forked from 1Password/connect-helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvalues.yaml
292 lines (233 loc) · 9.62 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
# Note: values.yaml files don't support templating out of the box, so that means
# that every value "{{ .Between.Curly.Braces }}" in this file needs to be
# explicitly interpolated on the template side by using the `tpl` function.
# global common labels, applied to all ressources
commonLabels: {}
# This section of values is for 1Password Connect API and Sync Configuration
connect:
# Denotes whether the 1Password Connect server will be deployed
create: true
# The number of replicas to run the 1Password Connect deployment
replicas: 1
# The 1Password Connect API Specific Values
api:
name: connect-api
# The 1Password Connect API repository
imageRepository: 1password/connect-api
resources: {}
httpPort: 8080
httpsPort: 8443
logLevel: info
# Prometheus Service Monitor
# ref: https://github.com/coreos/prometheus-operator
#
serviceMonitor:
# Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
#
enabled: false
# Specify the interval at which metrics should be scraped
#
interval: 30s
# Define the path used by ServiceMonitor to scrape metrics
#
path: "/metrics"
# Define the HTTP URL parameters used by ServiceMonitor
#
params: {}
# Extra annotations for the ServiceMonitor
#
annotations: {}
# The 1Password Connect Sync Specific Values
sync:
name: connect-sync
imageRepository: 1password/connect-sync
resources: {}
httpPort: 8081
logLevel: info
# The name of 1Password Connect Application
applicationName: onepassword-connect
# The name of 1Password Connect Host
host: onepassword-connect
# The type of Service resource to create for the Connect API and sync services.
# See: https://kubernetes.io/docs/concepts/services-networking/service
# This by default is NodePort and can also be defined as LoadBalancer.
# If serviceType is LoadBalancer then loadBalancerSourceRanges and loadBalancerIP should be defined.
# See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
serviceType: NodePort
# Additional annotations to be added to the service resource
serviceAnnotations: {}
# loadBalancerSourceRanges:
# - 10.0.0.0/16
# - 1.84.26.4/32
# loadBalancerIP:
# The name of Kubernetes Secret containing the 1Password Connect credentials
credentialsName: op-credentials
# The key for the 1Password Connect Credentials stored in the credentials secret
credentialsKey: 1password-credentials.json
# Contents of the 1password-credentials.json file for Connect.
# Can be set be adding --set-file connect.credentials=<path/to/1password-credentials.json>
# to your helm install command
credentials:
# Base64-encoded contents of the 1password-credentials.json file for Connect.
# This can be used instead of connect.credentials in case supplying raw JSON
# to connect.credentials leads to issues.
credentials_base64:
# The 1Password Connect API repository
imagePullPolicy: IfNotPresent
# The 1Password Connect version to pull
version: "{{ .Chart.AppVersion }}"
# Node selector stanza for the Connect pod
# See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
nodeSelector: {}
# 1Password Connect API and Sync Service
probes:
# Denotes whether the 1Password Connect API readiness probe will operate
# and ensure the pod is ready before serving traffic
liveness: true
# Denotes whether the 1Password Connect API will be continually checked
# by Kubernetes for liveness and restarted if the pod becomes unresponsive
readiness: true
# Additional annotations to be added to the Connect API deployment resource.
annotations: {}
# Additional labels to be added to the Connect API deployment resource.
labels: {}
# Additional annotations to be added to the Connect API pods.
podAnnotations: {}
# Additional labels to be added to the Connect API pods.
podLabels: {}
# List of tolerations to be added to the Connect API pods.
tolerations: []
# 1Password Connect volume shared between 1Password Connect Containers
dataVolume:
# The name of the shared volume used between 1Password Connect Containers
name: shared-data
# The type of the shared volume used between
# 1Password Connect Containers
type: emptyDir
# Desribes the fields and values for configuration of
# shared volume for 1Password Connect
values: {}
# Determines if HTTPS Port if setup for the 1Password Connect
# Services for 1Password Connect API and Sync
tls:
# Denotes whether the Connect API is secured with TLS
enabled: false
# The name of the secret containing the TLS key (tls.key) and certificate (tls.crt)
secret: op-connect-tls
# Ingress allows ingress services to be created to allow external access
# from Kubernetes to access 1Password Connect pods.
# In order to expose the service, use the route section below
ingress:
enabled: false
labels: {}
# traffic: external
annotations: {}
# |
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# or
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# Optionally use ingressClassName instead of deprecated annotation.
# See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
ingressClassName: ""
# As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
# See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
pathType: Prefix
hosts:
- host: chart-example.local
paths: []
# Extra paths to prepend to the host configuration.
# This is useful when working with annotation based services.
extraPaths: []
# - path: /*
# backend:
# service:
# name: ssl-redirect
# port:
# number: use-annotation
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Optionally the internal profiler can be enabled to debug memory or performance issues.
# For normal operation of Connect this does not have to enabled.
profiler:
enabled: false
# The interval at which profiler snapshots are taken.
interval: 6h
# Number of profiler snapshots to keep.
keepLast: 12
# This section of values is for 1Password Operator Configuration
operator:
# Denotes whether the 1Password Operator will be deployed
create: false
# Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets.
autoRestart: false
# The name of 1Password Operator Application
applicationName: onepassword-connect-operator
# The 1Password Operator image pull policy
imagePullPolicy: IfNotPresent
# The 1Password Operator repository
imageRepository: 1password/onepassword-operator
# How often the 1Password Operator will poll for secrets updates.
pollingInterval: 600
# The 1Password Operator version to pull
version: "1.8.0"
# Node selector stanza for the Operator pod
# See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
nodeSelector: {}
# Additional annotations to be added to the Operator pods.
annotations: {}
# Additional labels to be added to the Operator deployment resource.
labels: {}
# Additional annotations to be added to the Operator pods.
podAnnotations: {}
# Additional labels to be added to the Operator pods.
podLabels: {}
# List of tolerations to be added to the Operator pods.
tolerations: []
# A list of namespaces for the 1Password Operator to watch and manage. Use the empty list to watch all namespaces.
watchNamespace: []
# The resources requests/limits for the 1Password Operator pod
resources: {}
# 1Password Operator Token Configuration
token:
# The name of Kubernetes Secret containing the 1Password Connect API token
name: onepassword-token
# The key for the 1Password Connect token stored in the 1Password token secret
key: token
# An API token generated for 1Password Connect to be used by the Operator
value:
# 1Password Operator Service Account Configuration
serviceAccount:
# The name of the 1Password Conenct Operator
create: "{{ .Values.operator.create }}"
# Annotations for the 1Password Connect Service Account
annotations: {}
# The name of the 1Password Conenct Operator
name: onepassword-connect-operator
# 1Password Operator Role Binding Configuration
roleBinding:
# Denotes whether or not a role binding will be created for each Namespace for the 1Password Operator Service Account
create: "{{ .Values.operator.create }}"
# The name of the 1Password Operator Role Binding
name: onepassword-connect-operator
# 1Password Operator Cluster Role Configuration
clusterRole:
# Denotes whether or not a cluster role will be created for each for the 1Password Operator
create: "{{ .Values.operator.create }}"
# The name of the 1Password Operator Cluster Role
name: onepassword-connect-operator
# 1Password Operator Cluster Role Binding Configuration
clusterRoleBinding:
# Denotes whether or not a Cluster role binding will be created for the 1Password Operator Service Account
create: "{{ .Values.operator.create }}"
# The name of the 1Password Operator Cluster Role
name: onepassword-connect-operator
# 1Password Operator Log Level Configuration
logLevel: info
# 1Password Acceptance Tests Functionality
acceptanceTests:
enabled: false
fixtures: {}