clusterBackup: enabled: false image: name: public.ecr.aws/zero-downtime/kubezero-admin # tag: v1.22.8 # -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup repository: "" # -- /etc/cloudbender/clusterBackup.passphrase password: "" extraEnv: [] forseti: enabled: false image: name: public.ecr.aws/zero-downtime/forseti tag: v0.1.2 aws: region: "" # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.kubezeroForseti" iamRoleArn: "" aws-node-termination-handler: enabled: false fullnameOverride: "aws-node-termination-handler" #image: # tag: v1.14.1 # -- "aws-node-termination-handler/${ClusterName}" managedAsgTag: "aws-node-termination-handler/managed" useProviderId: true enableSqsTerminationDraining: true # otherwise pds fails trying to reach IMDS enableSpotInterruptionDraining: false enableProbesServer: true deleteLocalData: true ignoreDaemonSets: true taintNode: true emitKubernetesEvents: true # -- https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth queueURL: "" metadataTries: 0 extraEnv: # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.awsNth" - name: AWS_ROLE_ARN value: "" - name: AWS_WEB_IDENTITY_TOKEN_FILE value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - name: AWS_STS_REGIONAL_ENDPOINTS value: "regional" enablePrometheusServer: false podMonitor: create: false jsonLogging: true tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" rbac: pspEnabled: false fuseDevicePlugin: enabled: false awsNeuron: enabled: false image: name: public.ecr.aws/neuron/neuron-device-plugin tag: 1.9.3.0 nvidia-device-plugin: enabled: false tolerations: - key: nvidia.com/gpu operator: Exists effect: NoSchedule - key: kubezero-workergroup effect: NoSchedule operator: Exists affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "node.kubernetes.io/instance-type" operator: In values: - g5.xlarge - g5.2xlarge - g5.4xlarge - g5.8xlarge - g5.12xlarge - g5.16xlarge - g5.24xlarge - g5.48xlarge cluster-autoscaler: enabled: false autoDiscovery: clusterName: "" awsRegion: "us-west-2" serviceMonitor: enabled: false interval: 30s prometheusRule: enabled: false interval: "30" # Disable pdb for now podDisruptionBudget: false extraArgs: scan-interval: 30s skip-nodes-with-local-storage: false #securityContext: # runAsNonRoot: true nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule # On AWS enable Projected Service Accounts to assume IAM role #extraEnv: # AWS_ROLE_ARN: # AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" # AWS_STS_REGIONAL_ENDPOINTS: "regional" #extraVolumes: #- name: aws-token # projected: # sources: # - serviceAccountToken: # path: token # expirationSeconds: 86400 # audience: "sts.amazonaws.com" #extraVolumeMounts: #- name: aws-token # mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" # readOnly: true external-dns: enabled: false interval: 3m triggerLoopOnEvent: true tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" #logLevel: debug sources: - service #- istio-gateway provider: inmemory extraVolumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" extraVolumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true env: # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS" - name: AWS_ROLE_ARN value: "" - name: AWS_WEB_IDENTITY_TOKEN_FILE value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - name: AWS_STS_REGIONAL_ENDPOINTS value: "regional"