# Default values for Fybrik. # This is a YAML-formatted file. # Declare variables to be passed into your templates. # Overrides names nameOverride: "" fullnameOverride: "" # Set to false to disable deploying cluster scoped resources. # Note that these resources are still required for a valid # deployment. Only set this to false if you deployed cluster # scoped resources using a different method. clusterScoped: true modulesNamespace: "fybrik-blueprints" # Set if need to only watch for FybrikApplication from a specific namespace # The namespace must already exist applicationNamespace: "" # Taxonomy file for taxonomy ConfigMap taxonomyOverride: "" # Global configuration applies to multiple components installed by this chart global: # Default hub for Fybrik images. hub: ghcr.io/fybrik # Default tag for Fybrik images. # If no value is set, the chart's appVersion will be used. tag: "" # Default image pull policy for Fybrik images # Default behavior: latest images will be Always else IfNotPresent. # ref: https://kubernetes.io/docs/concepts/containers/images/#updating-images imagePullPolicy: "" # Reference to one or more secrets to be used when pulling images. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # Default connection timeout for GRPC connections. connectionTimeout: 120 # Human readable logs prettyLogging: false # zerolog verbosity level # ref: https://github.com/rs/zerolog#leveled-logging loggingVerbosity: -1 # Cluster metadata values cluster: # Set to the name of the cluster. name: thegreendragon # Set to cluster zone. zone: hobbiton # Set to cluster region. region: theshire # Set to the cluster Vault auth method path. vaultAuthPath: kubernetes # Configuration when deploying to a coordinator cluster. coordinator: # Set to false to disable coordinator components in manager. enabled: true # Configures the catalog system name to be used by the coordinator manager. # Accepted values are "katalog", "egeria" or any meaningful name if a third party connector is used. catalog: "katalog" # Overrides the catalog connector URL. # Defaults to `http://-connector:80`. catalogConnectorURL: "" # Configures the policy manager system name to be used by the coordinator manager. # Accepted values are "opa" or any meaningful name if a third party connector is used. policyManager: "opa" # Overrides the policy manager connector URL. # Defaults to `http://-connector:80`. policyManagerConnectorURL: "" # Configure the vault instance to be used by the coordinator manager vault: # WARNING: it's an advanced feature, set it to "false" if all your modules and connectors do not require getting # credentials from Fybrik. # If it is "false", you can remove all other entries below. enabled: true # Set to the Vault address. address: "http://vault.{{ .Release.Namespace }}:8200" # Login method to Vault login: # Token authentication token: "root" # Configures the Razee instance to be used by the coordinator manager in a multicluster setup razee: # Overrides the multicluster group that should be used. # Using Razee one can bundle clusters in a group. The controller is then limited to all # the clusters registered in this group. multiclusterGroup: "" # URL for Razee local deployment url: "" # Usernane for Razee local deployment user: "" # Password for Razee local deployment password: "" # Razee deployment with oauth API key authentication requires the apiKey parameter apiKey: "" # Razee deployment with IBM Cloud Satellite Config requires the iamKey parameter iamKey: "" # Configuration when deploying the manager to a worker cluster. # Note that a coordinator can also act as a worker. worker: # Set to false to disable worker components in manager. enabled: true # Manager component manager: # Set to true to deploy the manager component or false to skip its deployment. # Defaults to true if `coordinator.enabled` or `worker.enabled` is true. enabled: true # Override GRPC connection timeout in manager connectionTimeout: # Override data path limits in manager dataPathMaxSize: "2" # Image name or a hub/image[:tag] image: "manager" # Overrides global.imagePullPolicy imagePullPolicy: "Always" # Set to true to enable socat in the manager pod to forward # traffic from a localhost registry. Used only for development. socat: false # Overrides arguments to be passed to manager container overrideArgs: # Extra environment variables to be set for manager container extraEnvs: # - name: env_name # value: env_value replicaCount: 1 serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use name: manager podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} prometheus: false chartVolume: "" # Specify a persistent volume claim, to be mounted by the manager, that can contain # helm charts that can be referenced by a FybrikModule. Manager will check if a chart # is available on volume first, then try to pull from a Docker registry if it does not exist. # To populate the volume, create a 'charts' directory at the root of the mount, # and place helm charts within the charts directory. # OPA server component opaServer: # Set to true to deploy OPA service or false to skip its deployment. # Defaults to true if the opa connector is enabled. enabled: auto # Image name or a hub/image[:tag] image: "openpolicyagent/opa:0.36.0" # Overrides global.imagePullPolicy imagePullPolicy: "" args: - "run" - "--server" - "--log-level=debug" - "--set=decision_logs.console=true" kubemgmt: image: openpolicyagent/kube-mgmt:0.11 # Used if autoscaling is not enabled replicaCount: 1 serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use name: opa podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 8181 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # Bootstrap policies to load upon startup # Define policies in the form of: # : |- # # For example, to mask the entire input body in the decision logs: # bootstrapPolicies: # log: |- # package system.log # mask["/input"] # Bootstrap policies to load upon startup bootstrapPolicies: {} # Katalog connector component katalogConnector: # Set to true to deploy the katalog connector or false to skip its deployment. # Defaults to true if `coordinator.catalog` is set to "katalog" enabled: auto # Image name or a hub/image[:tag] image: "katalog-connector" # Overrides global.imagePullPolicy imagePullPolicy: "" # Used if autoscaling is not enabled replicaCount: 1 serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use name: katalog-connector podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 80 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # V2 OPA connector component opaConnector: # Set to true to deploy the opa connector or false to skip its deployment. # Defaults to true if `coordinator.policyManager` is set to "opa" enabled: auto # Overrides the URL of the OPA server # Defaults to the address of the deployed OPA server serverURL: # Override GRPC connection timeout # See `.global.connectionTimeout`. connectionTimeout: # Image name or a hub/image[:tag] image: "opa-connector" # Overrides `.global.imagePullPolicy` imagePullPolicy: "" # Used if autoscaling is not enabled replicaCount: 1 serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use name: opa-connector podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 80 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # S3 mock service installed in fybrik namespace s3mock: enabled: false