forked from mittwald/kubernetes-secret-generator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
103 lines (82 loc) · 2.13 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
installCRDs: true
global:
imageRegistry:
imagePullSecrets:
image:
registry: quay.io
repository: mittwald/kubernetes-secret-generator
# if no tag is given, the chart's appVersion is used
# tag: latest
pullPolicy: Always
pullSecrets: []
args: []
nameOverride: ""
fullnameOverride: ""
deploymentStrategy: "Recreate"
automountServiceAccountToken:
serviceAccount:
automountServiceAccountToken:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext:
{}
# fsGroup: 2000
priorityClassName: ""
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources:
{}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Regenerate secrets that have been generated by an old version of kubernetes-secret-generator and
# are not cryptographically secure
regenerateInsecure: "true"
# Length of the generated secrets
secretLength: 40
# Namespace that are watched for secret generation
# Accepts a comma-separated list of namespaces: ns1,ns2
# If set to "", all namespaces will be watched
# Accessing secrets in namespaces other than the deployed one requires permissions via a cluster role (on by default)
watchNamespace: ""
useMetricsService: false
volumeMounts: []
volumes: []
# RBAC parameteres
# https://kubernetes.io/docs/reference/access-authn-authz/rbac/
rbac:
# Disables creation of rbac resources
create: true
# The cluster role allows access to all namespaces in the cluster.
# Set to false to restrict access to the deployed namespace only.
# ClusterRole is deployed by Default
clusterRole: true
livenessProbe:
enabled: true
initialDelaySeconds: 6
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 6
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3