github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/dex/values.yaml (about) 1 # Default values for dex. 2 # This is a YAML-formatted file. 3 # Declare variables to be passed into your templates. 4 5 # -- Number of replicas (pods) to launch. 6 replicaCount: 1 7 8 # -- Labels to apply to all resources and selectors. 9 commonLabels: {} 10 # team_name: dev 11 12 image: 13 # -- Name of the image repository to pull the container image from. 14 repository: ghcr.io/dexidp/dex 15 16 # -- [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for updating already existing images on a node. 17 pullPolicy: IfNotPresent 18 19 # -- Image tag override for the default value (chart appVersion). 20 tag: "" 21 22 # -- Reference to one or more secrets to be used when [pulling images](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) (from private registries). 23 imagePullSecrets: [] 24 25 # -- A name in place of the chart name for `app:` labels. 26 nameOverride: "" 27 28 # -- A name to substitute for the full names of resources. 29 fullnameOverride: "" 30 31 # -- A list of hosts and IPs that will be injected into the pod's hosts file if specified. 32 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hostname-and-name-resolution) 33 hostAliases: [] 34 35 https: 36 # -- Enable the HTTPS endpoint. 37 enabled: false 38 39 grpc: 40 # -- Enable the gRPC endpoint. 41 # Read more in the [documentation](https://dexidp.io/docs/api/). 42 enabled: false 43 44 configSecret: 45 # -- Enable creating a secret from the values passed to `config`. 46 # If set to false, name must point to an existing secret. 47 create: true 48 49 # -- The name of the secret to mount as configuration in the pod. 50 # If not set and create is true, a name is generated using the fullname template. 51 # Must point to secret that contains at least a `config.yaml` key. 52 name: "" 53 54 # -- Application configuration. 55 # See the [official documentation](https://dexidp.io/docs/). 56 config: {} 57 58 # -- Additional storage [volumes](https://kubernetes.io/docs/concepts/storage/volumes/). 59 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. 60 volumes: [] 61 62 # -- Additional [volume mounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/). 63 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1) for details. 64 volumeMounts: [] 65 66 # -- Additional environment variables mounted from [secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) or [config maps](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables). 67 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. 68 envFrom: [] 69 70 # -- Additional environment variables passed directly to containers. 71 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. 72 env: {} 73 74 # -- Similar to env but with support for all possible configurations. 75 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) for details. 76 envVars: [] 77 # - name: SOME_ENV_VAR 78 # value: value 79 # - name: SOME_ENV_VAR2 80 # valueFrom: 81 # secretKeyRef: 82 # name: secret-name 83 # key: secret-key 84 # - name: SOME_ENV_VAR3 85 # valueFrom: 86 # configMapKeyRef: 87 # name: config-map-name 88 # key: config-map-key 89 90 serviceAccount: 91 # -- Enable service account creation. 92 create: true 93 94 # -- Annotations to be added to the service account. 95 annotations: {} 96 97 # -- The name of the service account to use. 98 # If not set and create is true, a name is generated using the fullname template. 99 name: "" 100 101 rbac: 102 # -- Specifies whether RBAC resources should be created. 103 # If disabled, the operator is responsible for creating the necessary resources based on the templates. 104 create: true 105 106 # -- Specifies which RBAC resources should be created. 107 # If disabled, the operator is responsible for creating the necessary resources (ClusterRole and RoleBinding or CRD's) 108 createClusterScoped: true 109 110 # -- Annotations to be added to deployment. 111 deploymentAnnotations: {} 112 113 # -- Labels to be added to deployment. 114 deploymentLabels: {} 115 116 # -- Annotations to be added to pods. 117 podAnnotations: {} 118 119 # -- Labels to be added to pods. 120 podLabels: {} 121 122 podDisruptionBudget: 123 # -- Enable a [pod distruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) to help dealing with [disruptions](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/). 124 # It is **highly recommended** for webhooks as disruptions can prevent launching new pods. 125 enabled: false 126 127 # -- (int/percentage) Number or percentage of pods that must remain available. 128 minAvailable: 129 130 # -- (int/percentage) Number or percentage of pods that can be unavailable. 131 maxUnavailable: 132 133 # -- Specify a priority class name to set [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority). 134 priorityClassName: "" 135 136 # -- Pod [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod). 137 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) for details. 138 podSecurityContext: {} 139 # fsGroup: 2000 140 141 # -- Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept. 142 # May be set to 0 in case of GitOps deployment approach. 143 revisionHistoryLimit: 10 144 145 # -- Container [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container). 146 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) for details. 147 securityContext: {} 148 # capabilities: 149 # drop: 150 # - ALL 151 # readOnlyRootFilesystem: true 152 # runAsNonRoot: true 153 # runAsUser: 1000 154 155 service: 156 # -- Annotations to be added to the service. 157 annotations: {} 158 159 # -- Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). 160 type: ClusterIP 161 162 # -- Internal cluster service IP (when applicable) 163 clusterIP: "" 164 165 ports: 166 http: 167 # -- HTTP service port 168 port: 5556 169 170 # -- (int) HTTP node port (when applicable) 171 nodePort: 172 173 https: 174 # -- HTTPS service port 175 port: 5554 176 177 # -- (int) HTTPS node port (when applicable) 178 nodePort: 179 180 grpc: 181 # -- gRPC service port 182 port: 5557 183 184 # -- (int) gRPC node port (when applicable) 185 nodePort: 186 187 ingress: 188 # -- Enable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). 189 enabled: false 190 191 # -- Ingress [class name](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class). 192 className: "" 193 194 # -- Annotations to be added to the ingress. 195 annotations: {} 196 # kubernetes.io/ingress.class: nginx 197 # kubernetes.io/tls-acme: "true" 198 199 # -- Ingress host configuration. 200 # @default -- See [values.yaml](values.yaml). 201 hosts: 202 - host: chart-example.local 203 paths: 204 - path: / 205 pathType: ImplementationSpecific 206 207 # -- Ingress TLS configuration. 208 # @default -- See [values.yaml](values.yaml). 209 tls: [] 210 # - secretName: chart-example-tls 211 # hosts: 212 # - chart-example.local 213 214 serviceMonitor: 215 # -- Enable Prometheus ServiceMonitor. 216 # See the [documentation](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/design.md#servicemonitor) and the [API reference](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) for details. 217 enabled: false 218 219 # -- Namespace where the ServiceMonitor resource should be deployed. 220 # @default -- Release namespace. 221 namespace: "" 222 223 # -- (duration) Prometheus scrape interval. 224 interval: 225 226 # -- (duration) Prometheus scrape timeout. 227 scrapeTimeout: 228 229 # -- Labels to be added to the ServiceMonitor. 230 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec 231 labels: {} 232 233 # -- Annotations to be added to the ServiceMonitor. 234 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec 235 annotations: {} 236 237 # -- HTTP scheme to use for scraping. 238 # Can be used with `tlsConfig` for example if using istio mTLS. 239 scheme: "" 240 241 # -- HTTP path to scrape for metrics. 242 path: /metrics 243 244 # -- TLS configuration to use when scraping the endpoint. 245 # For example if using istio mTLS. 246 ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig 247 tlsConfig: {} 248 249 # -- Prometheus scrape bearerTokenFile 250 bearerTokenFile: 251 252 # -- HonorLabels chooses the metric's labels on collisions with target labels. 253 honorLabels: false 254 255 # -- Prometheus scrape metric relabel configs 256 # to apply to samples before ingestion. 257 ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) 258 metricRelabelings: [] 259 # - action: keep 260 # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' 261 # sourceLabels: [__name__] 262 263 # -- Relabel configs to apply 264 # to samples before ingestion. 265 ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) 266 relabelings: [] 267 # - sourceLabels: [__meta_kubernetes_pod_node_name] 268 # separator: ; 269 # regex: ^(.*)$ 270 # targetLabel: nodename 271 # replacement: $1 272 # action: replace 273 274 # -- Container resource [requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). 275 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) for details. 276 # @default -- No requests or limits. 277 resources: {} 278 # We usually recommend not to specify default resources and to leave this as a conscious 279 # choice for the user. This also increases chances charts run on environments with little 280 # resources, such as Minikube. If you do want to specify resources, uncomment the following 281 # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 282 # limits: 283 # cpu: 100m 284 # memory: 128Mi 285 # requests: 286 # cpu: 100m 287 # memory: 128Mi 288 289 # -- Autoscaling configuration (see [values.yaml](values.yaml) for details). 290 # @default -- Disabled by default. 291 autoscaling: 292 enabled: false 293 minReplicas: 1 294 maxReplicas: 100 295 targetCPUUtilizationPercentage: 80 296 # targetMemoryUtilizationPercentage: 80 297 298 # -- [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) configuration. 299 nodeSelector: {} 300 301 # -- [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for node taints. 302 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. 303 tolerations: [] 304 305 # -- [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) configuration. 306 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. 307 affinity: {} 308 309 # -- [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration. 310 # See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) for details. 311 topologySpreadConstraints: [] 312 313 # -- Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) configuration. 314 strategy: {} 315 # rollingUpdate: 316 # maxUnavailable: 1 317 # type: RollingUpdate 318 319 networkPolicy: 320 # -- Create [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) 321 enabled: false 322 # -- A list of network policy egress rules 323 egressRules: [] 324 # Allow DNS egress traffic 325 # - ports: 326 # - port: 53 327 # protocol: UDP 328 # - port: 53 329 # protocol: TCP 330 # Example to allow LDAP connector to reach LDAPs port on 1.2.3.4 server 331 # - to: 332 # - ipBlock 333 # cidr: 1.2.3.4/32 334 # ports: 335 # - port: 636 336 # protocol: TCP