KubeZero/charts/kubezero-kiam/values.yaml

84 lines
2.0 KiB
YAML

annotateKubeSystemNameSpace: false
kiam:
enabled: true
server:
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
assumeRoleArn: ''
useHostNetwork: true
sslCertHostPath: /etc/ssl/certs
tlsSecret: kiam-server-tls
tlsCerts:
certFileName: tls.crt
keyFileName: tls.key
caFileName: ca.crt
service:
port: 6444
targetPort: 6444
deployment:
enabled: true
replicas: 1
updateStrategy: RollingUpdate
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
# cpu: "300m"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
priorityClassName: system-cluster-critical
prometheus:
servicemonitor:
enabled: false
interval: 30s
labels:
release: metrics
log:
level: info
agent:
gatewayTimeoutCreation: "5s"
updateStrategy: RollingUpdate
# IP tables set on each node at boot, see CloudBender
host:
iptables: false
interface: "cali+"
allowRouteRegexp: '^/latest/(meta-data/instance-id|dynamic)'
sslCertHostPath: /etc/ssl/certs
tlsSecret: kiam-agent-tls
tlsCerts:
certFileName: tls.crt
keyFileName: tls.key
caFileName: ca.crt
resources:
requests:
memory: "16Mi"
cpu: "50m"
limits:
memory: "64Mi"
# cpu: "50m"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: kubezero-workergroup
effect: NoSchedule
priorityClassName: system-node-critical
prometheus:
servicemonitor:
enabled: false
interval: 30s
labels:
release: metrics
log:
level: info
# extraEnv:
# - name: GRPC_GO_LOG_SEVERITY_LEVEL
# value: "info"
# - name: GRPC_GO_LOG_VERBOSITY_LEVEL
# value: "8"