annotateKubeSystemNameSpace: false kiam: enabled: true server: image: tag: "v3.6" # kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role assumeRoleArn: '' useHostNetwork: true sslCertHostPath: /etc/ssl/certs tlsSecret: kiam-server-tls tlsCerts: certFileName: tls.crt keyFileName: tls.key caFileName: ca.crt service: port: 6444 targetPort: 6444 deployment: enabled: true replicas: 1 updateStrategy: RollingUpdate resources: requests: memory: "50Mi" cpu: "100m" limits: memory: "50Mi" cpu: "100m" tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/master: "" prometheus: servicemonitor: enabled: false interval: 30s labels: release: metrics log: level: warn agent: image: tag: "v3.6" gatewayTimeoutCreation: "5s" updateStrategy: RollingUpdate # IP tables set on each node at boot, see CloudBender host: iptables: false interface: "cali+" whiteListRouteRegexp: '^/latest/(meta-data/instance-id|dynamic)' sslCertHostPath: /etc/ssl/certs tlsSecret: kiam-agent-tls tlsCerts: certFileName: tls.crt keyFileName: tls.key caFileName: ca.crt resources: requests: memory: "20Mi" cpu: "50m" limits: memory: "20Mi" cpu: "50m" tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule prometheus: servicemonitor: enabled: false interval: 30s labels: release: metrics log: level: warn # extraEnv: # - name: GRPC_GO_LOG_SEVERITY_LEVEL # value: "info" # - name: GRPC_GO_LOG_VERBOSITY_LEVEL # value: "8"