|
|
@@ -2,113 +2,115 @@
|
|
|
# This is a YAML-formatted file.
|
|
|
# Declare variables to be passed into your templates.
|
|
|
|
|
|
+# -- number of netmaker server replicas to create
|
|
|
replicas: 3
|
|
|
|
|
|
image:
|
|
|
+ # -- The image repo to pull Netmaker image from
|
|
|
repository: gravitl/netmaker
|
|
|
+ # -- Pull Policy for images
|
|
|
pullPolicy: Always
|
|
|
- # Overrides the image tag whose default is the chart appVersion.
|
|
|
+ # -- Override the image tag to pull
|
|
|
tag: "v0.8.4"
|
|
|
|
|
|
-imagePullSecrets: []
|
|
|
-nameOverride: ""
|
|
|
+# -- override the name for netmaker objects
|
|
|
+nameOverride: ""
|
|
|
+
|
|
|
+# -- override the full name for netmaker objects
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
serviceAccount:
|
|
|
- # Specifies whether a service account should be created
|
|
|
+ # -- Specifies whether a service account should be created
|
|
|
create: true
|
|
|
- # Annotations to add to the service account
|
|
|
+ # -- Annotations to add to the service account
|
|
|
annotations: {}
|
|
|
- # The name of the service account to use.
|
|
|
- # If not set and create is true, a name is generated using the fullname template
|
|
|
+ # -- Name of SA to use. If not set and create is true, a name is generated using the fullname template
|
|
|
name: ""
|
|
|
|
|
|
+# -- pod annotations to add
|
|
|
podAnnotations: {}
|
|
|
|
|
|
+# -- pod security contect to add
|
|
|
podSecurityContext: {}
|
|
|
# fsGroup: 2000
|
|
|
|
|
|
-isKernel: false
|
|
|
-isClient: true
|
|
|
-
|
|
|
ui:
|
|
|
+ # -- how many UI replicas to create
|
|
|
replicas: 2
|
|
|
|
|
|
-securityContext: {}
|
|
|
- # capabilities:
|
|
|
- # drop:
|
|
|
- # - ALL
|
|
|
- # readOnlyRootFilesystem: true
|
|
|
- # runAsNonRoot: true
|
|
|
- # runAsUser: 1000
|
|
|
-
|
|
|
service:
|
|
|
+ # -- type for netmaker server services
|
|
|
type: ClusterIP
|
|
|
+ # -- port for API service
|
|
|
restPort: 8081
|
|
|
+ # -- port for GRPC service
|
|
|
grpcPort: 443
|
|
|
+ # -- port for UI service
|
|
|
uiPort: 80
|
|
|
|
|
|
ingress:
|
|
|
+ # -- attempts to configure ingress if true
|
|
|
enabled: false
|
|
|
- className: ""
|
|
|
+ tls:
|
|
|
+ enabled: true
|
|
|
annotations:
|
|
|
- kubernetes.io/ingress.class: nginx
|
|
|
- kubernetes.io/tls-acme: "true"
|
|
|
- nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
- cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
|
- nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
|
- grpcAnnotations:
|
|
|
- kubernetes.io/ingress.class: nginx
|
|
|
- kubernetes.io/tls-acme: "true"
|
|
|
- nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
|
|
- nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
- cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
|
- nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
|
+ base:
|
|
|
+ # -- annotation to generate ACME certs if available
|
|
|
+ kubernetes.io/ingress.allow-http: "false"
|
|
|
+ tls:
|
|
|
+ kubernetes.io/tls-acme: "true"
|
|
|
+ # -- LE issuer name
|
|
|
+ cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
|
+ # -- Block HTTP requests
|
|
|
+ nginx:
|
|
|
+ # -- Redirect http to https
|
|
|
+ nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
|
+ # -- destination addr for route
|
|
|
+ nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
+ traefik:
|
|
|
+ # -- Redirect to https
|
|
|
+ traefik.ingress.kubernetes.io/redirect-entry-point: https
|
|
|
+ # -- Redirect to https permanently
|
|
|
+ traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
|
|
+ # -- rule type
|
|
|
+ traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
|
|
|
+ grpc:
|
|
|
+ nginx:
|
|
|
+ # -- annotation to use grpc protocol on grpc domain
|
|
|
+ nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
|
|
+ traefik:
|
|
|
+ # -- annotation to use grpc protocol on grpc domain
|
|
|
+ ingress.kubernetes.io/protocol: "h2c"
|
|
|
hostPrefix:
|
|
|
+ # -- ui route subdomain
|
|
|
ui: 'dashboard.'
|
|
|
+ # -- api (REST) route subdomain
|
|
|
rest: 'api.'
|
|
|
+ # -- grpc route subdomain
|
|
|
grpc: 'grpc.'
|
|
|
|
|
|
-resources: {}
|
|
|
- # We usually recommend not to specify default resources and to leave this as a conscious
|
|
|
- # choice for the user. This also increases chances charts run on environments with little
|
|
|
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
|
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
|
- # limits:
|
|
|
- # cpu: 100m
|
|
|
- # memory: 128Mi
|
|
|
- # requests:
|
|
|
- # cpu: 100m
|
|
|
- # memory: 128Mi
|
|
|
-
|
|
|
wireguard:
|
|
|
+ # -- whether or not to use WireGuard on server
|
|
|
enabled: true
|
|
|
+ # -- whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts).
|
|
|
kernel: false
|
|
|
+ # -- max number of networks that Netmaker will support if running with WireGuard enabled
|
|
|
+ networkLimit: 10
|
|
|
|
|
|
dns:
|
|
|
+ # -- whether or not to run with DNS (CoreDNS)
|
|
|
enabled: false
|
|
|
+ # -- volume size for DNS (only needs to hold one file)
|
|
|
storageSize: 128Mi
|
|
|
|
|
|
postgresql-ha:
|
|
|
postgresql:
|
|
|
+ # -- postgres user to generate
|
|
|
username: netmaker
|
|
|
+ # -- postgres pass to generate
|
|
|
password: netmaker
|
|
|
+ # -- postgress db to generate
|
|
|
database: netmaker
|
|
|
persistence:
|
|
|
+ # -- size of postgres DB
|
|
|
size: 3Gi
|
|
|
-
|
|
|
-autoscaling:
|
|
|
- enabled: false
|
|
|
- minReplicas: 1
|
|
|
- maxReplicas: 100
|
|
|
- targetCPUUtilizationPercentage: 80
|
|
|
- # targetMemoryUtilizationPercentage: 80
|
|
|
-
|
|
|
-netmakerUI:
|
|
|
-
|
|
|
-
|
|
|
-nodeSelector: {}
|
|
|
-
|
|
|
-tolerations: []
|
|
|
-
|
|
|
-affinity: {}
|
afeiszli