-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalues.yaml
49 lines (46 loc) · 1.49 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
agent:
enabled: true
image:
tag: v3.0
# This secret is autogenerated as part of the kiam-secrets chart
tlsSecret: kiam-agent-tls
host:
iptables: true
interface: "!eth0"
# The default chart timout is too small. See https://github.com/uswitch/kiam/issues/94#issuecomment-423876602
gatewayTimeoutCreation: 1s
# If you only want the agents to run on some nodes, you can set this value. In our example,
# this isn't necessary, and the agents won't run on the kiam-server boxes as they are tainted
# to prevent any other pods running.
# nodeSelector:
# kiam-agent: "true"
extraHostPathMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
hostPath: /etc/pki/ca-trust/extracted/pem
log:
level: debug
server:
enabled: true
image:
tag: v3.0
# This secret is autogenerated as part of the kiam-secrets chart
tlsSecret: kiam-server-tls
# This is to choose a different node for agent vs server. Without it, the kiam-server pods
# would be scheduled on all nodes, including the ones that are running the kiam-agents
nodeSelector:
kiam-server: "true"
# This states that the server pods can withstand the taint on the second node group that prevents
# other pods from being scheduled there.
tolerations:
- key: kiam-server
operator: Equal
value: "false"
effect: NoExecute
extraHostPathMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
hostPath: /etc/pki/ca-trust/extracted/pem
useHostNetwork: true
log:
level: debug