84 lines
2.0 KiB
YAML
84 lines
2.0 KiB
YAML
annotateKubeSystemNameSpace: false
|
|
|
|
kiam:
|
|
enabled: true
|
|
server:
|
|
# kiam.server.assumeRoleArn -- kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role
|
|
assumeRoleArn: ''
|
|
useHostNetwork: true
|
|
sslCertHostPath: /etc/ssl/certs
|
|
tlsSecret: kiam-server-tls
|
|
tlsCerts:
|
|
certFileName: tls.crt
|
|
keyFileName: tls.key
|
|
caFileName: ca.crt
|
|
service:
|
|
port: 6444
|
|
targetPort: 6444
|
|
deployment:
|
|
enabled: true
|
|
replicas: 1
|
|
updateStrategy: RollingUpdate
|
|
resources:
|
|
requests:
|
|
memory: "64Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "128Mi"
|
|
# cpu: "300m"
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
nodeSelector:
|
|
node-role.kubernetes.io/master: ""
|
|
priorityClassName: system-cluster-critical
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: false
|
|
interval: 30s
|
|
labels:
|
|
release: metrics
|
|
log:
|
|
level: info
|
|
|
|
agent:
|
|
gatewayTimeoutCreation: "5s"
|
|
updateStrategy: RollingUpdate
|
|
# IP tables set on each node at boot, see CloudBender
|
|
host:
|
|
iptables: false
|
|
interface: "cali+"
|
|
allowRouteRegexp: '^/latest/(meta-data/instance-id|dynamic)'
|
|
sslCertHostPath: /etc/ssl/certs
|
|
tlsSecret: kiam-agent-tls
|
|
tlsCerts:
|
|
certFileName: tls.crt
|
|
keyFileName: tls.key
|
|
caFileName: ca.crt
|
|
resources:
|
|
requests:
|
|
memory: "16Mi"
|
|
cpu: "50m"
|
|
limits:
|
|
memory: "64Mi"
|
|
# cpu: "50m"
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
- key: kubezero-workergroup
|
|
effect: NoSchedule
|
|
priorityClassName: system-node-critical
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: false
|
|
interval: 30s
|
|
labels:
|
|
release: metrics
|
|
log:
|
|
level: info
|
|
# extraEnv:
|
|
# - name: GRPC_GO_LOG_SEVERITY_LEVEL
|
|
# value: "info"
|
|
# - name: GRPC_GO_LOG_VERBOSITY_LEVEL
|
|
# value: "8"
|