helm-charts/charts/api-syncagent/values.yaml at main · kcp-dev/helm-charts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
global:
  ## Reference to one or more secrets to be used when pulling images
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  imagePullSecrets: []
  # - name: "image-pull-secret"
  # or
  # - "image-pull-secret"
# This is to override the chart name.
nameOverride: ""
fullnameOverride: ""

# Required: You need to configure a reference to an APIExportEndpointSlice so the
# agent knows which API to serve and where to connect to.
apiExportEndpointSliceName: ""

# This Agent's public name, purely for informational purposes. If not set, defaults
# to the Helm release name.
agentName: ""

# Required: Name of the Kubernetes Secret that contains a "kubeconfig" key,
# with the kubeconfig provided by kcp to access it. This kubeconfig must point
# directly to the kcp cluster where the referenced object above
# (APIExportEndpointSlice or APIExport) exist.
kcpKubeconfig: ""

# Optional: Name of a Kubernetes Secret that contains a "kubeconfig" key,
# with a kubeconfig to access the service cluster (in case the agent is
# running on a cluster that is not the target cluster for the API sync).
kubeconfig: ""

# Optional: Override the host configured in the local kubeconfig.
kubeconfigHostOverride: ""

# Optional: Override the server CA file configured in the local kubeconfig
kubeconfigCAFileOverride: ""

# Optional: If two or more SyncAgents are installed into the same namespace,
# each one must have a Kubernetes label selector to scope down which
# PublishedResources (PRs) they process, as no two agents must process the same.
# If just one Sync Agent is installed in the cluster, this can be left blank, but
# still be used to ignore certain PRs if desired.
publishedResourceSelector: ""

# The container image to use for the Sync Agent.
image:
  repository: "ghcr.io/kcp-dev/api-syncagent"
  # set this to override the image tag used (determined by chart appVersion by default).
  tag: ""

replicas: 2
enableLeaderElection: true

# A list of internal controllers to disable in the agent; this can be used to set up
# one standalone agent responsible solely for managing the APIExport, and another to
# only sync, for example.
#
# Possible controllers to disable are: sync, apiexport, apiresourceschema
disabledControllers: []

resources:
  requests:
    cpu: 100m
    memory: 64Mi
  limits:
    cpu: 1
    memory: 512Mi

crds:
  # Whether to install the PublishedResource CRD.
  enabled: true

# This section builds out the service account. More information can be found here: https://github.com/kcp-dev/helm-charts/issues/206
serviceAccount:
  # Specifies whether a service account should be created.
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account.
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template.
  name: ""

# This is for setting Kubernetes Annotations to the api-syncagent Deployment.
annotations: {}

# Optional: Pass additional flags to the kcp-api-syncagent process started by the container.
extraFlags: []

# Optional: Configure additional volumes to be added to the syncagent Pod.
extraVolumes: []
#  - name: extra-secret
#    secret:
#      secretName: extra-secret

# Optional: Configure additional volume mounts to be added to the agent container.
extraVolumeMounts: []
#  - name: extra-secret
#    mountPath: /etc/test

hostAliases:
  enabled: false
  values:
    - ip: ""
      hostnames: []

# This configures the node selector for scheduling api-syncagent to specific nodes.
# For more information see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector.
nodeSelector: {}

# This configures tolerations to allow api-syncagent to be scheduled to Nodes with taints.
# For more information see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/.
tolerations: []

# This configures advanced scheduling affinity settings to fine-tune where api-syncagent runs.
# For more information see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.
affinity: {}

# This manages a security context for pod and agent container
securityContext:
  pod:
    runAsNonRoot: true
    runAsUser: 65534
    seccompProfile:
      type: RuntimeDefault
  agent:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL