724c0d3eb0
This is helpful for us, amongst other users, because we want to enable "debug"
logging whenever we deploy components for testing.
See a5643e3 for addition of log level.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
57 lines
3.2 KiB
YAML
57 lines
3.2 KiB
YAML
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
#@data/values
|
|
---
|
|
|
|
app_name: pinniped-concierge
|
|
|
|
#! Creates a new namespace statically in yaml with the given name and installs the app into that namespace.
|
|
namespace: pinniped-concierge
|
|
#! If specified, assumes that a namespace of the given name already exists and installs the app into that namespace.
|
|
#! If both `namespace` and `into_namespace` are specified, then only `into_namespace` is used.
|
|
into_namespace: #! e.g. my-preexisting-namespace
|
|
|
|
#! All resources created statically by yaml at install-time and all resources created dynamically
|
|
#! by controllers at runtime will be labelled with `app: $app_name` and also with the labels
|
|
#! specified here. The value of `custom_labels` must be a map of string keys to string values.
|
|
#! The app can be uninstalled either by:
|
|
#! 1. Deleting the static install-time yaml resources including the static namespace, which will cascade and also delete
|
|
#! resources that were dynamically created by controllers at runtime
|
|
#! 2. Or, deleting all resources by label, which does not assume that there was a static install-time yaml namespace.
|
|
custom_labels: {} #! e.g. {myCustomLabelName: myCustomLabelValue, otherCustomLabelName: otherCustomLabelValue}
|
|
|
|
#! Specify how many replicas of the Pinniped server to run.
|
|
replicas: 2
|
|
|
|
#! Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.
|
|
image_repo: docker.io/getpinniped/pinniped-server
|
|
image_digest: #! e.g. sha256:f3c4fdfd3ef865d4b97a1fd295d94acc3f0c654c46b6f27ffad5cf80216903c8
|
|
image_tag: latest
|
|
|
|
#! Optionally specify a different image for the "kube-cert-agent" pod which is scheduled
|
|
#! on the control plane. This image needs only to include `sleep` and `cat` binaries.
|
|
#! By default, the same image specified for image_repo/image_digest/image_tag will be re-used.
|
|
kube_cert_agent_image:
|
|
|
|
#! Specifies a secret to be used when pulling the above `image_repo` container image.
|
|
#! Can be used when the above image_repo is a private registry.
|
|
#! Typically the value would be the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
|
|
#! Optional.
|
|
image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}
|
|
|
|
#! Pinniped will try to guess the right K8s API URL for sharing that information with potential clients.
|
|
#! This settings allows the guess to be overridden.
|
|
#! Optional.
|
|
discovery_url: #! e.g., https://example.com
|
|
|
|
#! Specify the duration and renewal interval for the API serving certificate.
|
|
#! The defaults are set to expire the cert about every 30 days, and to rotate it
|
|
#! about every 25 days.
|
|
api_serving_certificate_duration_seconds: 2592000
|
|
api_serving_certificate_renew_before_seconds: 2160000
|
|
|
|
#! Specify the verbosity of logging: info ("nice to know" information), debug (developer
|
|
#! information), trace (timing information), all (kitchen sink).
|
|
log_level: #! By default, when this value is left unset, only warnings and errors are printed. There is no way to suppress warning and error logs.
|