github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/charts/kvisor/values.yaml (about) 1 # Default values for egressd. 2 # Declare variables to be passed into your templates. 3 4 # CAST AI API configuration. 5 castai: 6 enabled: true 7 8 # Token to be used for authorizing agent access to the CASTAI API 9 apiKey: "" 10 11 # Name of secret with Token to be used for authorizing agent access to the API 12 # apiKey and apiKeySecretRef are mutually exclusive 13 # The referenced secret must provide the token in .data["API_KEY"] 14 apiKeySecretRef: "" 15 16 # CASTAI grpc public api address. 17 grpcAddr: "api-grpc.cast.ai:443" 18 19 # CASTAI Cluster unique identifier. 20 clusterID: "" 21 22 imagePullSecrets: [] 23 nameOverride: "" 24 fullnameOverride: "" 25 26 # Labels to add to all resources. 27 # TODO: Add for all resources 28 commonLabels: {} 29 30 # Annotations to add to all resources. 31 # TODO: Add for all resources 32 commonAnnotations: {} 33 34 image: 35 repository: ghcr.io/castai/kvisor/kvisor 36 pullPolicy: IfNotPresent 37 # Overrides the image tag whose default is the chart appVersion. 38 tag: "" 39 40 pyroscope: 41 enabled: false 42 43 agent: 44 enabled: false 45 46 serviceAccount: 47 # Specifies whether a service account should be created 48 create: true 49 # Annotations to add to the service account 50 annotations: { } 51 # The name of the service account to use. 52 # If not set and create is true, a name is generated using the fullname template 53 name: "" 54 55 updateStrategy: 56 type: RollingUpdate 57 rollingUpdate: 58 maxUnavailable: 10 59 60 podAnnotations: { } 61 62 podSecurityContext: { } 63 # fsGroup: 2000 64 65 containerSecurityContext: 66 privileged: true 67 # capabilities: 68 # drop: 69 # - all 70 # add: 71 # - "NET_ADMIN" 72 # - "SYS_PTRACE" 73 # - "SYS_ADMIN" 74 readOnlyRootFilesystem: false # TODO(Kvisord): Make readonly. Now tmp dir is needed to create cgroups mount. 75 76 resources: { } 77 # We usually recommend not to specify default resources and to leave this as a conscious 78 # choice for the user. This also increases chances charts run on environments with little 79 # resources, such as Minikube. If you do want to specify resources, uncomment the following 80 # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 81 # limits: 82 # cpu: 100m 83 # memory: 128Mi 84 # requests: 85 # cpu: 100m 86 # memory: 128Mi 87 88 nodeSelector: { } 89 90 tolerations: 91 - effect: NoSchedule 92 operator: Exists 93 - effect: NoExecute 94 operator: Exists 95 96 affinity: 97 nodeAffinity: 98 requiredDuringSchedulingIgnoredDuringExecution: 99 nodeSelectorTerms: 100 - matchExpressions: 101 - key: eks.amazonaws.com/compute-type 102 operator: NotIn 103 values: 104 - fargate 105 106 dnsPolicy: ClusterFirstWithHostNet 107 108 metricsHTTPListenPort: 6060 109 110 # Extra args for egressd collector container. 111 extraArgs: 112 log-level: info 113 #pyroscope-addr: http://kvisord-pyroscope:4040 114 115 prometheusScrape: 116 enabled: true 117 118 debug: 119 ebpf: false 120 121 controller: 122 enabled: true 123 124 replicas: 1 125 126 serviceAccount: 127 # Specifies whether a service account should be created 128 create: true 129 # Annotations to add to the service account 130 annotations: { } 131 # The name of the service account to use. 132 # If not set and create is true, a name is generated using the fullname template 133 name: "" 134 135 podAnnotations: {} 136 137 # TODO(Kvisord): Add default strict security context for all components. 138 securityContext: 139 fsGroup: 1001 140 # fsGroup: 10001 141 # runAsGroup: 10001 142 # runAsNonRoot: true 143 # runAsUser: 10001 144 # seccompProfile: 145 # type: RuntimeDefault 146 147 containerSecurityContext: 148 allowPrivilegeEscalation: false 149 # readOnlyRootFilesystem: true 150 # capabilities: 151 # drop: [ ALL ] 152 153 resources: { } 154 # We usually recommend not to specify default resources and to leave this as a conscious 155 # choice for the user. This also increases chances charts run on environments with little 156 # resources, such as Minikube. If you do want to specify resources, uncomment the following 157 # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 158 # limits: 159 # cpu: 100m 160 # memory: 128Mi 161 # requests: 162 # cpu: 100m 163 # memory: 128Mi 164 165 nodeSelector: { } 166 167 tolerations: [ ] 168 169 affinity: { } 170 171 dnsPolicy: ClusterFirst 172 173 httpListenPort: 8080 174 kubeAPIListenPort: 8090 175 metricsHTTPListenPort: 6060 176 177 # Extra args for server container. 178 extraArgs: 179 log-level: info 180 #pyroscope-addr: http://kvisord-pyroscope.kvisord-trace:4040 181 182 prometheusScrape: 183 enabled: true 184 185 persistentVolumeKv: 186 size: 30Gi 187 188 persistentVolumePostgres: 189 size: 20Gi 190 191 eventGenerator: 192 enabled: false 193 image: 194 repository: ghcr.io/castai/kvisor/kvisor-event-generator 195 pullPolicy: IfNotPresent 196 # Overrides the image tag whose default is the chart appVersion. 197 tag: "" 198 199 dnsPolicy: ClusterFirst 200 201 extraArgs: 202 log-level: debug 203 204 tolerations: 205 - effect: NoSchedule 206 operator: Exists 207 - effect: NoExecute 208 operator: Exists 209 210 mockServer: 211 enabled: false 212 213 clickhouse: 214 enabled: false 215 216 auth: 217 database: "kvisor" 218 username: "kvisor" 219 password: "kvisor" 220 221 image: 222 repository: clickhouse/clickhouse-server 223 pullPolicy: IfNotPresent 224 tag: "24.2.3.70-alpine" 225 226 nodeSelector: {} 227 tolerations: [] 228 affinity: {} 229 dnsPolicy: ClusterFirst 230 persistentVolume: 231 size: 20Gi 232 #storageClass: premium-rwo