Skip to content

Instantly share code, notes, and snippets.

@bernardoVale

bernardoVale/kiam-values.yaml

Created June 10, 2019 23:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bernardoVale/13964295943d0f422d20e9d5577e09f6 to your computer and use it in GitHub Desktop.
Save bernardoVale/13964295943d0f422d20e9d5577e09f6 to your computer and use it in GitHub Desktop.
Download ZIP
kiam-values
Raw
kiam-values.yaml
extraArgs: {}
agent:
## If false, agent will not be installed
##
enabled: true
## agent container name
##
name: agent
image:
repository: quay.io/uswitch/kiam
tag: v3.2
pullPolicy: IfNotPresent
## Logging settings
##
log:
jsonOutput: true
level: debug
## Host networking settings
##
host:
iptables: true
port: 8181
interface: "!eth0"
## Prometheus metrics
##
prometheus:
scrape: true
port: 9620
syncInterval: 5s
## Annotations to be added to pods
##
podAnnotations: {}
## Labels to be added to pods
##
podLabels: {}
## Annotations to be added to service
##
serviceAnnotations: {}
## Labels to be added to service
##
serviceLabels: {}
## Used to assign priority to agent pods
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Strategy for DaemonSet updates (requires Kubernetes 1.6+)
## Ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
##
updateStrategy: OnDelete
## Pod DNS policy
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy
##
dnsPolicy: ClusterFirstWithHostNet
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector:
ec2.amazonaws.com/type: application
## Pod tolerations
## Ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Agent container resources
## Ref https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
##
# Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
# Expects input structure as per specification for example:
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: foo.bar.com/role
# operator: In
# values:
# - master
affinity: {}
resources: {}
## Additional container arguments
##
extraArgs: {}
## Additional container environment variables
##
extraEnv: {}
## Additional container hostPath mounts
##
extraHostPathMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
hostPath: /etc/pki/ca-trust/extracted/pem
## else:
# hostPath: /usr/share/ca-certificates
# readOnly: true
## Timeout when creating the kiam gateway
##
gatewayTimeoutCreation: 2s
## Base64-encoded PEM values for agent's CA certificate(s), certificate and private key
##
tlsFiles:
ca:
cert:
key:
## Secret name of agent's TLS certificates
##
tlsSecret:
## Agent TLS Certificate filenames
tlsCerts:
certFileName: cert
keyFileName: key
caFileName: ca
server:
## If false, server will not be installed
##
enabled: true
## server container name
##
name: server
image:
repository: quay.io/uswitch/kiam
tag: v3.2
pullPolicy: IfNotPresent
## Logging settings
##
log:
jsonOutput: true
level: debug
## Prometheus metrics
##
prometheus:
scrape: true
port: 9620
syncInterval: 5s
## Annotations to be added to pods
##
podAnnotations: {}
## Labels to be added to pods
##
podLabels: {}
## Annotations to be added to service
##
serviceAnnotations: {}
## Labels to be added to service
##
serviceLabels: {}
## Used to assign priority to server pods
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Strategy for DaemonSet updates (requires Kubernetes 1.6+)
## Ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
##
updateStrategy: OnDelete
# Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
# Expects input structure as per specification for example:
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: foo.bar.com/role
# operator: In
# values:
# - master
affinity: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector:
ec2.amazonaws.com/type: core
## Pod tolerations
## Ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Server container resources
## Ref https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
##
resources: {}
## Additional container arguments
##
extraArgs: {}
## Additional container environment variables
##
extraEnv: {}
## Additional container hostPath mounts
##
extraHostPathMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
## Running on Amazon Linux or RHEL distros:
hostPath: /etc/pki/ca-trust/extracted/pem
## else:
# hostPath: /usr/share/ca-certificates
# readOnly: true
service:
port: 443
targetPort: 443
## Timeout when creating the kiam gateway
##
gatewayTimeoutCreation: 50ms
## Server probe configuration
probes:
serverAddress: 127.0.0.1
## Base64-encoded PEM values for server's CA certificate(s), certificate and private key
##
tlsFiles:
ca:
cert:
key:
## Secret name of server's TLS certificates
##
tlsSecret:
## Base ARN for IAM roles
## If not specified use EC2 metadata service to detect ARN prefix
##
# roleBaseArn:
## Pod cache settings
##
cache:
syncInterval: 1m
## IAM role for the server to assume
##
assumeRoleArn: "arn:aws:iam::111111111111:role/server-role"
## Session duration for STS tokens
##
sessionDuration: 15m
## Use hostNetwork for server
## Set this to true when running the servers on the same nodes as the agents
useHostNetwork: false
## Agent TLS Certificate filenames
tlsCerts:
certFileName: cert
keyFileName: key
caFileName: ca
rbac:
# Specifies whether RBAC resources should be created
create: true
serviceAccounts:
agent:
create: true
name:
server:
create: true
name:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment