123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377
global:
imageRegistry: ""
imagePullSecrets:
- minimus-registry
defaultStorageClass: ""
security:
allowInsecureImages: true
compatibility:
openshift:
adaptSecurityContext: auto
kubeVersion: ""
nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
commonLabels: {}
commonAnnotations: {}
clusterDomain: cluster.local
extraDeploy: []
usePasswordFiles: true
diagnosticMode:
enabled: false
command:
- sleep
args:
- infinity
image:
registry: reg.mini.dev
repository: etcd-advanced-fips
tag: 3.6.7
digest: ""
pullPolicy: Always
pullSecrets: []
debug: false
etcd:
image:
registry: reg.mini.dev
repository: etcd-advanced-fips
tag: 3.6.7
pullPolicy: Always
auth:
rbac:
create: true
allowNoneAuthentication: true
rootPassword: ""
existingSecret: ""
existingSecretPasswordKey: ""
token:
enabled: true
type: jwt
privateKey:
filename: jwt-token.pem
existingSecret: ""
signMethod: RS256
ttl: 10m
client:
secureTransport: false
useAutoTLS: false
existingSecret: ""
enableAuthentication: false
certFilename: cert.pem
certKeyFilename: key.pem
caFilename: ""
peer:
secureTransport: false
useAutoTLS: false
existingSecret: ""
enableAuthentication: false
certFilename: cert.pem
certKeyFilename: key.pem
caFilename: ""
autoCompactionMode: ""
autoCompactionRetention: ""
initialClusterToken: etcd-cluster-k8s
logLevel: info
maxProcs: ""
configuration: ""
existingConfigmap: ""
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
command: []
args: []
replicaCount: 1
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
automountServiceAccountToken: false
hostAliases: []
lifecycleHooks: {}
containerPorts:
client: 2379
peer: 2380
metrics: 9090
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
resourcesPreset: micro
resources: {}
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 60
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
extraVolumes: []
extraVolumeMounts: []
extraVolumeClaimTemplates: []
initContainers: []
sidecars: []
podAnnotations: {}
podLabels: {}
podAffinityPreset: ""
podAntiAffinityPreset: soft
nodeAffinityPreset:
type: ""
key: ""
values: []
affinity: {}
nodeSelector: {}
tolerations: []
terminationGracePeriodSeconds: ""
schedulerName: ""
priorityClassName: ""
runtimeClassName: ""
shareProcessNamespace: false
topologySpreadConstraints: []
persistentVolumeClaimRetentionPolicy:
enabled: false
whenScaled: Retain
whenDeleted: Retain
service:
type: ClusterIP
enabled: true
clusterIP: ""
ports:
client: 2379
peer: 2380
metrics: 9090
nodePorts:
client: ""
peer: ""
metrics: ""
clientPortNameOverride: ""
peerPortNameOverride: ""
metricsPortNameOverride: ""
loadBalancerIP: ""
loadBalancerClass: ""
loadBalancerSourceRanges: []
externalIPs: []
externalTrafficPolicy: Cluster
extraPorts: []
annotations: {}
sessionAffinity: None
sessionAffinityConfig: {}
headless:
annotations: {}
persistence:
enabled: true
storageClass: ""
annotations: {}
labels: {}
accessModes:
- ReadWriteOnce
size: 8Gi
selector: {}
volumePermissions:
enabled: false
image:
registry: reg.mini.dev
repository: os-shell-advanced-fips
tag: "1.0"
digest: ""
pullPolicy: IfNotPresent
pullSecrets: []
resourcesPreset: nano
resources: {}
networkPolicy:
enabled: true
allowExternal: true
allowExternalEgress: true
extraIngress: []
extraEgress: []
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
metrics:
enabled: false
useSeparateEndpoint: false
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.useSeparateEndpoint | ternary
.Values.containerPorts.metrics .Values.containerPorts.client }}"
podMonitor:
enabled: false
namespace: monitoring
interval: 30s
scrapeTimeout: 30s
additionalLabels: {}
scheme: http
tlsConfig: {}
relabelings: []
prometheusRule:
enabled: false
namespace: ""
additionalLabels: {}
rules: []
startFromSnapshot:
enabled: false
existingClaim: ""
snapshotFilename: ""
disasterRecovery:
enabled: false
cronjob:
schedule: "*/30 * * * *"
historyLimit: 1
snapshotHistoryLimit: 1
snapshotsDir: /snapshots
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
resourcesPreset: nano
resources: {}
nodeSelector: {}
tolerations: []
podLabels: {}
serviceAccountName: ""
command: []
pvc:
existingClaim: ""
size: 2Gi
storageClassName: nfs
subPath: ""
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
labels: {}
preUpgradeJob:
enabled: true
annotations: {}
podLabels: {}
podAnnotations: {}
podAffinityPreset: ""
podAntiAffinityPreset: soft
nodeAffinityPreset:
type: ""
key: ""
values: []
affinity: {}
nodeSelector: {}
tolerations: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
add: []
drop:
- ALL
seccompProfile:
type: RuntimeDefault
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
resourcesPreset: micro
resources: {}
startDelay: ""
defrag:
enabled: false
cronjob:
startingDeadlineSeconds: ""
schedule: 0 0 * * *
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
labels: {}
annotations: {}
activeDeadlineSeconds: ""
restartPolicy: OnFailure
podLabels: {}
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
nodeSelector: {}
tolerations: []
serviceAccountName: ""
command: []
args: []
resourcesPreset: nano
resources: {}
extraEnvVars: []
extraEnvVarsCM: ""
extraEnvVarsSecret: ""
pdb:
create: true
minAvailable: 51%
maxUnavailable: ""
os-shell-advanced-fips 1.0