157 lines
4.2 KiB
YAML
157 lines
4.2 KiB
YAML
# -- Number of replicas in deployment
|
|
replicaCount: 1
|
|
# -- Number of revisions kept in history
|
|
revisionHistoryLimit: 5
|
|
# -- The Controller have CREATE and READ access to all Secrets in the namespaces listed below.
|
|
enabledNamespaces: []
|
|
|
|
# -- Single namespace mode. If enabled the controller will watch for resources only from namespace it is deployed in, ignoring others
|
|
singleNamespaceMode: false
|
|
|
|
image:
|
|
# -- Ory Hydra-maester image
|
|
repository: oryd/hydra-maester
|
|
# -- Ory Hydra-maester version
|
|
tag: v0.0.35-amd64
|
|
# -- Image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- Image pull secrets
|
|
imagePullSecrets: []
|
|
|
|
# -- Pod priority
|
|
## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
## -- Connection data to admin service of Hydra
|
|
adminService:
|
|
# -- Service name
|
|
name:
|
|
# -- Service port
|
|
port: 4445
|
|
# -- Set the clients endpoint, should be `/clients` for Hydra 1.x and
|
|
# `/admin/clients` for Hydra 2.x
|
|
endpoint: /admin/clients
|
|
# -- Scheme used by Hydra client endpoint. May be "http" or "https"
|
|
scheme: http
|
|
# -- TLS ca-cert path for hydra client
|
|
tlsTrustStorePath: ""
|
|
# -- Skip http client insecure verification
|
|
insecureSkipVerify: false
|
|
|
|
forwardedProto:
|
|
|
|
## -- Deployment specific config
|
|
deployment:
|
|
resources:
|
|
{}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 30Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 20Mi
|
|
|
|
# -- If you want to mount external volume
|
|
extraVolumes: []
|
|
# - name: my-volume
|
|
# secret:
|
|
# secretName: my-secret
|
|
extraVolumeMounts: []
|
|
# - name: my-volume
|
|
# mountPath: /etc/secrets/my-secret
|
|
# readOnly: true
|
|
|
|
## -- pod securityContext
|
|
podSecurityContext:
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
fsGroup: 65534
|
|
runAsGroup: 65534
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
## -- container securityContext
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
runAsGroup: 65534
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
seLinuxOptions:
|
|
level: "s0:c123,c456"
|
|
|
|
# -- Node labels for pod assignment.
|
|
nodeSelector: {}
|
|
# If you do want to specify node labels, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'annotations:'.
|
|
# foo: bar
|
|
|
|
# -- Configure node tolerations.
|
|
tolerations: []
|
|
# -- Deployment level extra annotations
|
|
extraAnnotations: {}
|
|
# -- Deployment level extra labels
|
|
extraLabels: {}
|
|
|
|
# -- Configure pod topologySpreadConstraints.
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: 1
|
|
# topologyKey: topology.kubernetes.io/zone
|
|
# whenUnsatisfiable: DoNotSchedule
|
|
# labelSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: hydra
|
|
# app.kubernetes.io/instance: hydra
|
|
|
|
# -- Configure pod dnsConfig.
|
|
dnsConfig: {}
|
|
# options:
|
|
# - name: "ndots"
|
|
# value: "1"
|
|
|
|
# -- Specify pod metadata, this metadata is added directly to the pod, and not higher objects
|
|
podMetadata:
|
|
# -- Extra pod level labels
|
|
labels: {}
|
|
# -- Extra pod level annotations
|
|
annotations: {}
|
|
|
|
# https://github.com/kubernetes/kubernetes/issues/57601
|
|
# -- This applications connects to the k8s API and requires the permissions
|
|
automountServiceAccountToken: true
|
|
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
# -- Arguments to be passed to the program
|
|
args:
|
|
# -- The minimum frequency at which watched resources are reconciled
|
|
syncPeriod: ""
|
|
# syncPeriod: 10h
|
|
|
|
# -- Configure service account
|
|
serviceAccount:
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
|
|
# -- Configure node affinity
|
|
affinity: {}
|
|
|
|
## -- PodDistributionBudget configuration
|
|
pdb:
|
|
enabled: false
|
|
spec:
|
|
minAvailable: ""
|
|
maxUnavailable: ""
|