-
Notifications
You must be signed in to change notification settings - Fork 207
/
Copy pathvalues.yaml
184 lines (177 loc) · 9.08 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
---
# Traefik load balancer parameters
# Pega deployments support the use of Traefik as the default load balancer; however, by default,
# Pega Platform deployments assume clients will use the load balancing tools featured in the
# Kubernetes environment of the deployment. For more information, see the readme:
# https://github.com/pegasystems/pega-helm-charts/blob/master/charts/addons/README.md
# Set traefik.enabled: true to deploy Traefik using the parameters specified below.
traefik:
enabled: false
# When you set this to true, you can then set additional Traefik parameters to be passed into Traefik's Helm chart.
# See https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
# To use Traefik as a load balancer in PKS, AKS, GKE, or k8s, set traefik.serviceType: "LoadBalancer".
rbac:
enabled: true
service:
type: LoadBalancer
ports:
web:
port: 80
nodePort: 30080
websecure:
port: 443
nodePort: 30443
tls:
enabled: false
# this is the name of a Traefik TLSOption definition
options: ""
certResolver: ""
domains: []
# - main: example.com
# sans:
# - foo.example.com
# - bar.example.com
resources:
requests:
# Enter the CPU Request for Traefik
cpu: 200m
# Enter the memory request for Traefik
memory: 200Mi
limits:
# Enter the CPU Limit for Traefik
cpu: 500m
# Enter the memory limit for Traefik
memory: 500Mi
# When deploying on AWS EKS, set this to true to install aws-load-balancer-controller.
## For more details on this, please refer https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
aws-load-balancer-controller:
enabled: false
## Resources created by the ALB Ingress controller will be prefixed with this string
clusterName: "YOUR_EKS_CLUSTER_NAME"
## AWS region of k8s cluster, required if ec2metadata is unavailable from controller pod
region: "YOUR_EKS_CLUSTER_REGION"
## VPC ID of k8s cluster, required if ec2metadata is unavailable from controller pod
vpcId: "YOUR_EKS_CLUSTER_VPC_ID"
## Deployments on AWS Gov Cloud requires the image repository to be passed explicitly. Please enable this block for aws gov cloud deployments only.
## The AMAZON_CONTAINER_IMAGE_REGISTRY can be found here: https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html
## image:
## repository: "<AMAZON_CONTAINER_IMAGE_REGISTRY>/amazon/aws-load-balancer-controller"
## To create IAM Role, see https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html#create-service-account-iam-role
## Create policy with https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json and
## attach it to the role. See, https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller for more details
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: "YOUR_IAM_ROLE_ARN"
# Configure EFK stack for logging:
# For a complete EFK stack: elasticsearch, fluentd-elasticsearch, and kibana should all be enabled
# Pega recommends deploying EFK only on k8s
# On Openshift, see https://docs.openshift.com/container-platform/3.11/install_config/aggregate_logging.html
# On EKS, see https://eksworkshop.com/logging/
# Replace false with true to deploy EFK.
# Do not remove &deploy_efk; it is a yaml anchor which is referenced by the EFK subcharts.
deploy_efk: &deploy_efk true
elasticsearch:
enabled: *deploy_efk
# Set any additional elastic search parameters. These values will be used by elasticsearch helm chart.
# See https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml
#
antiAffinity: soft
esJavaOpts: "-Xmx512m -Xms512m"
# Allocate smaller chunks of memory per pod.
resources:
requests:
cpu: "100m"
memory: "512M"
limits:
cpu: "1000m"
memory: "1Gi"
# Request smaller persistent volumes.
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
kibana:
enabled: *deploy_efk
# Set any additional kibana parameters. These values will be used by Kibana's helm chart.
# See https://github.com/elastic/helm-charts/blob/master/kibana/values.yaml
elasticsearchHosts: "http://elasticsearch-master:9200"
ingress:
# If enabled is set to "true", an ingress is created to access kibana.
enabled: true
# Enter the domain name to access kibana via a load balancer.
hosts:
- host: "YOUR_WEB.KIBANA.EXAMPLE.COM"
paths:
- path: /
fluentd-elasticsearch:
enabled: *deploy_efk
# Set any additional fluentd-elasticsearch parameters. These values will be used by fluentd-elasticsearch's helm chart.
# See https://github.com/kiwigrid/helm-charts/blob/master/charts/fluentd-elasticsearch/values.yaml
elasticsearch:
hosts: ["elasticsearch-master:9200"]
# Configure a metrics-server tool for the deployment by following the guidelines specific to each provider:
# EKS, open-source Kubernetes, Openshift - set this to true.
# GKE or AKS - set this to false and use the native metrics-server in the cluster.
metrics-server:
enabled: false
# Set any additional metrics-server parameters. These values will be used by metrics-server's helm chart.
# See https://github.com/helm/charts/blob/master/stable/metrics-server/values.yaml
args:
- --logtostderr
# The order in which to consider different Kubelet node address types when connecting to Kubelet.
# Uncomment below arguemnt if host names are not resolvable from metrics server pod.
# This setting is not required for public cloud providers & openshift enterprise. It may be required for open-source Kubernetes.
# - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
# Uncomment below arguemnt to skip verifying Kubelet CA certificates.
# Not recommended for production usage, but can be useful in test clusters with self-signed Kubelet serving certificates.
# This setting is not required for public cloud providers & openshift enterprise. It may be required for open-source Kubernetes.
# - --kubelet-insecure-tls
# When deploying on Azure AKS, set ingress-azure.enabled to true to install an Application Gateway Ingress Controller (AGIC).
# The AGIC is a pod within your AKS cluster that monitors the Kubernetes Ingress resources, and creates and applies the
# Application Gateway config based on the status of the Kubernetes cluster. For details, see
# (https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing#azure-resource-manager-authentication).
ingress-azure:
enabled: false
# Add required details about the Application Gateway you created.
appgw:
# Subscription ID of your Azure subscription.
subscriptionId: <YOUR-SUBSCRIPTION-ID>
# Resource group in which you created the Application Gateway.
resourceGroup: <RESOURCE-GROUP-NAME>
# Name of the Application Gateway you created.
name: <APPLICATION-GATEWAY-NAME>
# To expose the ingress endpoint within the Virtual Network, enable the use of privateIP. This setting is not required for Internet exposed ingress, so default is disabled.
usePrivateIP: false
# Authentication using which ingress controller authenticates with Azure Resource Manager.
armAuth:
# To authenticate with the AGIC in your AKS cluster, generate a kubernetes secret from an Active Directory Service Principal
# that is based on your AKS subscription ID. You must encode the Service Principal with base64 and add the result
# to the `secretJSON` field. for details, see (https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing#using-a-service-principal).
#
# In Linux, use the command:
# $ az ad sp create-for-rbac --sdk-auth | base64 -w0
# copy the output and paste it in secretJSON: <SECRET_JSON_CREATED_USING_ABOVE_COMMAND>
#
# On a Windows system, use a Gitbash shell or equivalent instead of Powershell to run the command:
# $ az ad sp create-for-rbac --sdk-auth | base64 -w0
# copy the encoded output and paste it in secretJSON: <SECRET_ENCODED_JSON_CREATED_USING_ABOVE_COMMAND>
#
# When you deploy, the actual JSON values that were encoded in the previous step is copied into the "config" file in the C:\Users\XXXXX\.kube folder.
#
# As an authentication alternative, you can configure an AAD Pod Identity to manage authentication access with the AGIC in your cluster via
# the Azure Resource Manager. For details, see (https://docs.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing#set-up-aad-pod-identity).
#
# to add a AAD-Pod-Identity (https://github.com/Azure/aad-pod-identity).
# armAuth:
# type: aadPodIdentity
# identityResourceID: <identityResourceId>
# identityClientID: <identityClientId>
#
# and comment out the Service Principal parameters:
type: servicePrincipal
secretJSON: <SECRET_ENCODED_JSON_CREATED_USING_ABOVE_COMMAND>
#
# Configure your AKs cluster with RBAC enabled and enable it:
rbac:
enabled: true