forked from OT-CONTAINER-KIT/helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
102 lines (78 loc) · 1.76 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
replicaCount: 2
debug: true
certificate:
useCertManager: false
generate: true
server:
tls:
crt:
key:
ca:
crt:
image:
repository: quay.io/opstree/k8s-vault-webhook
tag: "2.0"
pullPolicy: IfNotPresent
imagePullSecrets: []
service:
name: k8s-vault-webhook
type: ClusterIP
externalPort: 443
internalPort: 8443
env:
VAULT_IMAGE: vault:1.6.1
K8S_SECRET_INJECTOR_IMAGE: quay.io/opstree/k8s-secret-injector:2.0
# K8S_SECRET_INJECTOR_IMAGE_PULL_POLICY: Always
# VAULT_CAPATH: /vault/tls
# used when the pod that should get secret injected does not specify
# an imagePullSecret
# DEFAULT_IMAGE_PULL_SECRET:
# DEFAULT_IMAGE_PULL_SECRET_NAMESPACE:
metrics:
enabled: false
port: 8443
serviceMonitor:
enabled: false
scheme: https
tlsConfig:
insecureSkipVerify: true
volumes: []
volumeMounts: []
podAnnotations: {}
labels: {}
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
## Assign a PriorityClassName to pods if set
priorityClassName: ""
rbac:
enabled: true
psp:
enabled: false
# This can cause issues when used with Helm, so it is not enabled by default
configMapMutation: false
configmapFailurePolicy: Ignore
podsFailurePolicy: Ignore
secretsFailurePolicy: Ignore
apiSideEffectValue: NoneOnDryRun
namespaceSelector:
matchExpressions:
- key: name
operator: NotIn
values:
- kube-system
# matchLabels:
# vault-injection: enabled
# In case of the K8s cluster version is above 1.15 objectSelector is usable
# exclude objects with certain labels from admission
objectSelector: {}
# matchExpressions:
# - key: security.k8s-vault-webhook/mutate
# operator: NotIn
# values:
# - skip
podDisruptionBudget:
enabled: true
minAvailable: 1