## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets [array] Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## ## @param nameOverride String to partially override contour.fullname include (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override contour.fullname template ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param extraDeploy [array] Array of extra objects to deploy with the release ## extraDeploy: [] ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## Diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command [array] Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args [array] Args to override all containers in the deployment ## args: - infinity ## @section Contour parameters ## ## To configure Contour, you must specify ONE of the following two options. ## @param existingConfigMap Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) ## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it. ## e.g: ## existingConfigMap: contour ## existingConfigMap: "" ## @param configInline [object] Specifies Contour's configuration directly in YAML format ## When configInline is used, Helm manages Contour's configuration ConfigMap as ## part of the release, and existingConfigMap is ignored. ## Refer to https://projectcontour.io/docs/latest/configuration for available options. ## configInline: disablePermitInsecure: false tls: fallback-certificate: {} accesslog-format: envoy contour: ## @param contour.enabled Contour Deployment creation. ## enabled: true ## @param contour.image.registry Contour image registry ## @param contour.image.repository Contour image name ## @param contour.image.tag Contour image tag ## @param contour.image.digest Contour image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param contour.image.pullPolicy Contour Image pull policy ## @param contour.image.pullSecrets [array] Contour Image pull secrets ## @param contour.image.debug Enable image debug mode ## image: registry: docker.io repository: bitnami/contour tag: 1.24.2-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] debug: false ## @param contour.replicaCount Number of Contour Pod replicas ## replicaCount: 1 ## @param contour.priorityClassName Priority class assigned to the pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param contour.schedulerName Name of the k8s scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param contour.terminationGracePeriodSeconds In seconds, time the given to the Contour pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param contour.topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template ## topologySpreadConstraints: [] ## Configures the ports the Envoy proxy listens on ## @param contour.containerPorts.xds Set xds port inside Contour pod ## @param contour.containerPorts.metrics Set metrics port inside Contour pod ## containerPorts: xds: 8001 metrics: 8000 ## @param contour.hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param contour.updateStrategy Strategy to use to update Pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: {} ## @param contour.extraArgs [array] Extra arguments passed to Contour container ## extraArgs: [] ## Contour container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param contour.resources.limits [object] Specify resource limits which the container is not allowed to succeed. ## @param contour.resources.requests [object] Specify resource requests which the container needs to spawn. ## resources: ## Example: ## limits: ## cpu: 400m ## memory: 258Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 25Mi ## requests: {} ## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs. ## manageCRDs: true ## @param contour.envoyServiceNamespace Namespace of the envoy service to inspect for Ingress status details. ## envoyServiceNamespace: "" ## @param contour.envoyServiceName Name of the envoy service to inspect for Ingress status details. ## envoyServiceName: "" ## @param contour.ingressStatusAddress Address to set in Ingress object status. It is exclusive with `envoyServiceName` and `envoyServiceNamespace`. ## ingressStatusAddress: "" ## @param contour.podAffinityPreset Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param contour.podAntiAffinityPreset Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## @param contour.podLabels [object] Extra labels for Contour pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param contour.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. ## lifecycleHooks: {} ## @param contour.customLivenessProbe Override default liveness probe ## customLivenessProbe: {} ## @param contour.customReadinessProbe Override default readiness probe ## customReadinessProbe: {} ## @param contour.customStartupProbe Override default startup probe ## customStartupProbe: {} ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## @param contour.nodeAffinityPreset.type Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## @param contour.nodeAffinityPreset.key Contour Node label key to match Ignored if `affinity` is set. ## @param contour.nodeAffinityPreset.values [array] Contour Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: type: "" ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param contour.command Override default command ## command: [] ## @param contour.args Override default args ## args: [] ## @param contour.affinity [object] Affinity for Contour pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param contour.nodeSelector [object] Node labels for Contour pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param contour.tolerations [array] Tolerations for Contour pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param contour.podAnnotations [object] Contour Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param contour.serviceAccount.create Create a serviceAccount for the Contour pod ## @param contour.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template ## @param contour.serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param contour.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: true name: "" automountServiceAccountToken: true annotations: {} ## Contour Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param contour.podSecurityContext.enabled Default backend Pod securityContext ## @param contour.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Envoy container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param contour.containerSecurityContext.enabled Envoy Container securityContext ## @param contour.containerSecurityContext.runAsUser User ID for the Contour container (to change this, http and https containerPorts must be set to >1024) ## @param contour.containerSecurityContext.runAsNonRoot Run as non root ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param contour.livenessProbe.enabled Enable/disable the Liveness probe ## @param contour.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated ## @param contour.livenessProbe.periodSeconds How often to perform the probe ## @param contour.livenessProbe.timeoutSeconds When the probe times out ## @param contour.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param contour.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## livenessProbe: enabled: true initialDelaySeconds: 120 periodSeconds: 20 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param contour.readinessProbe.enabled Enable/disable the readiness probe ## @param contour.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated ## @param contour.readinessProbe.periodSeconds How often to perform the probe ## @param contour.readinessProbe.timeoutSeconds When the probe times out ## @param contour.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param contour.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## readinessProbe: enabled: true initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 ## @param contour.startupProbe.enabled Enable/disable the startup probe ## @param contour.startupProbe.initialDelaySeconds Delay before startup probe is initiated ## @param contour.startupProbe.periodSeconds How often to perform the probe ## @param contour.startupProbe.timeoutSeconds When the probe times out ## @param contour.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param contour.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## startupProbe: enabled: false initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 ## Contour certgen configs ## certgen: ## @param contour.certgen.serviceAccount.create Create a serviceAccount for the Contour pod ## @param contour.certgen.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template ## @param contour.certgen.serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param contour.certgen.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: true name: "" automountServiceAccountToken: true annotations: {} ## @param contour.certgen.certificateLifetime Generated certificate lifetime (in days). ## certificateLifetime: 365 ## @param contour.tlsExistingSecret Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. ## It will override `tlsExistingSecret` ## tlsExistingSecret: "" ## Contour Service properties ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services ## service: ## @param contour.service.type Service type ## type: ClusterIP ## @param contour.service.ports.xds Contour service xds port ## @param contour.service.ports.metrics Contour service xds port ## ports: xds: 8001 metrics: 8000 ## Node ports to expose ## @param contour.service.nodePorts.xds Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: xds: "" ## @param contour.service.clusterIP Contour service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param contour.service.loadBalancerIP Contour service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param contour.service.loadBalancerSourceRanges Contour service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param contour.service.loadBalancerClass Contour service Load Balancer Class ## ref https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class ## loadBalancerClass: "" ## @param contour.service.externalTrafficPolicy Contour service external traffic policy ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param contour.service.annotations Additional custom annotations for Contour service ## annotations: {} ## @param contour.service.extraPorts Extra port to expose on Contour service ## extraPorts: [] ## @param contour.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" ## If "ClientIP", consecutive client requests will be directed to the same Pod ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies ## sessionAffinity: None ## @param contour.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @param contour.initContainers [array] Attach additional init containers to Contour pods ## For example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## initContainers: [] ## @param contour.sidecars [array] Add additional sidecar containers to the Contour pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param contour.extraVolumes [array] Array to add extra volumes ## extraVolumes: [] ## @param contour.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) ## extraVolumeMounts: [] ## @param contour.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers ## For example: ## extraEnvVars: ## - name: MY_ENV_VAR ## value: env_var_value ## extraEnvVars: [] ## @param contour.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers ## extraEnvVarsCM: "" ## @param contour.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers ## extraEnvVarsSecret: "" ## @param contour.ingressClass.name Name of the ingress class to route through this controller. ## @param contour.ingressClass.create Whether to create or not the IngressClass resource ## @param contour.ingressClass.default Mark IngressClass resource as default for cluster ## ## DEPRECATED: Use a map instead ## You can use the the 'contour.ingressClass' as a string to indicate the ingress ## class name. This will skip the creation of an IngressClass resource. ## e.g: ## ingressClass: contour ## ingressClass: name: "" create: true default: true ## @param contour.debug Enable Contour debug log level ## debug: false ## @param contour.logFormat Set contour log-format. Default text, either text or json. ## logFormat: text ## @param contour.kubernetesDebug Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. ## kubernetesDebug: 0 ## @param contour.rootNamespaces Restrict Contour to searching these namespaces for root ingress routes. ## rootNamespaces: "" ## Exposes configuration of Envoy's Overload Manager through Contour's bootstrapping process ## When 95% of max heap size is reached for an Envoy, "shrink heap" operation is triggered. ## When 98% of max heap size is reached for an Envoy, it no longer accepts requests. ## https://projectcontour.io/docs/main/config/overload-manager/ ## @param contour.overloadManager.enabled Enable Overload Manager ## @param contour.overloadManager.maxHeapBytes Overload Manager's maximum heap size in bytes ## overloadManager: enabled: false maxHeapBytes: "2147483648" ## @section Envoy parameters ## envoy: ## @param envoy.enabled Envoy Proxy creation ## enabled: true ## Bitnami Envoy image ## ref: https://hub.docker.com/r/bitnami/envoy/tags/ ## @param envoy.image.registry Envoy Proxy image registry ## @param envoy.image.repository Envoy Proxy image repository ## @param envoy.image.tag Envoy Proxy image tag (immutable tags are recommended) ## @param envoy.image.digest Envoy Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param envoy.image.pullPolicy Envoy image pull policy ## @param envoy.image.pullSecrets [array] Envoy image pull secrets ## image: registry: docker.io repository: bitnami/envoy tag: 1.24.3-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param envoy.priorityClassName Priority class assigned to the pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param envoy.schedulerName Name of the k8s scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param envoy.topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template ## topologySpreadConstraints: [] ## @param envoy.extraArgs [array] Extra arguments passed to Envoy container ## extraArgs: [] ## @param envoy.hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## Envoy container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param envoy.resources.limits [object] Specify resource limits which the container is not allowed to succeed. ## @param envoy.resources.requests [object] Specify resource requests which the container needs to spawn. ## resources: ## Example: ## limits: ## cpu: 400m ## memory: 250Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 25Mi ## requests: {} ## @param envoy.command Override default command ## command: [] ## @param envoy.args Override default args ## args: [] ## @param envoy.shutdownManager.enabled Contour shutdownManager sidecar ## @param envoy.shutdownManager.resources.limits [object] Specify resource limits which the container is not allowed to succeed. ## @param envoy.shutdownManager.resources.requests [object] Specify resource requests which the container needs to spawn. ## shutdownManager: enabled: true resources: ## Example: ## limits: ## cpu: 50m ## memory: 32Mi ## limits: {} ## Examples: ## requests: ## cpu: 10m ## memory: 16Mi ## requests: {} ## @param envoy.kind Install as deployment or daemonset ## kind: daemonset ## @param envoy.replicaCount Desired number of Controller pods ## replicaCount: 1 ## @param envoy.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. ## lifecycleHooks: {} ## @param envoy.updateStrategy [object] Strategy to use to update Pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## @param envoy.minReadySeconds The minimum number of seconds for which a newly created Pod should be ready ## minReadySeconds: 0 ## @param envoy.revisionHistoryLimit The number of old history to retain to allow rollback ## revisionHistoryLimit: 10 ## Controller Autoscaling configuration ## @param envoy.autoscaling.enabled Enable autoscaling for Controller ## @param envoy.autoscaling.minReplicas Minimum number of Controller replicas ## @param envoy.autoscaling.maxReplicas Maximum number of Controller replicas ## @param envoy.autoscaling.targetCPU Target CPU utilization percentage ## @param envoy.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 11 targetCPU: "" targetMemory: "" ## @param envoy.podAffinityPreset Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" ## @param envoy.podAntiAffinityPreset Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: "" ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## @param envoy.nodeAffinityPreset.type Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## @param envoy.nodeAffinityPreset.key Envoy Node label key to match Ignored if `affinity` is set. ## @param envoy.nodeAffinityPreset.values [array] Envoy Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: type: "" key: "" ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param envoy.affinity [object] Affinity for Envoy pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param envoy.nodeSelector [object] Node labels for Envoy pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param envoy.tolerations [array] Tolerations for Envoy pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param envoy.podAnnotations [object] Envoy Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param envoy.podLabels Extra labels for Envoy pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param envoy.podSecurityContext.enabled Envoy Pod securityContext ## @param envoy.podSecurityContext.fsGroup User ID for the for the mounted volumes ## @param envoy.podSecurityContext.sysctls Array of sysctl options to allow ## podSecurityContext: fsGroup: 0 sysctls: [] enabled: false ## Envoy container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param envoy.containerSecurityContext.enabled Envoy Container securityContext ## @param envoy.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) ## @param envoy.containerSecurityContext.runAsNonRoot Run as non root ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param envoy.hostNetwork Envoy Pod host network access ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces ## hostNetwork: false ## @param envoy.dnsPolicy Envoy Pod Dns Policy's DNS Policy ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy ## dnsPolicy: ClusterFirst ## @param envoy.tlsExistingSecret Name of the existingSecret to be use in Envoy deployment ## tlsExistingSecret: "" ## @param envoy.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param envoy.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template ## @param envoy.serviceAccount.automountServiceAccountToken Whether to auto mount API credentials for a service account ## @param envoy.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server ## serviceAccount: create: true name: "" automountServiceAccountToken: false annotations: {} ## @param envoy.livenessProbe.enabled Enable livenessProbe ## @param envoy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param envoy.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param envoy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param envoy.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param envoy.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 120 periodSeconds: 20 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param envoy.readinessProbe.enabled Enable/disable the readiness probe ## @param envoy.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated ## @param envoy.readinessProbe.periodSeconds How often to perform the probe ## @param envoy.readinessProbe.timeoutSeconds When the probe times out ## @param envoy.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param envoy.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 3 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param envoy.startupProbe.enabled Enable/disable the startup probe ## @param envoy.startupProbe.initialDelaySeconds Delay before startup probe is initiated ## @param envoy.startupProbe.periodSeconds How often to perform the probe ## @param envoy.startupProbe.timeoutSeconds When the probe times out ## @param envoy.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param envoy.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## startupProbe: enabled: false initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 ## @param envoy.customLivenessProbe Override default liveness probe ## customLivenessProbe: {} ## @param envoy.customReadinessProbe Override default readiness probe ## customReadinessProbe: {} ## @param envoy.customStartupProbe Override default startup probe ## customStartupProbe: {} ## @param envoy.terminationGracePeriodSeconds Envoy termination grace period in seconds ## terminationGracePeriodSeconds: 300 ## @param envoy.logLevel Envoy log level ## logLevel: info ## Envoy Service properties ## service: ## @param envoy.service.name envoy service name ## name: "" ## @param envoy.service.targetPorts [object] Map the controller service HTTP/HTTPS port ## targetPorts: http: http https: https ## @param envoy.service.type Type of Envoy service to create ## type: LoadBalancer ## @param envoy.service.externalTrafficPolicy Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer ## externalTrafficPolicy: Local ## @param envoy.service.labels Labels to add to te envoy service ## labels: {} ## @param envoy.service.clusterIP Internal envoy cluster service IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param envoy.service.externalIPs [array] Envoy service external IP addresses ## externalIPs: [] ## @param envoy.service.loadBalancerIP IP address to assign to load balancer (if supported) ## loadBalancerIP: "" ## @param envoy.service.loadBalancerSourceRanges [array] List of IP CIDRs allowed access to load balancer (if supported) ## loadBalancerSourceRanges: [] ## @param envoy.service.loadBalancerClass Envoy service Load Balancer Class ## ref https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class ## loadBalancerClass: "" ## @param envoy.service.ipFamilyPolicy [string], support SingleStack, PreferDualStack and RequireDualStack ## ipFamilyPolicy: "" ## @param envoy.service.annotations [object] Annotations for Envoy service ## annotations: {} ports: ## @param envoy.service.ports.http Sets service http port ## http: 80 ## @param envoy.service.ports.https Sets service https port ## https: 443 ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## @param envoy.service.nodePorts.http HTTP Port. If `envoy.service.type` is NodePort and this is non-empty ## @param envoy.service.nodePorts.https HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty ## nodePorts: http: "" https: "" ## @param envoy.service.extraPorts [array] Extra ports to expose (normally used with the `sidecar` value) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services ## extraPorts: [] ## @param envoy.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" ## If "ClientIP", consecutive client requests will be directed to the same Pod ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies ## sessionAffinity: None ## @param envoy.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @param envoy.useHostPort Enable/disable `hostPort` for TCP/80 and TCP/443 ## useHostPort: true ## @param envoy.useHostIP Enable/disable `hostIP` ## useHostIP: false ## @param envoy.hostPorts.http Sets `hostPort` http port ## @param envoy.hostPorts.https Sets `hostPort` https port ## hostPorts: http: 80 https: 443 ## @param envoy.hostIPs.http Sets `hostIP` http IP ## @param envoy.hostIPs.https Sets `hostIP` https IP ## hostIPs: http: 127.0.0.1 https: 127.0.0.1 ## Configures the ports the Envoy proxy listens on ## @param envoy.containerPorts.http Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) ## @param envoy.containerPorts.https Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) ## containerPorts: http: 8080 https: 8443 ## @param envoy.initContainers [array] Attach additional init containers to Envoy pods ## For example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## initContainers: [] ## @param envoy.sidecars Add additional sidecar containers to the Envoy pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param envoy.extraVolumes [array] Array to add extra volumes ## extraVolumes: [] ## @param envoy.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) ## extraVolumeMounts: [] ## @param envoy.extraEnvVars [array] Array containing extra env vars to be added to all Envoy containers ## For example: ## extraEnvVars: ## - name: MY_ENV_VAR ## value: env_var_value ## extraEnvVars: [] ## @param envoy.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Envoy containers ## extraEnvVarsCM: "" ## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers ## extraEnvVarsSecret: "" ## @section Default backend parameters ## ## Default 404 backend ## defaultBackend: ## @param defaultBackend.enabled Enable a default backend based on NGINX ## enabled: false ## Bitnami NGINX image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## @param defaultBackend.image.registry Default backend image registry ## @param defaultBackend.image.repository Default backend image name ## @param defaultBackend.image.tag Default backend image tag ## @param defaultBackend.image.digest Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param defaultBackend.image.pullPolicy Image pull policy ## @param defaultBackend.image.pullSecrets [array] Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/nginx tag: 1.23.3-debian-11-r36 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param defaultBackend.extraArgs [object] Additional command line arguments to pass to NGINX container ## extraArgs: {} ## @param defaultBackend.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. ## lifecycleHooks: {} ## @param defaultBackend.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers ## For example: ## extraEnvVars: ## - name: MY_ENV_VAR ## value: env_var_value ## extraEnvVars: [] ## @param defaultBackend.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers ## extraEnvVarsCM: "" ## @param defaultBackend.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers ## extraEnvVarsSecret: "" ## @param defaultBackend.extraVolumes [array] Array to add extra volumes ## extraVolumes: [] ## @param defaultBackend.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) ## extraVolumeMounts: [] ## @param defaultBackend.initContainers [array] Attach additional init containers to the http backend pods ## For example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## initContainers: [] ## @param defaultBackend.sidecars [array] Add additional sidecar containers to the default backend ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## Configures the ports the http backend listens on ## @param defaultBackend.containerPorts.http Set http port inside Contour pod ## containerPorts: http: 8001 ## @param defaultBackend.updateStrategy Strategy to use to update Pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: {} ## @param defaultBackend.command Override default command ## command: [] ## @param defaultBackend.args Override default args ## args: [] ## @param defaultBackend.hostAliases [array] Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param defaultBackend.replicaCount Desired number of default backend pods ## replicaCount: 1 ## Default backend pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param defaultBackend.podSecurityContext.enabled Default backend Pod securityContext ## @param defaultBackend.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Default backend containers' Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param defaultBackend.containerSecurityContext.enabled Default backend container securityContext ## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) ## @param defaultBackend.containerSecurityContext.runAsNonRoot Run as non root ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Default backend containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. ## @param defaultBackend.resources.limits [object] The resources limits for the Default backend container ## @param defaultBackend.resources.requests [object] The requested resources for the Default backend container ## resources: ## Example: ## limits: ## cpu: 250m ## memory: 256Mi ## limits: {} ## Examples: ## requests: ## cpu: 250m ## memory: 256Mi ## requests: {} ## Default backend containers' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe ## @param defaultBackend.livenessProbe.httpGet [object] Path, port and scheme for the livenessProbe ## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 ## Default backend containers' readiness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param defaultBackend.readinessProbe.enabled Enable readinessProbe ## @param defaultBackend.readinessProbe.httpGet [object] Path, port and scheme for the readinessProbe ## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 0 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 ## @param defaultBackend.startupProbe.enabled Enable/disable the startup probe ## @param defaultBackend.startupProbe.initialDelaySeconds Delay before startup probe is initiated ## @param defaultBackend.startupProbe.periodSeconds How often to perform the probe ## @param defaultBackend.startupProbe.timeoutSeconds When the probe times out ## @param defaultBackend.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. ## @param defaultBackend.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. ## startupProbe: enabled: false initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 ## @param defaultBackend.customLivenessProbe [object] Override default liveness probe, it overrides the default one (evaluated as a template) ## customLivenessProbe: {} ## @param defaultBackend.customReadinessProbe [object] Override default readiness probe, it overrides the default one (evaluated as a template) ## customReadinessProbe: {} ## @param defaultBackend.customStartupProbe Override default startup probe ## customStartupProbe: {} ## @param defaultBackend.podLabels [object] Extra labels for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param defaultBackend.podAnnotations [object] Annotations for Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param defaultBackend.priorityClassName Priority class assigned to the pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param defaultBackend.schedulerName Name of the k8s scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param defaultBackend.terminationGracePeriodSeconds In seconds, time the given to the default backend pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: 60 ## @param defaultBackend.topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template ## topologySpreadConstraints: [] ## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" ## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. ## @param defaultBackend.nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: type: "" key: "" ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param defaultBackend.affinity [object] Affinity for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param defaultBackend.nodeSelector [object] Node labels for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param defaultBackend.tolerations [array] Tolerations for pod assignment. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Default backend Service parameters ## @param defaultBackend.service.type Service type ## @param defaultBackend.service.ports.http Service port ## @param defaultBackend.service.annotations Annotations to add to the service ## service: type: ClusterIP ports: http: 80 annotations: {} ## PodDisruptionBudget for default backend ## Default backend Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## @param defaultBackend.pdb.create Enable Pod Disruption Budget configuration ## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled ## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Ingress parameters ## ingress: ## @param ingress.enabled Ingress configuration enabled ## Ref: https://kubernetes.io/docs/user-guide/ingress/ ## ## Enable Ingress. ## enabled: false ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.certManager Add annotations for cert-manager ## certManager: false ## @param ingress.annotations Annotations to be added to the web ingress. ## Example: ## kubernetes.io/ingress.class: nginx ## kubernetes.io/tls-acme: 'true' ## annotations: {} ## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled. ## `hosts` sets up the Ingress with default rules per provided hostname. ## @param ingress.hostname Hostname for the Ingress object ## hostname: contour.local ## @param ingress.path The Path to Concourse ## path: / ## @param ingress.rulesOverride Ingress rules override ## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled. ## `rulesOverride` allows the user to define the full set of ingress rules, for more complex Ingress setups. ## rulesOverride: [] ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## ingressClassName: "" ## @param ingress.extraPaths Add additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: [] ## @param ingress.tls TLS configuration. ## Secrets must be manually created in the namespace. ## Example: ## - secretName: concourse-web-tls ## hosts: ## - concourse.domain.com ## tls: false ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: concourse.local ## path: / ## extraHosts: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - concourse.local ## secretName: concourse.local-tls ## extraTls: [] ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## Example: ## - name: concourse.local-tls ## key: ## certificate: ## secrets: [] ## @param ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @section Metrics parameters ## ## Prometheus Operator service monitors ## @param metrics.serviceMonitor.namespace Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) ## @param metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator. ## @param metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator ## @param metrics.serviceMonitor.interval Specify the scrape interval if not specified use default prometheus scrapeInterval, the Prometheus default scrape interval is used. ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics. ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling. ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended ## @param metrics.serviceMonitor.selector Specify honorLabels parameter to add the scrape endpoint ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## metrics: serviceMonitor: namespace: "" enabled: false jobLabel: "app.kubernetes.io/name" interval: "" metricRelabelings: [] relabelings: [] honorLabels: false scrapeTimeout: "" selector: {} labels: {} ## @section Other parameters ## ## @param rbac.create Create the RBAC roles for API accessibility ## rbac: create: true ## @param rbac.rules [array] Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param tlsExistingSecret Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. ## tlsExistingSecret: ""