246 lines
6.1 KiB
YAML
246 lines
6.1 KiB
YAML
# Default values for metrics-server.
|
||
# This is a YAML-formatted file.
|
||
# Declare variables to be passed into your templates.
|
||
|
||
image:
|
||
repository: registry.k8s.io/metrics-server/metrics-server
|
||
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
|
||
tag: ""
|
||
pullPolicy: IfNotPresent
|
||
|
||
imagePullSecrets: []
|
||
# - name: registrySecretName
|
||
|
||
nameOverride: ""
|
||
fullnameOverride: ""
|
||
|
||
serviceAccount:
|
||
# Specifies whether a service account should be created
|
||
create: true
|
||
# Annotations to add to the service account
|
||
annotations: {}
|
||
# The name of the service account to use.
|
||
# If not set and create is true, a name is generated using the fullname template
|
||
name: ""
|
||
# The list of secrets mountable by this service account.
|
||
# See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets
|
||
secrets: []
|
||
|
||
rbac:
|
||
# Specifies whether RBAC resources should be created
|
||
create: true
|
||
# Note: PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later.
|
||
pspEnabled: false
|
||
|
||
apiService:
|
||
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
|
||
#
|
||
# You typically want this enabled! If you disable API service creation you have to
|
||
# manage it outside of this chart for e.g horizontal pod autoscaling to
|
||
# work with this release.
|
||
create: true
|
||
# Annotations to add to the API service
|
||
annotations: {}
|
||
# Specifies whether to skip TLS verification
|
||
insecureSkipTLSVerify: false
|
||
# The PEM encoded CA bundle for TLS verification
|
||
caBundle: ""
|
||
|
||
commonLabels: {}
|
||
podLabels: {}
|
||
podAnnotations: {}
|
||
|
||
podSecurityContext: {}
|
||
|
||
securityContext:
|
||
allowPrivilegeEscalation: false
|
||
readOnlyRootFilesystem: true
|
||
runAsNonRoot: true
|
||
runAsUser: 1000
|
||
seccompProfile:
|
||
type: RuntimeDefault
|
||
capabilities:
|
||
drop:
|
||
- ALL
|
||
|
||
priorityClassName: system-cluster-critical
|
||
|
||
containerPort: 10250
|
||
|
||
hostNetwork:
|
||
# Specifies if metrics-server should be started in hostNetwork mode.
|
||
#
|
||
# You would require this enabled if you use alternate overlay networking for pods and
|
||
# API server unable to communicate with metrics-server. As an example, this is required
|
||
# if you use Weave network on EKS
|
||
enabled: false
|
||
|
||
replicas: 1
|
||
|
||
revisionHistoryLimit:
|
||
|
||
updateStrategy: {}
|
||
# type: RollingUpdate
|
||
# rollingUpdate:
|
||
# maxSurge: 0
|
||
# maxUnavailable: 1
|
||
|
||
podDisruptionBudget:
|
||
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||
enabled: false
|
||
minAvailable:
|
||
maxUnavailable:
|
||
unhealthyPodEvictionPolicy:
|
||
|
||
defaultArgs:
|
||
- --cert-dir=/tmp
|
||
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||
- --kubelet-use-node-status-port
|
||
- --metric-resolution=15s
|
||
|
||
args: []
|
||
|
||
livenessProbe:
|
||
httpGet:
|
||
path: /livez
|
||
port: https
|
||
scheme: HTTPS
|
||
initialDelaySeconds: 0
|
||
periodSeconds: 10
|
||
failureThreshold: 3
|
||
|
||
readinessProbe:
|
||
httpGet:
|
||
path: /readyz
|
||
port: https
|
||
scheme: HTTPS
|
||
initialDelaySeconds: 20
|
||
periodSeconds: 10
|
||
failureThreshold: 3
|
||
|
||
service:
|
||
type: ClusterIP
|
||
port: 443
|
||
annotations: {}
|
||
labels: {}
|
||
# Add these labels to have metrics-server show up in `kubectl cluster-info`
|
||
# kubernetes.io/cluster-service: "true"
|
||
# kubernetes.io/name: "Metrics-server"
|
||
|
||
addonResizer:
|
||
enabled: false
|
||
image:
|
||
repository: registry.k8s.io/autoscaling/addon-resizer
|
||
tag: 1.8.23
|
||
securityContext:
|
||
allowPrivilegeEscalation: false
|
||
readOnlyRootFilesystem: true
|
||
runAsNonRoot: true
|
||
runAsUser: 1000
|
||
seccompProfile:
|
||
type: RuntimeDefault
|
||
capabilities:
|
||
drop:
|
||
- ALL
|
||
resources:
|
||
requests:
|
||
cpu: 40m
|
||
memory: 25Mi
|
||
limits:
|
||
cpu: 40m
|
||
memory: 25Mi
|
||
nanny:
|
||
cpu: 0m
|
||
extraCpu: 1m
|
||
memory: 0Mi
|
||
extraMemory: 2Mi
|
||
minClusterSize: 100
|
||
pollPeriod: 300000
|
||
threshold: 5
|
||
|
||
metrics:
|
||
enabled: false
|
||
|
||
serviceMonitor:
|
||
enabled: false
|
||
additionalLabels: {}
|
||
interval: 1m
|
||
scrapeTimeout: 10s
|
||
metricRelabelings: []
|
||
relabelings: []
|
||
|
||
# See https://github.com/kubernetes-sigs/metrics-server#scaling
|
||
resources:
|
||
requests:
|
||
cpu: 100m
|
||
memory: 200Mi
|
||
# limits:
|
||
# cpu:
|
||
# memory:
|
||
|
||
extraVolumeMounts: []
|
||
|
||
extraVolumes: []
|
||
|
||
nodeSelector: {}
|
||
|
||
tolerations: []
|
||
|
||
affinity: {}
|
||
|
||
topologySpreadConstraints: []
|
||
|
||
dnsConfig: {}
|
||
|
||
# Annotations to add to the deployment
|
||
deploymentAnnotations: {}
|
||
|
||
schedulerName: ""
|
||
|
||
tmpVolume:
|
||
emptyDir: {}
|
||
|
||
tls:
|
||
# Set the TLS method to use. Supported values:
|
||
# - `metrics-server` : Metrics-server will generate a self-signed certificate
|
||
# - `helm` : Helm will generate a self-signed certificate
|
||
# - `cert-manager` : Use cert-manager.io to create and maintain the certificate
|
||
# - `existingSecret` : Reuse an existing secret. No new secret will be created
|
||
type: "cert-manager"
|
||
# Kubernetes cluster domain. Used to configure Subject Alt Names for the certificate
|
||
clusterDomain: cluster.local
|
||
|
||
certManager:
|
||
# Automatically add the cert-manager.io/inject-ca-from annotation to the APIService resource.
|
||
# See https://cert-manager.io/docs/concepts/ca-injector
|
||
addInjectorAnnotations: true
|
||
existingIssuer:
|
||
# Use an existing cert-manager issuer
|
||
enabled: false
|
||
# Kind of the existing cert-manager issuer
|
||
kind: "Issuer"
|
||
# Name of the existing cert-manager issuer
|
||
name: "my-issuer"
|
||
# Set the requested duration (i.e. lifetime) of the Certificate.
|
||
# See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
|
||
duration: ""
|
||
# How long before the currently issued certificate’s expiry cert-manager should renew the certificate.
|
||
# See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
|
||
renewBefore: ""
|
||
# Add extra annotations to the Certificate resource
|
||
annotations: {}
|
||
# Add extra labels to the Certificate resource
|
||
labels: {}
|
||
|
||
helm:
|
||
# Use helm lookup function to reuse Secret created in previous helm install
|
||
lookup: true
|
||
# Cert validity duration in days
|
||
certDurationDays: 365
|
||
|
||
existingSecret:
|
||
# Name of the existing Secret to use for TLS
|
||
name: ""
|
||
# Use helm lookup function to provision `apiService.caBundle`
|
||
lookup: true
|