global: # -- Annotations for all resources annotations: {} # -- Labels for all resources labels: {} workload: enabled: false # -- Main workload type. Either: `Deployment`, `StatefulSet` or `DaemonSet` type: Deployment # -- Annotations for main workload type annotations: {} # -- Labels for main workload type labels: {} image: # -- Registry to use for the main workload # registry: "docker.io" # -- Repository to use for the main workload repository: "nginx" # -- Tag to use for the main workload tag: "latest" # -- Optional: Digest to use for the main workload digest: "" # -- Image pull policy for the main workload imagePullPolicy: IfNotPresent # -- Command to pass to the main workload command: [] # -- Arguments to pass to the main workload args: [] # -- Disable selective default env variables disableDefaultEnv: {} # -- Environment Variables to mount into pod envs: [] # - name: EXAMPLE_ENV # value: "HELLO" envsFromField: [] # - name: POD_NAME # fieldPath: metadata.name # -- Config Map to mount as Environment Variable into pod envsConfigMap: [] # - name: EXAMPLE_ENV # configMap: MyConfigMap # key: HELLO # -- Secret to mount as Environment Variable into pod envsSecret: [] # - name: EXAMPLE_ENV # secret: MySecret # key: HELLO # -- The number of pods to run. replicaCount: 1 # -- Security Context to pass to the pod securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL podSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 fsGroupChangePolicy: "Always" # -- Resource configuration for the main workload pod resources: # -- Defines a preset configuration for resources. Either: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`, `4xlarge`. preset: "nano" # -- Custom Resource Configuration: Define specific requests and limits. Use this when `preset` is not set. # custom: {} # requests: # cpu: 5m # memory: 50Mi # limits: # cpu: 10m # memory: 100Mi # -- Probes for main workload ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ probes: {} # readinessProbe: # type: httpGet # path: "/health" # port: 8080 # host: "localhost" # httpHeaders: # Content-Type: "application/json" # scheme: "HTTP" # periodSeconds: 10 # timeoutSeconds: 5 # successThreshold: 1 # failureThreshold: 3 # initialDelaySeconds: 30 # livenessProbe: # type: tcpSocket # port: 8080 # host: "localhost" # periodSeconds: 10 # timeoutSeconds: 5 # successThreshold: 1 # failureThreshold: 3 # initialDelaySeconds: 30 # startupProbe: # type: exec # command: ["ls", "-l"] # periodSeconds: 10 # timeoutSeconds: 5 # successThreshold: 1 # failureThreshold: 3 # initialDelaySeconds: 30 storage: {} ## configMap # - name: my-configmap-volume # type: configMap # mountPath: /path/to/mount/container # configMapName: my-configmap # items: # - key: key1 # path: /path/to/mount/container ## secret # - name: my-secret-volume # type: secret # optional: false # mountPath: /path/to/mount/container # secretName: my-secret # items: # - key: key1 # path: /path/to/mount/container ## emptyDir # - name: my-emptydir-volume # type: emptyDir # mountPath: /path/to/mount/container # sizeLimit: 1Gi # readOnly: false # ramDisk: false ## hostPath # - name: my-hostpath-volume # type: hostPath # mountPath: /path/to/mount/container # hostPath: /path/to/mount/host # readOnly: false ## downardAPI # - name: my-downwardapi-volume # type: downwardAPI # mountPath: /path/to/mount/container # items: # - path: /path/to/mount/for/field1 # fieldRef: # fieldPath: field1 ## pvc # - name: my-pvc-volume # type: pvc # mountPath: /path/to/mount/container # claimName: "test" # readOnly: false ## volumeClaimTemplate - StatefulSet Only # - name: my-pvc-template-volume # type: pvcTemplate # mountPath: /path/to/mount/container # accessModes: # - "ReadWriteOnce" # storageClass: "example" # size: "5Gi" # readOnly: false # -- Termination grace period seconds for container lifecycle hook terminationGracePeriodSeconds: "" # -- Priority class for the main workload pods priorityClassName: "application-default" # -- Node selector for the main workload pods nodeSelector: {} # -- Tolerations for use with node taints tolerations: {} # -- Assign affinity rules to the main workload affinity: {} # -- Assign custom TopologySpreadConstraints rules to the main workload # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: preset: "spread-across-nodes" # custom: [] # -- Deployment or StatefulSet strategy to be added to the main workload strategy: type: RollingUpdate maxSurge: 1 maxUnavailable: 1 extraContainers: {} initContainers: {} autoscaling: enabled: false # -- Annotations for HPA annotations: {} # -- Labels for HPA labels: {} # -- Minimum number of replicas for the main workload (HPA) minReplicas: 2 # -- Maximum number of replicas for the main workload (HPA) maxReplicas: 3 # -- Average CPU utilization percentage for the main workload (HPA) targetCPUUtilizationPercentage: 75 # -- Average memory utilization percentage for the main workload (HPA) targetMemoryUtilizationPercentage: 75 # -- Configures the scaling behavior of the target in both Up and Down directions. behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 1 # periodSeconds: 180 # scaleUp: # stabilizationWindowSeconds: 300 # policies: # - type: Pods # value: 2 # periodSeconds: 60 # -- Configures custom HPA metrics for the main workload # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ metrics: [] pdb: enabled: false # -- Labels to be added to application controller pdb labels: {} # -- Annotations to be added to application controller pdb annotations: {} # -- Maximum number of pods that can be unavailable during a disruption as a number or percentage (eg.: 50%). ## Mutually exlusive with minAvailable ## Has higher precedence over `minAvailable` maxUnavailable: "1" # -- Minimum number of pods that must be available at any given time during a disruption as a number or percentage (eg.: 50%) ## Mutually exlusive with minAvailable minAvailable: "" service: enabled: false # -- [Optional] Service name, defaults to release name name: {} # -- Annotations for service annotations: {} # -- Labels for service labels: {} # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) clusterIP: {} publishNotReadyAddresses: false # -- List of ports for service ports: [] # - name: web # protocol: TCP # port: 80 # hostIP: 127.0.0.1 # hostPort: 1234 # -- Optional labels selector: {} expose: enabled: false # -- Either: `NodePort` or `LoadBalancer`` type: {} # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: {} # -- List of ports for service ports: [] # - name: web # protocol: TCP # port: 80 # nodePort: 30443 configMap: enabled: false configMaps: [] # - name: "" # -- Annotations for Config Map # annotations: {} # -- Labels for Config Map # labels: {} # -- List of config data for the Config Map # data: # example.conf: | # listen 80 serviceAccount: enabled: false # -- Annotations for Service Account annotations: {} # -- Labels for Service Account labels: {} # -- Automount API credentials for the Service Account into the workload. automountServiceAccountToken: true storageClass: enabled: false annotations: {} labels: {} provisioner: {} reclaimPolicy: {} allowVolumeExpansion: {} parameters: [] mountOptions: [] volumeBindingMode: {} persistentVolume: enabled: false # volumes: [] # - name: "" # annotations: {} # labels: {} # capacity: "" # accessModes: [] # persistentVolumeReclaimPolicy: "" # storageClass: "" # hostPath: "" # nfs: # server: "" # path: "" # readonly: "" # claim: # name: {} # namespace: {} persistentVolumeClaim: enabled: false # volumes: [] # - name: "" # annotations: {} # labels: {} # accessModes: [] # volumeMode: {} # volumeName: {} # capacity: {} # storageClass: {} # selector: # matchlabels: {} rbac: enabled: false roles: {} # # -- Create RBAC. Either: `role` and/or `clusterRole` # role: # # -- Annotations for Role # annotations: {} # # -- Labels for Role # labels: {} # # -- Rules for Role # rules: # - apiGroups: # - "" # resources: # - secrets # verbs: # - get # - create # - list # - watch # - update # clusterRole: # # -- Annotations for Cluster Role # annotations: {} # # -- Labels for Cluster Role # labels: {} # # -- Rules for Cluster Role # rules: # - apiGroups: # - "" # resources: # - secrets # verbs: # - get # - create # - list # - watch # - update ingressClass: enabled: false controller: {} isDefault: false ingress: enabled: false annotations: {} labels: {} ingressClass: {} hosts: {} # - host: "test.example.com" # path: "/" # pathType: "Prefix" # tls: # enabled: true # secretName: "test" # backend: # service: # name: "example" # port: 80 secret: enabled: false annotations: {} labels: {} namespace: {} secrets: {} certificate: enabled: false annotations: {} labels: {} spec: {} issuer: enabled: false annotations: {} labels: {} type: {} spec: {} grafana: datasource: enabled: false spec: {} dashboard: enabled: false cacheDuration: "" resyncPeriod: "" dashboards: [] # - name: "" # json: {} # url: "" # folder: "" folder: enabled: false resyncPeriod: "" folders: [] # - name: "" # title: "" # parentFolder: "" # permissions: | # { # "items": [ # { # "role": "Admin", # "permission": 4 # }, # { # "role": "Editor", # "permission": 2 # } # ] # } # -- REQUIRES: Prometheus serviceMonitor: enabled: false # -- Annotations for serviceMonitor annotations: {} # -- Labels for serviceMonitor labels: {} # -- Prometheus ServiceMonitor port port: 81 # -- Prometheus ServiceMonitor interval interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" # -- Prometheus ServiceMonitor path path: /metrics # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. honorLabels: false # -- Prometheus ServiceMonitor scheme scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} postgres: enabled: false replicas: {} version: {} size: {} versionChecker: imageOverride: false extraObjects: []