# Default values for metrics-server. # This is a YAML-formatted file. # Declare variables to be passed into your templates. image: repository: registry.k8s.io/metrics-server/metrics-server # Overrides the image tag whose default is v{{ .Chart.AppVersion }} tag: "" pullPolicy: IfNotPresent imagePullSecrets: [] # - name: registrySecretName nameOverride: "" fullnameOverride: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # The list of secrets mountable by this service account. # See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets secrets: [] rbac: # Specifies whether RBAC resources should be created create: true # Note: PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later. pspEnabled: false apiService: # Specifies if the v1beta1.metrics.k8s.io API service should be created. # # You typically want this enabled! If you disable API service creation you have to # manage it outside of this chart for e.g horizontal pod autoscaling to # work with this release. create: true # Annotations to add to the API service annotations: {} # Specifies whether to skip TLS verification insecureSkipTLSVerify: false # The PEM encoded CA bundle for TLS verification caBundle: "" commonLabels: {} podLabels: {} podAnnotations: {} podSecurityContext: {} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault capabilities: drop: - ALL priorityClassName: system-cluster-critical containerPort: 10250 hostNetwork: # Specifies if metrics-server should be started in hostNetwork mode. # # You would require this enabled if you use alternate overlay networking for pods and # API server unable to communicate with metrics-server. As an example, this is required # if you use Weave network on EKS enabled: false replicas: 1 revisionHistoryLimit: updateStrategy: {} # type: RollingUpdate # rollingUpdate: # maxSurge: 0 # maxUnavailable: 1 podDisruptionBudget: # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ enabled: false minAvailable: maxUnavailable: unhealthyPodEvictionPolicy: defaultArgs: - --cert-dir=/tmp - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s args: [] livenessProbe: httpGet: path: /livez port: https scheme: HTTPS initialDelaySeconds: 0 periodSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 failureThreshold: 3 service: type: ClusterIP port: 443 annotations: {} labels: {} # Add these labels to have metrics-server show up in `kubectl cluster-info` # kubernetes.io/cluster-service: "true" # kubernetes.io/name: "Metrics-server" addonResizer: enabled: false image: repository: registry.k8s.io/autoscaling/addon-resizer tag: 1.8.23 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault capabilities: drop: - ALL resources: requests: cpu: 40m memory: 25Mi limits: cpu: 40m memory: 25Mi nanny: cpu: 0m extraCpu: 1m memory: 0Mi extraMemory: 2Mi minClusterSize: 100 pollPeriod: 300000 threshold: 5 metrics: enabled: false serviceMonitor: enabled: false additionalLabels: {} interval: 1m scrapeTimeout: 10s metricRelabelings: [] relabelings: [] # See https://github.com/kubernetes-sigs/metrics-server#scaling resources: requests: cpu: 100m memory: 200Mi # limits: # cpu: # memory: extraVolumeMounts: [] extraVolumes: [] nodeSelector: {} tolerations: [] affinity: {} topologySpreadConstraints: [] dnsConfig: {} # Annotations to add to the deployment deploymentAnnotations: {} schedulerName: "" tmpVolume: emptyDir: {} tls: # Set the TLS method to use. Supported values: # - `metrics-server` : Metrics-server will generate a self-signed certificate # - `helm` : Helm will generate a self-signed certificate # - `cert-manager` : Use cert-manager.io to create and maintain the certificate # - `existingSecret` : Reuse an existing secret. No new secret will be created type: "cert-manager" # Kubernetes cluster domain. Used to configure Subject Alt Names for the certificate clusterDomain: grxe.io certManager: # Automatically add the cert-manager.io/inject-ca-from annotation to the APIService resource. # See https://cert-manager.io/docs/concepts/ca-injector addInjectorAnnotations: true existingIssuer: # Use an existing cert-manager issuer enabled: true # Kind of the existing cert-manager issuer kind: "ClusterIssuer" # Name of the existing cert-manager issuer name: "letsencrypt-prod" # Set the requested duration (i.e. lifetime) of the Certificate. # See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec duration: "" # How long before the currently issued certificate's expiry cert-manager should renew the certificate. # See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec renewBefore: "" # Add extra annotations to the Certificate resource annotations: {} # Add extra labels to the Certificate resource labels: {} helm: # Use helm lookup function to reuse Secret created in previous helm install lookup: true # Cert validity duration in days certDurationDays: 365 existingSecret: # Name of the existing Secret to use for TLS name: "" # Use helm lookup function to provision `apiService.caBundle` lookup: true