-
Notifications
You must be signed in to change notification settings - Fork 123
/
values.yaml
131 lines (108 loc) · 3.33 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Default values for cerbos.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
# Number of Cerbos pods to run
replicaCount: 1
# Container image details
image:
repository: ghcr.io/cerbos/cerbos
pullPolicy: IfNotPresent
# Image digest to use. Takes precedence over tag if specified.
digest: ""
# Image tag to use. Defaults to the chart appVersion.
tag: ""
imagePullSecrets: []
initContainers: []
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Annotations to add to the pod.
podAnnotations: {}
# Common labels to add to the resources.
commonLabels: {}
# Annotations to add to the deployment.
deployment:
annotations: {}
# Security context for the whole pod.
podSecurityContext: {}
# fsGroup: 2000
# Security context for the Cerbos container.
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# Resource limits for the pod.
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Autoscaling configuration.
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Node selector for the pod.
nodeSelector: {}
# Pod tolerations.
tolerations: []
# Pod affinity rules.
affinity: {}
# Volumes to add to the pod.
volumes: []
# Volume mounts to add to the Cerbos container.
volumeMounts: []
# Environment variables to add to the pod.
env: []
# Source environment variables from config maps or secrets.
envFrom: []
# Spec of the cert-manager certificate to create for the Cerbos deployment.
# If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec.
# The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it.
# If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate.
certManager:
certSpec: {}
# Cerbos service settings.
service:
type: ClusterIP
httpPort: 3592
grpcPort: 3593
httpNodePort: 13592
grpcNodePort: 13593
annotations: {}
clusterIP: null
loadBalancerIP: null
# Cerbos deployment settings.
cerbos:
# Port to expose the http service on.
httpPort: 3592
# Port to expose the gRPC service on.
grpcPort: 3593
# Secret containing the TLS certificate.
# Leave empty to disable TLS.
# The secret must contain the following keys:
# - tls.crt: Required. Certificate file contents.
# - tls.key: Required. Private key for the certificate.
# - ca.crt: Optional. CA certificate to add to the trust pool.
tlsSecretName: ""
# Cerbos log level. Valid values are DEBUG, INFO, WARN and ERROR
logLevel: INFO
# Add Prometheus service discovery annotations to the pod.
prometheusPodAnnotationsEnabled: true
# Cerbos config file contents.
# Some server settings like server.httpListenAddr, server.grpcListenAddr, server.tls will be overwritten by the chart based on values provided above.
config: {}