-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathvalues.yaml
More file actions
509 lines (458 loc) · 19 KB
/
values.yaml
File metadata and controls
509 lines (458 loc) · 19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
# Default values for kubernetes-agent.
# -- Override the name of the app
nameOverride: ""
# -- custom registry pullSecret<br>
# See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# These are used for the tentacle and script pods
imagePullSecrets: []
# - name: "registry-secret-name"
agent:
# -- The name of the agent
# @section -- Agent values
name: ""
# -- Setting to Y accepts the [Customer Agreement](https://octopus.com/company/legal)
# @section -- Agent values
acceptEula: "N"
# -- The URL of the target Octopus Server to register this agent with
# @section -- Agent values
serverUrl: ""
# -- The base64-encoded public key of the self-signed x509 certificate or root CA certificate used by the target Octopus Server. Must be in the PEM/CER format. See [documentation](https://octopus.com/docs/kubernetes/targets/kubernetes-agent#trusting-custominternal-octopus-server-certificates) for more information.
# @section -- Agent values
serverCertificate: ""
# -- The name of a secret containing the base64-encoded public key of the self-signed x509 certificate or root CA certificate used by the target Octopus Server. Must be in the PEM/CER format. Value must be set in `data.octopus-server-certificate.pem` in secret.
# @section -- Agent values
serverCertificateSecretName: ""
# -- The polling communication URL of the target Octopus Server
# @section -- Agent values
serverCommsAddress: ""
# -- The polling communication URLs of the target Octopus Servers when running in High Availability (HA)
# @section -- Agent values
serverCommsAddresses: []
# -- The subscription ID that is used to by the agent to identify itself with Octopus Server
# @section -- Agent values
serverSubscriptionId: ""
# -- A JWT bearer token used to authenticate with the target Octopus Server
# @section -- Agent values
bearerToken: ""
# -- The name of an existing Secret that contains a base64-encoded Octopus Server JWT bearer token. Value must be set in `data.bearer-token` in secret.
# @section -- Agent values
bearerTokenSecretName: ""
# -- An Octopus Server API key used to authenticate with the target Octopus Server
# @section -- Agent values
serverApiKey: ""
# -- The name of an existing Secret that contains a base64-encoded Octopus Server API Key. Value must be set in `data.api-key` in secret.
# @section -- Agent values
serverApiKeySecretName: ""
# -- The username of the user used to authenticate with the target Octopus Server
# @section -- Agent values
username: ""
# -- The password of the user used to authenticate with the target Octopus Server
# @section -- Agent values
password: ""
# -- The name of an existing Secret that contains a base64-encoded username and password for an Octopus Server user. Values must be set in `data.username` and `data.password` in secret.
# @section -- Agent values
usernamePasswordSecretName: ""
# -- The Space to register the agent in
# @section -- Agent values
space: "Default"
# -- A base64-encoded x509 certificate used to setup a trust between the agent and target Octopus Server
# @section -- Agent values
certificate: ""
# -- The machine policy to register the agent with
# @section -- Agent values
machinePolicyName: ""
# -- The log level of the agent. Logs are written to the pod logs as well as to file
# @section -- Agent values
logLevel: "Info"
# -- The number of polling TCP connections to open with the target Octopus Server
# @section -- Agent values
pollingConnectionCount: 5
# -- True if events should be scraped and added to the metrics config map
# @section -- Agent values
enableMetricsCapture: true
deploymentTarget:
# -- Set to register the agent as a Deployment Target using the provided initial values
# @section -- Agent as Deployment Target values
enabled: false
initial:
# -- The deployment target environments to register the agent with
# @section -- Agent as Deployment Target initial values
environments: []
# -- The deployment target tags to register the agent with
# @section -- Agent as Deployment Target initial values
tags: []
# -- Can be `Untenanted`, `TenantedOrUntenanted` or `Tenanted`.
# @section -- Agent as Deployment Target initial values
tenantedDeploymentParticipation: "Untenanted"
# -- The deployment target tenants to register the agent with
# @section -- Agent as Deployment Target initial values
tenants: []
# -- The deployment target tenant tags to register the agent with
# @section -- Agent as Deployment Target initial values
tenantTags: []
# -- The default Kubernetes namespace for deployments
# @section -- Agent as Deployment Target initial values
defaultNamespace: ""
worker:
# -- Set to register the agent as a Worker using the provided initial values
# @section -- Agent as Worker values
enabled: false
initial:
# -- The worker pools to associate with the worker
# @section -- Agent as Worker initial values
workerPools: []
# -- The host, port, username and password of the proxy server to use for polling connections
# @section -- Agent values
pollingProxy:
host: ""
port: 80
username: ""
password: ""
# -- The repository, pullPolicy, tag & tagSuffix to use for the agent image
# @section -- Agent values
image:
repository: octopusdeploy/kubernetes-agent-tentacle
pullPolicy: IfNotPresent
tag: "9.1.3703"
tagSuffix: ""
# -- Credentials used during agent-upgrade tasks. To be populated if encountering rate-limiting failures.
# @section -- Agent values
upgrade:
dockerAuth:
username: ""
password: ""
registry: ""
serviceAccount:
# -- The name of the service account for the agent pod
# @section -- Agent values
# @default -- Generates a name based on `agent.name`
name: ""
# -- Annotations to add to the autogenerated service account
# @section -- Agent values
annotations: {}
# -- Additional metadata to add to the agent pod & container
# @section -- Agent values
metadata:
annotations: {}
labels: {}
# -- The resource limits and requests assigned to the agent container
# @section -- Agent values
resources:
requests:
memory: "150Mi"
cpu: "100m"
# -- The tolerations to apply to the agent pod
# @section -- Agent values
tolerations: []
# -- The affinities to apply to the agent pod
# @section -- Agent values
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
preinstall:
serviceAccount:
# -- The name of the service account for the agent pre-install registration pod
# @section -- Agent values
# @default -- Generates a name based on `agent.serviceAccount.name`, appending `-pre`
name: ""
# -- Annotations to add to the autogenerated pre-install registration service account
# @section -- Agent values
annotations: {}
# -- Additional pod spec to apply to the pre-install pod - does not override any other agent configuration
# @section -- Agent values
spec: {}
containers:
tentacle:
# -- Additional container spec to apply to the pre-install tentacle container - does not override any other configuration
# @section -- Agent values
spec: {}
# -- Additional env to apply to the pre-install tentacle container - does not override any other configuration
# @section -- Agent values
env: []
# -- The security context to apply to the agent pod. runAsGroup and fsGroup should be blank or set to `0`
# @section -- Agent values
securityContext: {}
# -- Additional pod spec to apply to the agent pod - does not override any other agent configuration
# @section -- Agent values
spec: {}
containers:
tentacle:
# -- Additional container spec to apply to the tentacle container - does not override any other configuration
# @section -- Agent values
spec: {}
# -- Additional env to apply to the tentacle container - does not override any other configuration
# @section -- Agent values
env: []
watchdog:
# -- Additional container spec to apply to the watchdog container - does not override any other configuration
# @section -- Agent values
spec: {}
# -- Additional env to apply to the watchdog container - does not override any other configuration
# @section -- Agent values
env: []
debug:
# -- Disables automatic pod cleanup
# @section -- Agent values
disableAutoPodCleanup: false
# @section -- Script pod values
scriptPods:
# -- If true, the script pods will be created with a disruption budget to prevent them from being evicted
# @section -- Script pod values
disruptionBudgetEnabled: true
# -- Additional metadata to add to script pods
# @section -- Script pod values
metadata:
annotations: {}
labels: {}
# -- The resource limits and requests assigned to script pod containers
# @section -- Script pod values
resources:
requests:
memory: "100Mi"
cpu: "25m"
serviceAccount:
# -- The name of the service account used for executing script pods
# @section -- Script pod values
name: ""
# -- Annotations to add to the service account
# @section -- Script pod values
annotations: {}
# -- Use namespace-scoped Roles instead of ClusterRoles
# @section -- Script pod values
useNamespacedRoles: false
# -- Specifies that the pod service account should be constrained to target namespaces
# @section -- Script pod values
# @default -- Uses a ClusterRoleBinding to allow the service account to run in any namespace
targetNamespaces: []
# -- if defined, overrides the default ClusterRole rules
# @section -- Script pod values
# @default -- `[{"apiGroups":["*"],"resources":["*"],"verbs":["*"]},{"nonResourceURLs":["*"],"verbs":["*"]}]`
clusterRole:
enabled: true
rules: []
# -- if defined, overrides the default Role rules when using namespace-scoped roles
# @section -- Script pod values
# @default -- `[{"apiGroups":["*"],"resources":["*"],"verbs":["*"]}]`
roleRules: []
# -- The tolerations to apply to script pods
# @section -- Script pod values
tolerations: []
# -- The affinities to apply to script pods
# @section -- Script pod values
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
# -- The security context to apply to the script pods
# @section -- Script pod values
securityContext: {}
deploymentTarget:
# -- The repository, pullPolicy & tag to use for the script pod image when the agent is a deployment target
# @section -- Script pod values
image:
repository: ""
pullPolicy: ""
tag: ""
worker:
# -- The repository, pullPolicy & tag to use for the script pod image when the agent is a worker
# @section -- Script pod values
image:
repository: octopusdeploy/worker-tools
pullPolicy: IfNotPresent
tag: "ubuntu.22.04"
logging:
# -- Disables script pod events being written to Octopus Server task log
# @section -- Script pod values
disablePodEventsInTaskLog: false
proxies:
# -- The URI of the HTTP proxy server to be used during script operations
# @section -- Script pod values
http_proxy: ""
# -- The URI of the HTTPS proxy server to be used during script operations
# @section -- Script pod values
https_proxy: ""
# -- A comma-separated list of host names or IP addresses that should not go through any proxy
# @section -- Script pod values
no_proxy: ""
podTemplate:
# -- If enabled, creates a `ScriptPodTemplate` custom resource to define the template used for script pods
# -- overrides any other script pod customisation options and requires the `ScriptPodTemplate` CRD to be installed in the cluster
# @section -- Script pod values
enabled: false
# -- Pod spec for the `ScriptPodTemplate`
# @section -- Script pod values
podSpec: {}
# -- Pod metadata for the `ScriptPodTemplate`
# @section -- Script pod values
podMetadata:
annotations: {}
labels: {}
# -- Script container spec for the `ScriptPodTemplate`
# @section -- Script pod values
scriptContainerSpec: {}
# -- Watchdog container spec for the `ScriptPodTemplate`
# @section -- Script pod values
watchdogContainerSpec: {}
# -- The number of minutes a script pod remains pending before it is deleted
# @default 60
# @section -- Script pod values
pendingPodsTimeoutMinutes: 60
# @section -- Persistence
persistence:
# -- Sets the requested PVC access modes for both the agent pod and script pods.
# -- If set to 'ReadWriteOnce' (default), the agent will set a pod affinity on script pods to co-locate them on the same node as the agent pod.
# @section -- Persistence
accessModes: ["ReadWriteOnce"]
# -- When NFS is disabled, will set the provided storageClassName in the PVC.
# -- When set to "-", results in storageClassName: "" being set in the PVC.
# @section -- Persistence
storageClassName: ""
# -- When NFS is disabled, will set the provided volumeName in the PVC.
# @section -- Persistence
volumeName: ""
# -- The size of the volume to create
# @section -- Persistence
size: 10Gi
# -- The NFS server PV reclaim policy
# @section -- Persistence
persistentVolumeReclaimPolicy: Retain
nfs:
# -- If enabled, runs an in-cluster NFS server pod to support scaled, multi-node script pod execution.
# @section -- Persistence
enabled: false
# -- The repository, pullPolicy & tag to use for the NFS server
# @section -- Persistence
image:
repository: octopusdeploy/nfs-server
pullPolicy: IfNotPresent
tag: "1.1.0"
backingVolume:
# -- The storage class name to use for the NFS Server's backing storage - if left as an empty string, an emptyDir will be used
# @section -- Persistence
storageClassName: ""
# -- The access modes to use for the NFS Server's backing storage
# @section -- Persistence
accessModes: ["ReadWriteOnce"]
# -- Additional metadata to add to the NFS pod & container
# @section -- Persistence
metadata:
annotations: {}
labels: {}
# -- The tolerations to apply to the NFS pod
# @section -- Persistence
tolerations: []
# -- The affinities to apply to the NFS pod
# @section -- Persistence
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
# -- Additional pod spec to apply to the NFS pod - does not override any other NFS configuration
# @section -- Persistence
spec: {}
containers:
nfs:
# -- Additional container spec to apply to the NFS container - does not override any other configuration
# @section -- Persistence
spec: {}
# -- Additional env to apply to the NFS container - does not override any other configuration
# @section -- Persistence
env: []
watchdog:
# -- If enabled, the NFS watchdog will monitor NFS availability and restart Tentacle and Script Pods if the NFS server is unresponsive
# @section -- Persistence
enabled: true
# -- The frequency in seconds to check the NFS server
# @section -- Persistence
# @default 5
loop_seconds: ""
# -- The initial backoff time in seconds to retry failed NFS checks
# @section -- Persistence
# @default 0.5
initial_backoff_seconds: ""
# -- The total time to retry failed NFS checks before giving up and deleting the pod
# @section -- Persistence
# @default 10
timeout_seconds: ""
# -- The repository, pullPolicy & tag to use for the NFS watchdog
# @section -- Persistence
image:
repository: octopusdeploy/kubernetes-agent-nfs-watchdog
pullPolicy: IfNotPresent
tag: "0.2.0"
# @section -- Auto-upgrader configuration
autoUpgrader:
# -- Rules for managing the agent in its own namespace when using namespace-scoped roles
# @section -- Auto-upgrader configuration
selfNamespaceRoleRules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
# -- Rules for managing script pod roles in target namespaces when using namespace-scoped roles
# @section -- Auto-upgrader configuration
targetNamespaceRoleRules:
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "rolebindings"]
verbs: ["create", "update", "patch", "get", "list", "watch", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles"]
verbs: ["escalate"]
# Used to enable the Kubernetes Monitor
# @ignored
kubernetesMonitor:
enabled: false
# Used for integration testing to avoid registering with a real Octopus Server
# @ignored
testing:
tentacle:
configMap:
data: {}
global:
# -- The URL of the target Octopus Server to register this agent with
# -- This is overridden by agent.serverUrl if both are set
# @section -- Globals
serverApiUrl: ""
# -- The base64-encoded public key of the self-signed x509 certificate or root CA certificate used by the target Octopus Server. Must be in the PEM/CER format. See [documentation](https://octopus.com/docs/kubernetes/targets/kubernetes-agent#trusting-custominternal-octopus-server-certificates) for more information.
# -- This is overridden by agent.serverCertificate if both are set
# @section -- Globals
serverCertificate: ""
# -- The name of a secret containing the base64-encoded public key of the self-signed x509 certificate or root CA certificate used by the target Octopus Server. Must be in the PEM/CER format. Value must be set in `data.octopus-server-certificate.pem` in secret.
# -- This is overridden by agent.serverCertificateSecretName if both are set
# @section -- Globals
serverCertificateSecretName: ""
# -- Specifies that the pod service account should be constrained to target namespaces
# -- This is overridden by scriptPods.serviceAccount.targetNamespaces if both are set
# @section -- Globals
# @default -- Uses a ClusterRoleBinding to allow the service account to run in any namespace
targetNamespaces: []