github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/rancher/values.yaml (about)

     1  # Additional Trusted CAs.
     2  # Enable this flag and add your CA certs as a secret named tls-ca-additional in the namespace.
     3  # See README.md for details.
     4  additionalTrustedCAs: false
     5  
     6  
     7  # affinity optionally replaces the entire affinity section of the pod spec. If affinity is specified then the values of nodeAffinity, podAffinity, podAntiAffinity, and antiAffinity are ignored.
     8  affinity: {}
     9  # nodeAffinity optionally replaces the nodeAffinity section under affinity in the pod spec.
    10  nodeAffinity: {}
    11  # podAffinity optionally replaces the podAffinity section under affinity in the pod spec.
    12  podAffinity: {}
    13  # podAntiAffinity optionally replaces the podAntiAffinity section under affinity in the pod spec. If podAntiAffinity is specified then the value of antiAffinity is ignored.
    14  podAntiAffinity: {}
    15  
    16  antiAffinity: preferred
    17  topologyKey: kubernetes.io/hostname
    18  
    19  # Optional topology spread constraints
    20  topologySpreadConstraints: []
    21  
    22  # Optional node selector
    23  nodeSelector: {}
    24  
    25  # Audit Logs https://rancher.com/docs/rancher/v2.x/en/installation/api-auditing/
    26  # The audit log is piped to the console of the rancher-audit-log container in the rancher pod.
    27  # https://rancher.com/docs/rancher/v2.x/en/installation/api-auditing/
    28  # destination stream to sidecar container console or hostPath volume
    29  # level: Verbosity of logs, 0 to 3. 0 is off 3 is a lot.
    30  auditLog:
    31    destination: sidecar
    32    hostPath: /var/log/rancher/audit/
    33    level: 0
    34    maxAge: 1
    35    maxBackup: 1
    36    maxSize: 100
    37  
    38    # Image for collecting rancher audit logs.
    39    # Important: update pkg/image/export/resolve.go when this default image is changed, so that it's reflected accordingly in rancher-images.txt generated for air-gapped setups.
    40    image:
    41      repository: "rancher/mirrored-bci-micro"
    42      tag: 15.4.14.3
    43      # Override imagePullPolicy image
    44      # options: Always, Never, IfNotPresent
    45      pullPolicy: "IfNotPresent"
    46  
    47  # As of Rancher v2.5.0 this flag is deprecated and must be set to 'true' in order for Rancher to start
    48  addLocal: "true"
    49  
    50  # Add debug flag to Rancher server
    51  debug: false
    52  
    53  # When starting Rancher for the first time, bootstrap the admin as restricted-admin
    54  restrictedAdmin: false
    55  
    56  # Extra environment variables passed to the rancher pods.
    57  # extraEnv:
    58  # - name: CATTLE_TLS_MIN_VERSION
    59  #   value: "1.0"
    60  
    61  # Fully qualified name to reach your Rancher server
    62  # hostname: rancher.my.org
    63  
    64  ## Optional array of imagePullSecrets containing private registry credentials
    65  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    66  imagePullSecrets: []
    67  # - name: secretName
    68  
    69  ### ingress ###
    70  # Readme for details and instruction on adding tls secrets.
    71  ingress:
    72    # If set to false, ingress will not be created
    73    # Defaults to true
    74    # options: true, false
    75    enabled: true
    76    includeDefaultExtraAnnotations: true
    77    extraAnnotations: {}
    78    ingressClassName: nginx
    79    # backend port number
    80    servicePort: 443
    81  
    82    # configurationSnippet - Add additional Nginx configuration. This example statically sets a header on the ingress.
    83    # configurationSnippet: |
    84    #   more_set_input_headers "X-Forwarded-Host: {{ .Values.hostname }}";
    85  
    86    tls:
    87      # options: rancher, letsEncrypt, secret
    88      source: rancher
    89      secretName: tls-rancher-ingress
    90  
    91  ### service ###
    92  # Override to use NodePort or LoadBalancer service type - default is ClusterIP
    93  service:
    94    type: ""
    95    annotations: {}
    96  
    97  ### LetsEncrypt config ###
    98  # ProTip: The production environment only allows you to register a name 5 times a week.
    99  #         Use staging until you have your config right.
   100  letsEncrypt:
   101    # email: none@example.com
   102    environment: production
   103    ingress:
   104      # options: traefik, nginx
   105      class: ""
   106  # If you are using certs signed by a private CA set to 'true' and set the 'tls-ca'
   107  # in the 'rancher-system' namespace. See the README.md for details
   108  privateCA: false
   109  
   110  # http[s] proxy server passed into rancher server.
   111  # proxy: http://<username>@<password>:<url>:<port>
   112  
   113  # comma separated list of domains or ip addresses that will not use the proxy
   114  noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
   115  
   116  # Override rancher image location for Air Gap installs
   117  rancherImage: rancher/rancher
   118  # rancher/rancher image tag. https://hub.docker.com/r/rancher/rancher/tags/
   119  # Defaults to .Chart.appVersion
   120  # rancherImageTag: v2.0.7
   121  
   122  # Override imagePullPolicy for rancher server images
   123  # options: Always, Never, IfNotPresent
   124  # Defaults to IfNotPresent
   125  # rancherImagePullPolicy: <pullPolicy>
   126  
   127  # Number of Rancher server replicas. Setting to negative number will dynamically between 0 and the abs(replicas) based on available nodes.
   128  # of available nodes in the cluster
   129  replicas: 3
   130  
   131  # Set priorityClassName to avoid eviction
   132  priorityClassName: rancher-critical
   133  
   134  # Set pod resource requests/limits for Rancher.
   135  resources: {}
   136  
   137  #
   138  # tls
   139  #   Where to offload the TLS/SSL encryption
   140  # - ingress (default)
   141  # - external
   142  tls: ingress
   143  
   144  systemDefaultRegistry: ""
   145  
   146  # Set to use the packaged system charts
   147  useBundledSystemChart: false
   148  
   149  # Certmanager version compatibility
   150  certmanager:
   151    version: ""
   152  
   153  # Rancher custom logos persistence
   154  customLogos:
   155    enabled: false
   156    volumeSubpaths:
   157      emberUi: "ember"
   158      vueUi: "vue"
   159    ## Volume kind to use for persistence: persistentVolumeClaim, configMap
   160    volumeKind: persistentVolumeClaim
   161    ## Use an existing volume. Custom logos should be copied to the volume by the user
   162    # volumeName: custom-logos
   163    ## Just for volumeKind: persistentVolumeClaim
   164    ## To disables dynamic provisioning, set storageClass: "" or storageClass: "-"
   165    # storageClass: "-"
   166    accessMode: ReadWriteOnce
   167    size: 1Gi
   168  
   169  # Rancher post-delete hook
   170  postDelete:
   171    enabled: false
   172    image:
   173      repository: rancher-shell
   174      tag: v0.1.20
   175    namespaceList:
   176      - cattle-fleet-system
   177      - cattle-system
   178      - rancher-operator-system
   179    # Number of seconds to wait for an app to be uninstalled
   180    timeout: 120
   181    # by default, the job will fail if it fail to uninstall any of the apps
   182    ignoreTimeoutError: false
   183  
   184  # Set a bootstrap password. If leave empty, a random password will be generated.
   185  bootstrapPassword: ""
   186  
   187  livenessProbe:
   188    initialDelaySeconds: 60
   189    periodSeconds: 30
   190  readinessProbe:
   191    initialDelaySeconds: 5
   192    periodSeconds: 30
   193  
   194  global:
   195    cattle:
   196      psp:
   197        # will default to true on 1.24 and below, and false for 1.25 and above
   198        # can be changed manually to true or false to bypass version checks and force that option
   199        enabled: ""