127 lines
3.4 KiB
YAML
127 lines
3.4 KiB
YAML
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# namespace: "kube-system"
|
|
|
|
labels:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
|
|
dependencies:
|
|
static:
|
|
tiller_deploy:
|
|
|
|
images:
|
|
tags:
|
|
tiller: gcr.io/kubernetes-helm/tiller:v2.16.9
|
|
pull_policy: "IfNotPresent"
|
|
local_registry:
|
|
# NOTE(portdirect): this tiller chart does not support image pulling
|
|
active: false
|
|
exclude:
|
|
- tiller
|
|
|
|
deployment:
|
|
# NOTE: Current replica is hard-coded to 1. This is a placeholder variable
|
|
# for future usage. Updates will be made to the chart when we know that
|
|
# tiller is stable with multiple instances.
|
|
replicas: 1
|
|
# The amount of revision tiller is willing to support. 0 means that there is
|
|
# no limit.
|
|
tiller_history: 0
|
|
|
|
conf:
|
|
tiller:
|
|
verbosity: 5
|
|
storage: null
|
|
# Only postgres is supported so far
|
|
sql_dialect: postgres
|
|
sql_connection: null
|
|
trace: false
|
|
# Note: Defaulting to the (default) kubernetes grace period, as anything
|
|
# greater than that will have no effect.
|
|
prestop_sleep: 30
|
|
# To have Tiller bind to all interfaces, allowing direct connections from
|
|
# the Helm client to pod_ip:port, set 'listen_on_any: true'.
|
|
# The default setting 'listen_on_any: false' binds Tiller to 127.0.0.1.
|
|
# Helm clients with Kubernetes API access dynamically set up a portforward
|
|
# into the pod, which works with the default setting.
|
|
listen_on_any: false
|
|
port: 44134
|
|
probe_port: 44135
|
|
|
|
pod:
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
tiller:
|
|
tiller: runtime/default
|
|
security_context:
|
|
tiller:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
tiller:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
probes:
|
|
tiller:
|
|
tiller:
|
|
readiness:
|
|
enabled: true
|
|
params:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
liveness:
|
|
enabled: true
|
|
params:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources:
|
|
enabled: false
|
|
tiller:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
mounts:
|
|
tiller:
|
|
tiller:
|
|
volumes:
|
|
- name: kubernetes-client-cache
|
|
emptyDir: {}
|
|
volumeMounts:
|
|
- name: kubernetes-client-cache
|
|
# Should be the `$HOME/.kube` of the `runAsUser` above
|
|
# as this is where tiller's kubernetes client roots its cache dir.
|
|
mountPath: /tmp/.kube
|
|
network_policy:
|
|
tiller:
|
|
ingress:
|
|
- {}
|
|
egress:
|
|
- {}
|
|
|
|
manifests:
|
|
deployment_tiller: true
|
|
service_tiller_deploy: true
|
|
network_policy: false
|