KubeZero/charts/kubezero-addons/values.yaml

312 lines
6.6 KiB
YAML
Raw Permalink Normal View History

2021-12-01 12:35:18 +00:00
clusterBackup:
enabled: false
2021-12-01 12:35:18 +00:00
image:
name: public.ecr.aws/zero-downtime/kubezero-admin
# tag: v1.22.8
2021-12-01 12:35:18 +00:00
2022-08-24 15:13:39 +00:00
# -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup
2021-12-01 12:35:18 +00:00
repository: ""
2022-08-24 15:13:39 +00:00
# -- /etc/cloudbender/clusterBackup.passphrase
2021-12-01 12:35:18 +00:00
password: ""
2022-08-24 15:13:39 +00:00
2021-12-03 21:16:22 +00:00
extraEnv: []
2021-12-01 12:35:18 +00:00
forseti:
enabled: false
image:
name: public.ecr.aws/zero-downtime/forseti
tag: v0.1.2
aws:
region: ""
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.kubezeroForseti"
iamRoleArn: ""
sealed-secrets:
enabled: false
# ensure kubeseal default values match
fullnameOverride: sealed-secrets-controller
# Disable auto keyrotation for now
2023-04-12 11:14:31 +00:00
keyrenewperiod: "0"
resources:
requests:
cpu: 10m
memory: 24Mi
limits:
memory: 128Mi
metrics:
serviceMonitor:
enabled: false
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
aws-eks-asg-rolling-update-handler:
enabled: false
image:
repository: twinproduction/aws-eks-asg-rolling-update-handler
tag: v1.8.4
environmentVars:
- name: CLUSTER_NAME
value: ""
- name: AWS_REGION
value: us-west-2
- name: EXECUTION_INTERVAL
value: "60"
- name: METRICS
value: "true"
- name: EAGER_CORDONING
value: "true"
# Only disable if all services have PDBs across AZs
- name: SLOW_MODE
value: "true"
- name: AWS_ROLE_ARN
value: ""
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
2023-11-15 22:35:53 +00:00
securityContext:
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
memory: 128Mi
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
2021-12-01 12:35:18 +00:00
aws-node-termination-handler:
enabled: false
fullnameOverride: "aws-node-termination-handler"
2023-08-16 10:17:39 +00:00
# -- "zdt:kubezero:nth:${ClusterName}"
managedTag: "zdt:kubezero:nth:${ClusterName}"
2021-12-03 21:16:22 +00:00
useProviderId: true
2021-12-01 12:35:18 +00:00
enableSqsTerminationDraining: true
# otherwise pds fails trying to reach IMDS
enableSpotInterruptionDraining: false
2021-12-21 15:05:08 +00:00
enableProbesServer: true
2021-12-03 21:16:22 +00:00
deleteLocalData: true
ignoreDaemonSets: true
taintNode: true
2021-12-21 15:05:08 +00:00
emitKubernetesEvents: true
2021-12-01 12:35:18 +00:00
# -- https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth
2021-12-01 12:35:18 +00:00
queueURL: ""
metadataTries: 0
extraEnv:
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.awsNth"
- name: AWS_ROLE_ARN
value: ""
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
2021-12-01 12:35:18 +00:00
enablePrometheusServer: false
podMonitor:
create: false
2021-12-01 12:35:18 +00:00
jsonLogging: true
logFormatVersion: 2
2021-12-01 12:35:18 +00:00
tolerations:
2022-10-27 12:27:42 +00:00
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
2021-12-01 12:35:18 +00:00
nodeSelector:
node-role.kubernetes.io/control-plane: ""
rbac:
pspEnabled: false
fuseDevicePlugin:
enabled: false
2023-10-02 12:57:25 +00:00
image:
name: public.ecr.aws/zero-downtime/fuse-device-plugin
tag: v1.2.0
awsNeuron:
enabled: false
image:
name: public.ecr.aws/neuron/neuron-device-plugin
2024-10-16 11:20:20 +00:00
tag: 2.22.4.0
nvidia-device-plugin:
enabled: false
cdi:
nvidiaHookPath: /usr/bin
2024-11-08 19:38:02 +00:00
deviceDiscoveryStrategy: nvml
runtimeClassName: nvidia
tolerations:
- key: nvidia.com/gpu
operator: Exists
effect: NoSchedule
- key: kubezero-workergroup
effect: NoSchedule
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "node.kubernetes.io/instance-type"
operator: In
values:
- g5.xlarge
- g5.2xlarge
- g5.4xlarge
- g5.8xlarge
- g5.12xlarge
- g5.16xlarge
- g5.24xlarge
- g5.48xlarge
2023-01-22 16:24:58 +00:00
- g4dn.xlarge
2023-04-12 11:14:31 +00:00
- g4dn.2xlarge
- g4dn.4xlarge
- g4dn.8xlarge
- g4dn.12xlarge
- g4dn.16xlarge
cluster-autoscaler:
enabled: false
2023-04-12 11:14:31 +00:00
image:
repository: registry.k8s.io/autoscaling/cluster-autoscaler
2024-10-16 11:20:20 +00:00
tag: v1.30.2
2023-04-12 11:14:31 +00:00
autoDiscovery:
clusterName: ""
awsRegion: "us-west-2"
serviceMonitor:
enabled: false
interval: 30s
prometheusRule:
enabled: false
2022-09-28 15:41:30 +00:00
interval: "30"
# Disable pdb for now
podDisruptionBudget: false
2022-09-28 15:41:30 +00:00
extraArgs:
scan-interval: 30s
skip-nodes-with-local-storage: false
balance-similar-node-groups: true
2024-12-04 18:40:10 +00:00
ignore-daemonsets-utilization: true
ignore-taint: "node.cilium.io/agent-not-ready"
2024-12-04 18:40:10 +00:00
# Disable for non-clustered control-plane
# leader-elect: false
2022-09-28 15:41:30 +00:00
#securityContext:
# runAsNonRoot: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
2022-10-27 12:27:42 +00:00
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
# On AWS enable Projected Service Accounts to assume IAM role
#extraEnv:
# AWS_ROLE_ARN: <IamArn>
# AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
# AWS_STS_REGIONAL_ENDPOINTS: "regional"
#extraVolumes:
#- name: aws-token
# projected:
# sources:
# - serviceAccountToken:
# path: token
# expirationSeconds: 86400
# audience: "sts.amazonaws.com"
#extraVolumeMounts:
#- name: aws-token
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
# readOnly: true
external-dns:
enabled: false
interval: 3m
triggerLoopOnEvent: true
tolerations:
2022-10-27 12:27:42 +00:00
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
2022-04-12 13:23:33 +00:00
#logLevel: debug
sources:
2022-09-28 15:41:30 +00:00
- service
#- istio-gateway
provider: inmemory
py-kube-downscaler:
enabled: false
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
resources:
limits:
cpu: null
2024-11-19 13:58:20 +00:00
memory: 256Mi
requests:
2024-11-19 13:58:20 +00:00
cpu: 20m
memory: 48Mi
# By default no NOT scale down KubeZero modules
excludedNamespaces:
- kube-system
- operators
- monitoring
- logging
- telemetry
- istio-system
- istio-ingress
- cert-manager
- argocd