diff --git a/README.md b/README.md index 8cd5ac0..fec2fb2 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,25 @@ For example, create a file `my-values.cue` with the following content: ```cue values: { controller: { - prometheus: enabled: true + config: logging: format: "json" + podDisruptionBudget: minAvailable: 2 + + monitoring: { + enabled: true + serviceMonitor: enabled: true + } + + image: { + tag: "v1.12.7" + digest: "sha256:6425a6a27c8f9afc589202238504384300e26fa1e03f9bd55c4ca86b645316f4" + } } - test: enabled: true + webhook: { + podDisruptionBudget: minAvailable: 2 + } + + test: enabled: false } ``` @@ -123,26 +138,32 @@ for deploying in a non production manner the below configuration should suffice: values: { logLevel: 4 + // There are two ways to setup high availability one is to set the replicas in each controller section, another is + // this shortcut, which defaults to the recommended settings defined here: https://cert-manager.io/docs/installation/best-practice/#high-availability + highAvailability: enabled: true + // Setting the above true will ignore controller: replicas: etc and use the below + // highAvailanility: controllerReplicas: 2 + // highAvailanility: webhookReplicas: 3 + // highAvailanility: caInjectorReplicas: 2 + + // By default ServiceAccount tokens are not mounted, instead a Volume and VolumeMount are setup to add the + // ServiceAccount token to the Pod, so here we're reversing that controller: automountServiceAccountToken: true - controller: replicas: 1 controller: serviceAccount: automountServiceAccountToken: true controller: volumes: [] controller: volumeMounts: [] caInjector: automountServiceAccountToken: true - caInjector: replicas: 1 caInjector: serviceAccount: automountServiceAccountToken: true caInjector: volumes: [] caInjector: volumeMounts: [] webhook: automountServiceAccountToken: true - webhook: replicas: 1 webhook: serviceAccount: automountServiceAccountToken: true webhook: volumes: [] webhook: volumeMounts: [] startupAPICheck: automountServiceAccountToken: true - startupAPICheck: replicas: 1 startupAPICheck: serviceAccount: automountServiceAccountToken: true startupAPICheck: volumes: [] startupAPICheck: volumeMounts: [] diff --git a/debug_values.cue b/debug_values.cue index 9ab5af7..25d28fc 100644 --- a/debug_values.cue +++ b/debug_values.cue @@ -19,6 +19,13 @@ values: { monitoring: enabled: true podDisruptionBudget: minAvailable: 2 + livenessProbe: { + initialDelaySeconds: 30 + periodSeconds: 15 + failureThreshold: 4 + timeoutSeconds: 2 + } + strategy: { type: "RollingUpdate" rollingUpdate: { @@ -30,6 +37,20 @@ values: { webhook: { podDisruptionBudget: minAvailable: 2 + livenessProbe: { + initialDelaySeconds: 30 + periodSeconds: 15 + failureThreshold: 4 + timeoutSeconds: 2 + } + + readinessProbe: { + initialDelaySeconds: 20 + periodSeconds: 10 + failureThreshold: 6 + timeoutSeconds: 2 + } + strategy: { type: "RollingUpdate" rollingUpdate: { diff --git a/templates/config/component.cue b/templates/config/component.cue index 0f75906..f99af41 100644 --- a/templates/config/component.cue +++ b/templates/config/component.cue @@ -47,13 +47,7 @@ import ( } strategy?: appsv1.#DeploymentStrategy - tolerations?: [...corev1.#Toleration] | [ - { - key: "node-restriction.kubernetes.io/reserved-for" - operator: "Equal" - value: "platform" - }, - ] + tolerations?: [...corev1.#Toleration] topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] volumeMounts: [...corev1.#VolumeMount] | *[{ diff --git a/templates/deploymentSpecWebhook.cue b/templates/deploymentSpecWebhook.cue index de4a561..5f52271 100644 --- a/templates/deploymentSpecWebhook.cue +++ b/templates/deploymentSpecWebhook.cue @@ -145,7 +145,7 @@ import ( } if #main_config.webhook.readinessProbe != _|_ { - readinessProbe: #main_config.webhook.livenessProbe & { + readinessProbe: #main_config.webhook.readinessProbe & { httpGet: { port: "healthcheck" path: "/healthz"