-
Notifications
You must be signed in to change notification settings - Fork 364
/
values.tmpl.yaml
114 lines (108 loc) · 3.18 KB
/
values.tmpl.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# The global settings for the Envoy Gateway Helm chart.
# These values will be used if the values are not overridden in the other sections.
global:
images:
envoyGateway:
# This is the full image name including the hub, repo, and tag.
image: ${GatewayImage}
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
pullPolicy: ${GatewayImagePullPolicy}
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
pullSecrets: []
ratelimit:
# This is the full image name including the hub, repo, and tag.
image: "docker.io/envoyproxy/ratelimit:master"
# Specify image pull policy if default behavior isn't desired.
# Default behavior: latest images will be Always else IfNotPresent.
pullPolicy: IfNotPresent
# List of secrets in the same namespace of the component that can be used to pull images from private repositories.
pullSecrets: []
podDisruptionBudget:
minAvailable: 0
# maxUnavailable: 1
deployment:
envoyGateway:
image:
repository: ""
tag: ""
imagePullPolicy: ""
imagePullSecrets: []
resources:
limits:
memory: 1024Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsNonRoot: true
runAsGroup: 65532
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
ports:
- name: grpc
port: 18000
targetPort: 18000
- name: ratelimit
port: 18001
targetPort: 18001
- name: wasm
port: 18002
targetPort: 18002
- name: metrics
port: 19001
targetPort: 19001
priorityClassName: null
replicas: 1
pod:
affinity: {}
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '19001'
labels: {}
topologySpreadConstraints: []
tolerations: []
nodeSelector: {}
service:
annotations: {}
config:
envoyGateway:
gateway:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
provider:
type: Kubernetes
logging:
level:
default: info
createNamespace: false
kubernetesClusterDomain: cluster.local
# -- Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
certgen:
job:
annotations: {}
resources: {}
affinity: {}
tolerations: []
nodeSelector: {}
ttlSecondsAfterFinished: 30
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsGroup: 65534
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
rbac:
annotations: {}
labels: {}