diff --git a/metrics-server/values.yaml b/metrics-server/values.yaml new file mode 100644 index 0000000..d393ba2 --- /dev/null +++ b/metrics-server/values.yaml @@ -0,0 +1,245 @@ +# Default values for metrics-server. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: registry.k8s.io/metrics-server/metrics-server + # Overrides the image tag whose default is v{{ .Chart.AppVersion }} + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: registrySecretName + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # The list of secrets mountable by this service account. + # See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets + secrets: [] + +rbac: + # Specifies whether RBAC resources should be created + create: true + # Note: PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later. + pspEnabled: false + +apiService: + # Specifies if the v1beta1.metrics.k8s.io API service should be created. + # + # You typically want this enabled! If you disable API service creation you have to + # manage it outside of this chart for e.g horizontal pod autoscaling to + # work with this release. + create: true + # Annotations to add to the API service + annotations: {} + # Specifies whether to skip TLS verification + insecureSkipTLSVerify: false + # The PEM encoded CA bundle for TLS verification + caBundle: "" + +commonLabels: {} +podLabels: {} +podAnnotations: {} + +podSecurityContext: {} + +securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +priorityClassName: system-cluster-critical + +containerPort: 10250 + +hostNetwork: + # Specifies if metrics-server should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS + enabled: false + +replicas: 1 + +revisionHistoryLimit: + +updateStrategy: {} +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 0 +# maxUnavailable: 1 + +podDisruptionBudget: + # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + enabled: false + minAvailable: + maxUnavailable: + unhealthyPodEvictionPolicy: + +defaultArgs: + - --cert-dir=/tmp + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + +args: [] + +livenessProbe: + httpGet: + path: /livez + port: https + scheme: HTTPS + initialDelaySeconds: 0 + periodSeconds: 10 + failureThreshold: 3 + +readinessProbe: + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + failureThreshold: 3 + +service: + type: ClusterIP + port: 443 + annotations: {} + labels: {} + # Add these labels to have metrics-server show up in `kubectl cluster-info` + # kubernetes.io/cluster-service: "true" + # kubernetes.io/name: "Metrics-server" + +addonResizer: + enabled: false + image: + repository: registry.k8s.io/autoscaling/addon-resizer + tag: 1.8.23 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + resources: + requests: + cpu: 40m + memory: 25Mi + limits: + cpu: 40m + memory: 25Mi + nanny: + cpu: 0m + extraCpu: 1m + memory: 0Mi + extraMemory: 2Mi + minClusterSize: 100 + pollPeriod: 300000 + threshold: 5 + +metrics: + enabled: false + +serviceMonitor: + enabled: false + additionalLabels: {} + interval: 1m + scrapeTimeout: 10s + metricRelabelings: [] + relabelings: [] + +# See https://github.com/kubernetes-sigs/metrics-server#scaling +resources: + requests: + cpu: 100m + memory: 200Mi + # limits: + # cpu: + # memory: + +extraVolumeMounts: [] + +extraVolumes: [] + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +topologySpreadConstraints: [] + +dnsConfig: {} + +# Annotations to add to the deployment +deploymentAnnotations: {} + +schedulerName: "" + +tmpVolume: + emptyDir: {} + +tls: + # Set the TLS method to use. Supported values: + # - `metrics-server` : Metrics-server will generate a self-signed certificate + # - `helm` : Helm will generate a self-signed certificate + # - `cert-manager` : Use cert-manager.io to create and maintain the certificate + # - `existingSecret` : Reuse an existing secret. No new secret will be created + type: "cert-manager" + # Kubernetes cluster domain. Used to configure Subject Alt Names for the certificate + clusterDomain: cluster.local + + certManager: + # Automatically add the cert-manager.io/inject-ca-from annotation to the APIService resource. + # See https://cert-manager.io/docs/concepts/ca-injector + addInjectorAnnotations: true + existingIssuer: + # Use an existing cert-manager issuer + enabled: false + # Kind of the existing cert-manager issuer + kind: "Issuer" + # Name of the existing cert-manager issuer + name: "my-issuer" + # Set the requested duration (i.e. lifetime) of the Certificate. + # See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + duration: "" + # How long before the currently issued certificate’s expiry cert-manager should renew the certificate. + # See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + renewBefore: "" + # Add extra annotations to the Certificate resource + annotations: {} + # Add extra labels to the Certificate resource + labels: {} + + helm: + # Use helm lookup function to reuse Secret created in previous helm install + lookup: true + # Cert validity duration in days + certDurationDays: 365 + + existingSecret: + # Name of the existing Secret to use for TLS + name: "" + # Use helm lookup function to provision `apiService.caBundle` + lookup: true