235 lines
4.5 KiB
YAML
235 lines
4.5 KiB
YAML
metallb:
|
|
enabled: false
|
|
|
|
controller:
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
ipAddressPools: []
|
|
#- name: my-ip-space
|
|
# protocol: layer2
|
|
# addresses:
|
|
# - 192.168.42.0/24
|
|
|
|
multus:
|
|
enabled: false
|
|
image:
|
|
repository: ghcr.io/k8snetworkplumbingwg/multus-cni
|
|
tag: v4.1.3
|
|
|
|
clusterNetwork: "cilium"
|
|
defaultNetworks: []
|
|
readinessindicatorfile: "/etc/cni/net.d/05-cilium.conflist"
|
|
|
|
cilium:
|
|
enabled: false
|
|
|
|
# Always use cached images
|
|
image:
|
|
useDigest: false
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 160Mi
|
|
limits:
|
|
memory: 1Gi
|
|
# cpu: 4000m
|
|
|
|
cni:
|
|
binPath: "/usr/libexec/cni"
|
|
logFile: /var/log/cilium-cni.log
|
|
#-- Ensure this is false if multus is enabled
|
|
exclusive: false
|
|
|
|
cluster:
|
|
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
|
# to prevent IP space overlap and easy tracking
|
|
# use 240 as default, less likely to clash with 1
|
|
id: 240
|
|
name: default
|
|
|
|
ipam:
|
|
operator:
|
|
clusterPoolIPv4PodCIDRList:
|
|
- 10.240.0.0/16
|
|
|
|
# Keep it simple for now
|
|
l7Proxy: false
|
|
envoy:
|
|
enabled: false
|
|
#rollOutCiliumPods: true
|
|
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: "/sys/fs/cgroup"
|
|
|
|
# we need biDirectional so use helm init-container
|
|
#bpf:
|
|
# autoMount:
|
|
# enabled: false
|
|
|
|
sysctlfix:
|
|
enabled: false
|
|
|
|
routingMode: tunnel
|
|
tunnelProtocol: geneve
|
|
|
|
prometheus:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
port: 9091
|
|
|
|
operator:
|
|
replicas: 1
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
# the operator removes the taints,
|
|
# so we need to break chicken egg on single controller
|
|
- key: node.cilium.io/agent-not-ready
|
|
effect: NoSchedule
|
|
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: ""
|
|
prometheus:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
|
|
hubble:
|
|
enabled: false
|
|
relay:
|
|
enabled: false
|
|
ui:
|
|
enabled: false
|
|
tls:
|
|
auto:
|
|
method: cert-manager
|
|
certManagerIssuerRef:
|
|
group: cert-manager.io
|
|
kind: ClusterIssuer
|
|
name: kubezero-local-ca-issuer
|
|
|
|
haproxy:
|
|
enabled: false
|
|
|
|
replicaCount: 1
|
|
|
|
# enable pdb if replica > 1
|
|
PodDisruptionBudget:
|
|
enable: false
|
|
minAvailable: 1
|
|
|
|
containerPorts:
|
|
http: 8080
|
|
https: null
|
|
prometheus: 8404
|
|
stat: null
|
|
|
|
serviceMonitor:
|
|
enabled: false
|
|
endpoints:
|
|
- port: prometheus
|
|
path: /metrics
|
|
scheme: http
|
|
interval: 30s
|
|
params:
|
|
no-maint:
|
|
- empty
|
|
config: |
|
|
frontend fe_main
|
|
bind :8080
|
|
default_backend be_main
|
|
|
|
backend be_main
|
|
server web1 10.0.0.1:8080 check
|
|
|
|
includes:
|
|
global.cfg: |
|
|
global
|
|
log stdout format raw local0
|
|
maxconn 2048
|
|
|
|
defaults
|
|
log global
|
|
mode tcp
|
|
option http-server-close
|
|
timeout connect 10s
|
|
timeout client 30s
|
|
timeout client-fin 30s
|
|
timeout server 30s
|
|
timeout tunnel 1h
|
|
|
|
resolvers coredns
|
|
accepted_payload_size 4096
|
|
parse-resolv-conf
|
|
hold valid 10s
|
|
hold other 10s
|
|
hold refused 10s
|
|
hold nx 10s
|
|
hold timeout 10s
|
|
|
|
prometheus.cfg: |
|
|
frontend prometheus
|
|
bind *:8404
|
|
mode http
|
|
http-request use-service prometheus-exporter if { path /metrics }
|
|
no log
|
|
stats enable
|
|
stats uri /stats
|
|
stats refresh 10s
|
|
stats auth admin:letmein
|
|
|
|
args:
|
|
defaults:
|
|
- "-f"
|
|
- "/usr/local/etc/haproxy/includes/global.cfg"
|
|
- "-f"
|
|
- "/usr/local/etc/haproxy/includes/prometheus.cfg"
|
|
- "-f"
|
|
- "/usr/local/etc/haproxy/haproxy.cfg"
|
|
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
successThreshold: 1
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
tcpSocket:
|
|
port: 8404
|
|
periodSeconds: 10
|
|
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
successThreshold: 1
|
|
initialDelaySeconds: 0
|
|
timeoutSeconds: 1
|
|
tcpSocket:
|
|
port: 8404
|
|
periodSeconds: 10
|
|
|
|
securityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 48Mi
|
|
# limits:
|
|
# cpu: 250m
|
|
# memory: 128Mi
|