# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override metallb.fullname include (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override metallb.fullname template
##
fullnameOverride: ""
## @param commonLabels Add labels to all the deployed resources
##
commonLabels: {}
## @param commonAnnotations Add annotations to all the deployed resources
##
commonAnnotations: {}
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment(s)/statefulset(s)
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
##
args:
- infinity
## @param installCRDs Flag to install metallb CRDs
##
installCRDs: true
## @section MetalLB parameters
## RBAC creation for controller and speaker
##
rbac:
## @param rbac.create Specifies whether to install and use RBAC rules
##
create: true
## PSP creation for controller and speaker
##
psp:
## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
create: false
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
##
enabled: true
## @param networkPolicy.allowExternal The Policy model to apply
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Prometheus Operator alertmanager alerts
##
## @param prometheusRule.enabled Prometheus Operator alertmanager alerts are created
##
prometheusRule:
enabled: false
## @section Controller parameters
## MetalLB Controller deployment.
## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags
##
controller:
## @param controller.image.registry [default: REGISTRY_NAME] MetalLB Controller image registry
## @param controller.image.repository [default: REPOSITORY_NAME/metallb-controller] MetalLB Controller image repository
## @skip controller.image.tag MetalLB Controller image tag (immutable tags are recommended)
## @param controller.image.digest MetalLB Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param controller.image.pullPolicy MetalLB Controller image pull policy
## @param controller.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/metallb-controller
tag: 0.14.3-debian-12-r6
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param controller.updateStrategy.type MetalLB controller deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param controller.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param controller.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## If global .Values.rbac.create is disabled no rbac is created.
## This value is then meaningless
## Defines if the controller rbac should be created.
##
rbac:
## @param controller.rbac.create create specifies whether to install and use RBAC rules.
##
create: true
## If global .Values.psp.create is disabled no psp is created.
## This value is then meaningless
## Defines if the controller psp should be created.
##
psp:
## @param controller.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
create: true
## @param controller.priorityClassName MetalLB controller pods' priorityClassName
##
priorityClassName: ""
## @param controller.runtimeClassName Name of the runtime class to be used by MetalLB controller pod(s)
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## @param controller.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param controller.terminationGracePeriodSeconds In seconds, time the given to the MetalLB controller pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: 0
## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## Controller container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param controller.nodeSelector Node labels for controller pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param controller.tolerations Tolerations for controller pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param controller.affinity Affinity for controller pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param controller.podAnnotations Controller Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param controller.podLabels Controller Pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param controller.podAffinityPreset Controller Pod affinitypreset. Allowed values: soft, hard
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param controller.podAntiAffinityPreset Controller Pod anti affinitypreset. Allowed values: soft, hard
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## @param controller.nodeAffinityPreset.type Controller Pod Node affinity preset. Allowed values: soft, hard
##
type: ""
## @param controller.nodeAffinityPreset.key Controller Pod Node affinity label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param controller.nodeAffinityPreset.values Controller Pod Node affinity label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param controller.podSecurityContext.enabled Enabled MetalLB Controller pods' Security Context
## @param controller.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param controller.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param controller.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param controller.podSecurityContext.fsGroup Set MetalLB Controller pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param controller.containerSecurityContext.enabled Enabled MetalLB Controller containers' Security Context
## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param controller.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param controller.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param controller.containerSecurityContext.runAsNonRoot Set MetalLB Controller container's Security Context runAsNonRoot
## @param controller.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod.
## @param controller.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly
## @param controller.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param controller.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: "RuntimeDefault"
## @param controller.command Override default container command (useful when using custom images)
##
command: []
## @param controller.args Override default container args (useful when using custom images)
##
args: []
## @param controller.lifecycleHooks for the MetalLB Controller container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param controller.extraEnvVars Extra environment variable to pass to the running container.
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MetalLB controller nodes
##
extraEnvVarsCM: ""
## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for MetalLB controller nodes
##
extraEnvVarsSecret: ""
## @param controller.extraVolumes Optionally specify extra list of additional volumes for the MetalLB controller pod(s)
##
extraVolumes: []
## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MetalLB controller container(s)
##
extraVolumeMounts: []
## @param controller.sidecars Add additional sidecar containers to the MetalLB Controller pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param controller.initContainers Add additional init containers to the MetalLB Controller pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param controller.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## @param controller.revisionHistoryLimit Configure the revisionHistoryLimit of the Controller deployment
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit
##
revisionHistoryLimit: 3
## @param controller.containerPorts.metrics Configures the ports the MetalLB Controller listens on for metrics
##
containerPorts:
metrics: 7472
## Liveness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param controller.livenessProbe.enabled Enable livenessProbe
## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Readiness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param controller.readinessProbe.enabled Enable readinessProbe
## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Startup probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param controller.startupProbe.enabled Enable startupProbe
## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param controller.startupProbe.periodSeconds Period seconds for startupProbe
## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe
## @param controller.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param controller.customStartupProbe Custom liveness probe for the Web component
##
customStartupProbe: {}
## @param controller.customLivenessProbe Custom liveness probe for the Web component
##
customLivenessProbe: {}
## @param controller.customReadinessProbe Custom readiness probe for the Web component
##
customReadinessProbe: {}
## @param controller.logLevel Sets the controller log level. Does not work if the args are overridden
##
logLevel: info
## @param controller.tlsMinVersion Sets the minimum TLS version for the controller
## e.g:
## namespace: VersionTLS12
##
tlsMinVersion: ""
## @param controller.tlsCipherSuites Comma separated list of TLS cipher suites for the controller
##
tlsCipherSuites: ""
## @param controller.webhookMode Controller webhook mode
## Allowed values: enabled, disabled or only webhook if we want the controller to act as webhook endpoint only
##
webhookMode: enabled
## @param controller.extraArgs Add extra arguments to the default arguments for the controller
##
extraArgs: []
## @section MetalLB controller Prometheus metrics export
##
metrics:
## @param controller.metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Exporter service parameters
##
service:
## @param controller.metrics.service.port Prometheus metrics service port
##
port: 7472
## @param controller.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "7472"
prometheus.io/path: "/metrics" ## Prometheus Operator service monitors
##
serviceMonitor:
## @param controller.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
##
enabled: false
## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param controller.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: "app.kubernetes.io/name"
## @param controller.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param controller.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param controller.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
##
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param controller.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @section Speaker parameters
## MetalLB Speaker daemonset.
## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags
##
speaker:
## @param speaker.enabled Whether to enable BGP speakers or not
## ref: https://metallb.universe.tf/configuration/calico/#the-easy-way
## Some CNI implementations (e.g. Calico) does not require speakers
##
enabled: true
## @param speaker.image.registry [default: REGISTRY_NAME] MetalLB Speaker image registry
## @param speaker.image.repository [default: REPOSITORY_NAME/metallb-speaker] MetalLB Speaker image repository
## @skip speaker.image.tag MetalLB Speaker image tag (immutable tags are recommended)
## @param speaker.image.digest MetalLB Speaker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param speaker.image.pullPolicy MetalLB Speaker image pull policy
## @param speaker.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/metallb-speaker
tag: 0.14.3-debian-12-r6
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param speaker.updateStrategy.type Speaker daemonset strategy type
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## If global .Values.rbac.create is disabled no rbac is created.
## This value is then meaningless
## Defines if the speaker rbac should be created.
##
rbac:
## @param speaker.rbac.create create specifies whether to install and use RBAC rules.
##
create: true
## @param speaker.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param speaker.networkPolicy.enabled Enable creation of NetworkPolicy resources
##
enabled: true
## @param speaker.networkPolicy.allowExternal The Policy model to apply
## When set to false, only pods with the correct client label will have network access to the ports Keycloak is
## listening on. When true, Keycloak will accept connections from any source (with the correct destination port).
##
allowExternal: true
## @param speaker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param speaker.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param speaker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraIngress: []
## @param speaker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param speaker.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param speaker.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @param speaker.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## If global .Values.psp.create is disabled no psp is created.
## This value is then meaningless
## Defines if the speaker psp should be created.
##
psp:
## @param speaker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
create: true
## @param speaker.priorityClassName Speaker pods' priorityClassName
##
priorityClassName: ""
## @param speaker.runtimeClassName Name of the runtime class to be used by Speaker pod(s)
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## @param speaker.terminationGracePeriodSeconds In seconds, time the given to the Speaker pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: 2
## Speaker container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param speaker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if speaker.resources is set (speaker.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
## @param speaker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param speaker.nodeSelector Node labels for speaker pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param speaker.tolerations Tolerations for speaker pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param speaker.affinity Affinity for speaker pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node speaker.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param speaker.nodeAffinityPreset.type Node affinity preset type. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param speaker.nodeAffinityPreset.key Node label key to match. Ignored if `speaker.affinity` is set
##
key: ""
## @param speaker.nodeAffinityPreset.values Node label values to match. Ignored if `speaker.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param speaker.podAffinityPreset Pod affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param speaker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `speaker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## @param speaker.podAnnotations Speaker Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param speaker.podLabels Speaker Pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param speaker.podSecurityContext.enabled Enabled Speaker pods' Security Context
## @param speaker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param speaker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param speaker.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param speaker.podSecurityContext.fsGroup Set Speaker pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 0
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param speaker.containerSecurityContext.enabled Enabled Speaker containers' Security Context
## @param speaker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param speaker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param speaker.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param speaker.containerSecurityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod.
## @param speaker.containerSecurityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly
## @param speaker.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext
## @param speaker.containerSecurityContext.capabilities.add [array] Add capabilities for the securityContext
## @param speaker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 0
runAsGroup: 0
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
seccompProfile:
type: "RuntimeDefault"
## @param speaker.command Override default container command (useful when using custom images)
##
command: []
## @param speaker.args Override default container args (useful when using custom images)
##
args: []
## @param speaker.lifecycleHooks for the Speaker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param speaker.sidecars Add additional sidecar containers to the Speaker pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param speaker.initContainers Add additional init containers to the Speaker pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param speaker.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param speaker.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param speaker.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## Defines a secret to use outside of the auto generate
## @param speaker.secretName References a Secret name for the member secret outside of the helm chart
## @param speaker.secretKey References a Secret key the member secret outside of the helm chart
## @param speaker.secretValue Custom value for `speaker.secretKey`
## Default: {{ randAlphaNum 256 | b64enc | quote }}
## The auto generated secret has:
## secretName: {{ "common.names.fullname" }}-memberlist
## secretKey: secretkey
## secretValue: random 256 character alphanumeric string
##
secretName: ""
secretKey: ""
secretValue: ""
## @param speaker.extraEnvVars Extra environment variable to pass to the running container.
## For example:
## extraEnvVars:
## - name: MY_ENV_VAR
## value: env_var_value
##
extraEnvVars: []
## @param speaker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Speaker nodes
##
extraEnvVarsCM: ""
## @param speaker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Speaker nodes
##
extraEnvVarsSecret: ""
## @param speaker.extraVolumes Optionally specify extra list of additional volumes for the Speaker pod(s)
##
extraVolumes: []
## @param speaker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Speaker container(s)
##
extraVolumeMounts: []
## @param speaker.containerPorts.metrics HTTP Metrics Endpoint
##
containerPorts:
metrics: 7472
## Liveness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param speaker.livenessProbe.enabled Enable livenessProbe
## @param speaker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param speaker.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param speaker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param speaker.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param speaker.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Readiness probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param speaker.readinessProbe.enabled Enable readinessProbe
## @param speaker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param speaker.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param speaker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param speaker.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param speaker.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Startup probe values
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param speaker.startupProbe.enabled Enable startupProbe
## @param speaker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param speaker.startupProbe.periodSeconds Period seconds for startupProbe
## @param speaker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param speaker.startupProbe.failureThreshold Failure threshold for startupProbe
## @param speaker.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## @param speaker.customStartupProbe Custom liveness probe for the Web component
##
customStartupProbe: {}
## @param speaker.customLivenessProbe Custom liveness probe for the Web component
##
customLivenessProbe: {}
## @param speaker.customReadinessProbe Custom readiness probe for the Web component
##
customReadinessProbe: {}
## @param speaker.logLevel Sets the speaker log level. Does not work if the args are overridden
##
logLevel: "info"
## @section Speaker Prometheus metrics export
metrics:
## @param speaker.metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Prometheus Exporter service parameters
##
service:
## @param speaker.metrics.service.port Prometheus metrics service port
##
port: 7472
## @param speaker.metrics.service.annotations [object] Annotations for the Prometheus Exporter service service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "7472"
prometheus.io/path: "/metrics"
## Prometheus Operator service monitors
##
serviceMonitor:
## @param speaker.metrics.serviceMonitor.enabled Enable support for Prometheus Operator
##
enabled: false
## @param speaker.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param speaker.metrics.serviceMonitor.jobLabel Job label for scrape target
##
jobLabel: "app.kubernetes.io/name"
## @param speaker.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## @param speaker.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param speaker.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param speaker.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param speaker.metrics.serviceMonitor.selector ServiceMonitor selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
##
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param speaker.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param speaker.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false