clusterBackup: enabled: false image: name: public.ecr.aws/zero-downtime/kubezero-admin # tag: v1.22.8 # -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup repository: "" # -- /etc/cloudbender/clusterBackup.passphrase password: "" extraEnv: [] forseti: enabled: false image: name: public.ecr.aws/zero-downtime/forseti tag: v0.1.2 aws: region: "" # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.kubezeroForseti" iamRoleArn: "" sealed-secrets: enabled: false # ensure kubeseal default values match fullnameOverride: sealed-secrets-controller # Disable auto keyrotation for now keyrenewperiod: "0" resources: requests: cpu: 10m memory: 24Mi limits: memory: 128Mi metrics: serviceMonitor: enabled: false nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule aws-eks-asg-rolling-update-handler: enabled: false image: repository: twinproduction/aws-eks-asg-rolling-update-handler tag: v1.8.4 environmentVars: - name: CLUSTER_NAME value: "" - name: AWS_REGION value: us-west-2 - name: EXECUTION_INTERVAL value: "60" - name: METRICS value: "true" - name: EAGER_CORDONING value: "true" # Only disable if all services have PDBs across AZs - name: SLOW_MODE value: "true" - name: AWS_ROLE_ARN value: "" - name: AWS_WEB_IDENTITY_TOKEN_FILE value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - name: AWS_STS_REGIONAL_ENDPOINTS value: "regional" securityContext: runAsNonRoot: true runAsUser: 1001 seccompProfile: type: RuntimeDefault containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL resources: requests: cpu: 10m memory: 32Mi limits: memory: 128Mi nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule aws-node-termination-handler: enabled: false fullnameOverride: "aws-node-termination-handler" # -- "zdt:kubezero:nth:${ClusterName}" managedTag: "zdt:kubezero:nth:${ClusterName}" useProviderId: true enableSqsTerminationDraining: true # otherwise pds fails trying to reach IMDS enableSpotInterruptionDraining: false enableProbesServer: true deleteLocalData: true ignoreDaemonSets: true taintNode: true emitKubernetesEvents: true # -- https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth queueURL: "" metadataTries: 0 extraEnv: # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.awsNth" - name: AWS_ROLE_ARN value: "" - name: AWS_WEB_IDENTITY_TOKEN_FILE value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - name: AWS_STS_REGIONAL_ENDPOINTS value: "regional" enablePrometheusServer: false podMonitor: create: false jsonLogging: true logFormatVersion: 2 tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" rbac: pspEnabled: false fuseDevicePlugin: enabled: false image: name: public.ecr.aws/zero-downtime/fuse-device-plugin tag: v1.2.0 awsNeuron: enabled: false image: name: public.ecr.aws/neuron/neuron-device-plugin tag: 2.22.4.0 nvidia-device-plugin: enabled: false cdi: nvidiaHookPath: /usr/bin deviceDiscoveryStrategy: nvml runtimeClassName: nvidia tolerations: - key: nvidia.com/gpu operator: Exists effect: NoSchedule - key: kubezero-workergroup effect: NoSchedule operator: Exists affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node.kubernetes.io/instance-type" operator: In values: - g5.xlarge - g5.2xlarge - g5.4xlarge - g5.8xlarge - g5.12xlarge - g5.16xlarge - g5.24xlarge - g5.48xlarge - g4dn.xlarge - g4dn.2xlarge - g4dn.4xlarge - g4dn.8xlarge - g4dn.12xlarge - g4dn.16xlarge cluster-autoscaler: enabled: false image: repository: registry.k8s.io/autoscaling/cluster-autoscaler tag: v1.32.0 autoDiscovery: clusterName: "" awsRegion: "us-west-2" serviceMonitor: enabled: false interval: 30s prometheusRule: enabled: false interval: "30" # Disable pdb for now podDisruptionBudget: false extraArgs: scan-interval: 30s skip-nodes-with-local-storage: false balance-similar-node-groups: true ignore-daemonsets-utilization: true ignore-taint: "node.cilium.io/agent-not-ready" # Disable for non-clustered control-plane # leader-elect: false #securityContext: # runAsNonRoot: true nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule # On AWS enable Projected Service Accounts to assume IAM role #extraEnv: # AWS_ROLE_ARN: # AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # AWS_STS_REGIONAL_ENDPOINTS: "regional" #extraVolumes: #- name: aws-token # projected: # sources: # - serviceAccountToken: # path: token # expirationSeconds: 86400 # audience: "sts.amazonaws.com" #extraVolumeMounts: #- name: aws-token # mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" # readOnly: true external-dns: enabled: false interval: 3m triggerLoopOnEvent: true tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" #logLevel: debug sources: - service #- istio-gateway provider: inmemory py-kube-downscaler: enabled: false tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" resources: limits: cpu: null memory: 256Mi requests: cpu: 20m memory: 48Mi # By default no NOT scale down KubeZero modules excludedNamespaces: - kube-system - operators - monitoring - logging - telemetry - istio-system - istio-ingress - cert-manager - argocd