123privileged: false
124runAsUser: 10101
125runAsGroup: 10101
126runAsNonRoot: true
127readOnlyRootFilesystem: true
128allowPrivilegeEscalation: false
129capabilities:
130drop: ["ALL"]
131# seccompProfile:
132# type: "RuntimeDefault"
133
134service:
135name: kubelatte-ce-service
136port: 8443
137
138
139modes:
140mutation:
141enabled: true
142sideEffect:
143enabled: true
144recreation:
145enabled: true
146validation:
147enabled: true
148creation:
149enabled: true
150clusterCreation: true