-
Notifications
You must be signed in to change notification settings - Fork 172
/
values.yaml
138 lines (119 loc) · 3.58 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Default values for permission-manager.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: quay.io/sighup/permission-manager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v1.9.0"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
fsGroup: 2000
# Default values should not be used currently. It will result in a startup-error.
# TODO: correct default values should be placed here.
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
nodePort: null
# Ingress:
# - If you want to use a specific ingress controller, just uncomment "kubernetes.io/ingress.class" and type the name of your ingress class.
# - If you want to use TLS (https) for the web interface, just uncomment the "tls" part and add create the secret in the correct namespace.
# - If you're using cert-manager.io to provision your certificates, just uncomment "cert-manager.io/cluster-issuer" and type the name of your cluster-issuer. Please also uncomment the "tls" part with default values.
ingress:
enabled: false
annotations:
# kubernetes.io/ingress.class: nginx
# cert-manager.io/cluster-issuer: my-cluster-issuer
hosts:
- host: permission-manager.domain.com
paths:
- path: /
pathType: ImplementationSpecific
# tls:
# - secretName: permission-manager-tls
# hosts:
# - permission-manager.domain.com
# Ressources:
# The values already adjusted for a small permission-manager setup. Increase value if needed.
# It's recommended to use ressource limits, just uncomment and try out. To use autosacling, ressources are required.
resources:
{}
# Adjust lines as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 10m
# memory: 80Mi
# requests:
# cpu: 10m
# memory: 80Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#
# Application configuration:
config:
# Can be found in /etc/kubernetes/admin.conf: clusters -> cluster -> name
clusterName: ""
# Can be found in /etc/kubernetes/admin.conf: clusters -> cluster -> server
controlPlaneAddress: ""
# Password for basic auth to access the UI
basicAuthPassword: ""
templates:
- name: operation
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
- name: developer
rules:
- apiGroups:
- "*"
resources:
- "configmaps"
- "endpoints"
- "persistentvolumeclaims"
- "pods"
- "pods/log"
- "pods/portforward"
- "podtemplates"
- "replicationcontrollers"
- "resourcequotas"
- "secrets"
- "services"
- "events"
- "daemonsets"
- "deployments"
- "replicasets"
- "ingresses"
- "networkpolicies"
- "poddisruptionbudgets"
verbs:
- "*"