455 lines
12 KiB
YAML
455 lines
12 KiB
YAML
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.tag Global Docker image tag
|
|
global:
|
|
imageRegistry: docker.io
|
|
tag: v4.1.1
|
|
imagePullSecrets: []
|
|
# - name: "image-pull-secret"
|
|
|
|
|
|
## @param nameOverride String to partially override common.names.fullname
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride String to fully override common.names.fullname
|
|
##
|
|
fullnameOverride: ""
|
|
## @param commonLabels Labels to add to all deployed objects
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Annotations to add to all deployed objects
|
|
##
|
|
commonAnnotations: {}
|
|
|
|
## Role represents the role of the current cluster,
|
|
## and it can have one of two values: "host" or "member".
|
|
## Priority: specified in values > get from kubesphere-config > default role (host)
|
|
multicluster:
|
|
role: ""
|
|
## Priority: specified in values > get from kubesphere-config > default name (host)
|
|
hostClusterName: ""
|
|
|
|
portal:
|
|
## The IP address or hostname to access ks-console service.
|
|
## DO NOT use IP address if ingress is enabled.
|
|
hostname: "ks-console.kubesphere-system.svc"
|
|
http:
|
|
port: 30880
|
|
# https:
|
|
# port: 30443
|
|
|
|
s3:
|
|
# If endpoint is empty, disable s3 storage
|
|
endpoint: ""
|
|
region: "us-east-1"
|
|
disableSSL: true
|
|
forcePathStyle: true
|
|
accessKeyID: "admin"
|
|
secretAccessKey: "admin"
|
|
bucket: "uploads"
|
|
|
|
authentication:
|
|
authenticateRateLimiterMaxTries: 10
|
|
authenticationRateLimiterDuration: 10m0s
|
|
loginHistoryRetentionPeriod: 168h
|
|
enableMultiLogin: true
|
|
adminPassword: ""
|
|
issuer:
|
|
maximumClockSkew: 10s
|
|
# Jwt Secret is required by ks-apiserver, a random string would be generated if it's empty
|
|
# Priority: specified in values > get from kubesphere-config > default jwtSecret (a random string)
|
|
jwtSecret: ""
|
|
accessTokenMaxAge: 2h
|
|
accessTokenInactivityTimeout: 30m
|
|
|
|
experimental:
|
|
# Strict fails the request on unknown/duplicate fields
|
|
# Ignore ignores unknown/duplicate fields
|
|
# Warn responds with a warning, but successfully serve the request
|
|
validationDirective: ""
|
|
auditing:
|
|
enable: false
|
|
auditLevel: Metadata
|
|
logOptions:
|
|
path: /etc/audit/audit.log
|
|
maxAge: 7
|
|
maxBackups: 10
|
|
maxSize: 100
|
|
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
name: "kubesphere"
|
|
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: In
|
|
values:
|
|
- ""
|
|
|
|
nodeSelector: {}
|
|
|
|
## enable tls communication between all components
|
|
internalTLS: false
|
|
|
|
apiserver:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/ks-apiserver
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
## @param containerPorts [array] List of container ports to enable in the ks-apiserver container
|
|
##
|
|
containerPorts:
|
|
- protocol: TCP
|
|
containerPort: 9090
|
|
# nodePort: 30881
|
|
## @param resources.limits The resource limits for the ks-apiserver containers
|
|
## @param resources.requests The requested resources for the ks-apiserver containers
|
|
##
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 1024Mi
|
|
requests:
|
|
cpu: 20m
|
|
memory: 100Mi
|
|
## @param command Override default container command (useful when using custom images)
|
|
##
|
|
command:
|
|
- ks-apiserver
|
|
- --logtostderr=true
|
|
## @param extraEnvVars Array with extra environment variables to add to ks-apiserver
|
|
## e.g.:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param extraVolumeMounts Optionally specify an extra list of additional volumeMounts for the ks-apiserver container(s)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param extraVolumes Optionally specify an extra list of additional volumes for the ks-apiserver pod(s)
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Whether the ks-apiserver pods should be forced to run on separate nodes.
|
|
hardAntiAffinity: false
|
|
|
|
console:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/ks-console
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
config:
|
|
enableNodeListTerminal: true
|
|
## @param containerPorts [array] List of container ports to enable in the ks-console container
|
|
##
|
|
containerPorts: []
|
|
nodePort: 30880
|
|
## @param resources.limits The resource limits for the ks-console containers
|
|
## @param resources.requests The requested resources for the ks-console containers
|
|
##
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 1024Mi
|
|
requests:
|
|
cpu: 20m
|
|
memory: 100Mi
|
|
## @param command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param extraEnvVars Array with extra environment variables to add to ks-console
|
|
##
|
|
extraEnvVars: []
|
|
## @param extraVolumeMounts Optionally specify an extra list of additional volumeMounts for the ks-console container(s)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param extraVolumes Optionally specify an extra list of additional volumes for the ks-console pod(s)
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Whether the ks-console pods should be forced to run on separate nodes.
|
|
hardAntiAffinity: false
|
|
|
|
controller:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/ks-controller-manager
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
## @param containerPorts [array] List of container ports to enable in the ks-controller-manager container
|
|
##
|
|
containerPorts:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
protocol: TCP
|
|
## @param resources.limits The resource limits for the ks-controller-manager containers
|
|
## @param resources.requests The requested resources for the ks-controller-manager containers
|
|
##
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 1000Mi
|
|
requests:
|
|
cpu: 30m
|
|
memory: 50Mi
|
|
## @param command Override default container command (useful when using custom images)
|
|
##
|
|
command:
|
|
- controller-manager
|
|
- --logtostderr=true
|
|
- --leader-elect=true
|
|
- --controllers=*
|
|
## @param extraEnvVars Array with extra environment variables to add to ks-controller-manager
|
|
##
|
|
extraEnvVars: []
|
|
## @param extraVolumeMounts Optionally specify an extra list of additional volumeMounts for the ks-controller-manager container(s)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param extraVolumes Optionally specify an extra list of additional volumes for the ks-controller-manager pod(s)
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Whether the ks-controller-manager pods should be forced to run on separate nodes.
|
|
hardAntiAffinity: false
|
|
|
|
agent:
|
|
replicaCount: 1
|
|
|
|
helmExecutor:
|
|
timeout: 10m
|
|
historyMax: 2
|
|
# clean up all finished Jobs after this time, 0s means no to clean up
|
|
jobTTLAfterFinished: 0s
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/kubectl
|
|
tag: "v1.27.16"
|
|
pullPolicy: IfNotPresent
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 500Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
affinity:
|
|
podAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app: ks-controller-manager
|
|
topologyKey: "kubernetes.io/hostname"
|
|
namespaces:
|
|
- kubesphere-system
|
|
|
|
composedApp:
|
|
# Selector to filter k8s applications to reconcile
|
|
appSelector: ""
|
|
|
|
kubectl:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/kubectl
|
|
tag: "v1.27.16"
|
|
pullPolicy: IfNotPresent
|
|
|
|
ingress:
|
|
# If set to false, ingress will not be created
|
|
# Defaults to true
|
|
# options: true, false
|
|
enabled: false
|
|
|
|
# options: traefik, nginx
|
|
ingressClassName: ""
|
|
# backend port number
|
|
tls:
|
|
enabled: true
|
|
# options: generation, importation, letsEncrypt
|
|
source: generation
|
|
secretName: kubesphere-tls-certs
|
|
|
|
letsEncrypt:
|
|
# email: none@example.com
|
|
environment: production
|
|
|
|
certmanager:
|
|
duration: 2160h
|
|
renewBefore: 360h
|
|
|
|
nodeShell:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/kubectl
|
|
tag: "v1.27.16"
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Telemetry collects aggregated information about the versions of KubeSphere, Kubernetes, and the extensions used.
|
|
# KubeSphere Cloud uses this information to help improve the product and does not share it with third-parties.
|
|
# If you prefer not to share this data, you can keep this setting disabled.
|
|
telemetry:
|
|
enabled: true
|
|
|
|
extension:
|
|
imageRegistry: ""
|
|
nodeSelector: {}
|
|
ingress:
|
|
ingressClassName: ""
|
|
# The domain name suffix used to create the ingress of each extension.
|
|
# Depending on your ingress address, it can be an LB hostname address (xx.com), {node_ip}.nip.io or an internal DNS address (ks.local).
|
|
domainSuffix: ""
|
|
httpPort: 80
|
|
httpsPort: 443
|
|
|
|
upgrade:
|
|
enabled: false
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/ks-upgrade
|
|
tag: ""
|
|
pullPolicy: IfNotPresent
|
|
persistenceVolume:
|
|
name: ks-upgrade
|
|
storageClassName: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
config: {}
|
|
# storage:
|
|
# local:
|
|
# path: /tmp/ks-upgrade
|
|
# download:
|
|
# globalRegistryUrl: "https://extensions-museum.kubesphere-system.svc/charts"
|
|
# file: {}
|
|
# http:
|
|
# timeout: 20
|
|
# oci: {}
|
|
# skipValidator: false
|
|
# jobs:
|
|
# core:
|
|
# disabled: false
|
|
# priority: 10000
|
|
|
|
|
|
ha:
|
|
enabled: false
|
|
# cache:
|
|
# type: redis
|
|
# options:
|
|
# host: ""
|
|
# port: 6379
|
|
# password: ""
|
|
# db: 0
|
|
|
|
redis:
|
|
port: 6379
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/redis
|
|
digest: ""
|
|
tag: 7.2.4-alpine
|
|
pullPolicy: IfNotPresent
|
|
persistentVolume:
|
|
enabled: true
|
|
size: 2Gi
|
|
|
|
redisHA:
|
|
enabled: false
|
|
redis:
|
|
port: 6379
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/redis
|
|
tag: 7.2.4-alpine
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
persistentVolume:
|
|
enabled: true
|
|
size: 2Gi
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
hardAntiAffinity: false
|
|
additionalAffinities:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: In
|
|
values:
|
|
- ""
|
|
haproxy:
|
|
servicePort: 6379
|
|
containerPort: 6379
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/haproxy
|
|
tag: 2.9.6-alpine
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
hardAntiAffinity: false
|
|
additionalAffinities:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: In
|
|
values:
|
|
- ""
|
|
|
|
ksCRDs:
|
|
kubectl:
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/kubectl
|
|
tag: "v1.27.16"
|
|
pullPolicy: IfNotPresent
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 1024Mi
|
|
requests:
|
|
cpu: 20m
|
|
memory: 100Mi
|
|
|
|
# add museum for all ks-extensions
|
|
ksExtensionRepository:
|
|
enabled: true
|
|
image:
|
|
registry: ""
|
|
repository: kubesphere/ks-extensions-museum
|
|
tag: "latest"
|
|
pullPolicy: IfNotPresent
|