-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
- Loading branch information
Showing
4 changed files
with
182 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,61 +1,107 @@ | ||
## Spin Operator configuration | ||
|
||
## controllerManager represents the Spin Operator deployment. | ||
controllerManager: | ||
kubeRbacProxy: | ||
## manager represents the Spin Operator container. | ||
manager: | ||
## args are the default arguments to supply to the operator. | ||
## In general, these should be left as-is. | ||
args: | ||
- --secure-listen-address=0.0.0.0:8443 | ||
- --upstream=http://127.0.0.1:8080/ | ||
- --logtostderr=true | ||
- --v=0 | ||
- --health-probe-bind-address=:8082 | ||
- --metrics-bind-address=127.0.0.1:8080 | ||
- --leader-elect | ||
- --enable-webhooks | ||
## containerSecurityContext defines privilege and access control for the | ||
## container. | ||
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | ||
containerSecurityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
## image indicates which repository and tag combination will be used for | ||
## pulling the operator image. | ||
image: | ||
repository: gcr.io/kubebuilder/kube-rbac-proxy | ||
tag: v0.15.0 | ||
repository: ghcr.io/spinkube/spin-operator | ||
## By default, .Chart.AppVersion is used as the tag. | ||
## Updating this value to a version not aligned with the current chart | ||
## version may lead to unexpected or broken behavior. | ||
# tag: latest | ||
imagePullPolicy: IfNotPresent | ||
## resources represent default cpu/mem limits for the operator container. | ||
resources: | ||
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21 | ||
limits: | ||
cpu: 500m | ||
memory: 128Mi | ||
requests: | ||
cpu: 5m | ||
cpu: 10m | ||
memory: 64Mi | ||
manager: | ||
|
||
## kubeRbacProxy handles RBAC authorization with the Kubernetes API server. | ||
kubeRbacProxy: | ||
## args are the default arguments to supply to the RBAC proxy. | ||
## In general, these should be left as-is. | ||
args: | ||
- --health-probe-bind-address=:8082 | ||
- --metrics-bind-address=127.0.0.1:8080 | ||
- --leader-elect | ||
- --enable-webhooks | ||
- --secure-listen-address=0.0.0.0:8443 | ||
- --upstream=http://127.0.0.1:8080/ | ||
- --logtostderr=true | ||
- --v=0 | ||
## containerSecurityContext defines privilege and access control for the | ||
## container. | ||
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | ||
containerSecurityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
## image indicates which repository and tag combination will be used for | ||
## pulling the RBAC proxy image. | ||
image: | ||
repository: ghcr.io/spinkube/spin-operator | ||
tag: latest | ||
imagePullPolicy: IfNotPresent | ||
repository: gcr.io/kubebuilder/kube-rbac-proxy | ||
tag: v0.15.0 | ||
## resources represent default cpu/mem limits for the RBAC proxy container. | ||
resources: | ||
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21 | ||
limits: | ||
cpu: 500m | ||
memory: 128Mi | ||
requests: | ||
cpu: 10m | ||
cpu: 5m | ||
memory: 64Mi | ||
|
||
# replicas represent how many pod replicas of the controllerManager to run. | ||
replicas: 1 | ||
|
||
# serviceAccount represents configuration for the controllerManager Service Account. | ||
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | ||
serviceAccount: | ||
annotations: {} | ||
|
||
## kubernetesClusterDomain represents the domain used for service DNS within the cluster. | ||
kubernetesClusterDomain: cluster.local | ||
|
||
## metricsService configuration. | ||
## This configuration should only be updated in tandem with corresponding | ||
## controller and RBAC proxy configuration. | ||
metricsService: | ||
ports: | ||
- name: https | ||
port: 8443 | ||
protocol: TCP | ||
targetPort: https | ||
type: ClusterIP | ||
|
||
## webhookService configuration. | ||
webhookService: | ||
ports: | ||
- port: 443 | ||
protocol: TCP | ||
targetPort: 9443 | ||
type: ClusterIP | ||
|
||
## Sub-chart(s) configuration | ||
|
||
## kwasm-operator configuration overrides can be added below. | ||
## See https://github.com/KWasm/kwasm-operator/blob/main/charts/kwasm-operator/values.yaml | ||
# kwasm-operator: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
This chart directory currently holds files related to the | ||
[Spin Operator Helm chart](../../charts/spin-operator/) that we inject after | ||
[helmify](../../README.md#packaging-and-deployment-via-helm) performs chart | ||
(re-)generation. | ||
|
||
As an example, helmify produces an auto-generated | ||
`values.yaml` but we'd like to provide a more ergonomic and descriptive | ||
version for users, eg with ample comments. | ||
|
||
If we no longer use helmify, this configuration directory can be removed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
## Spin Operator configuration | ||
|
||
## controllerManager represents the Spin Operator deployment. | ||
controllerManager: | ||
## manager represents the Spin Operator container. | ||
manager: | ||
## args are the default arguments to supply to the operator. | ||
## In general, these should be left as-is. | ||
args: | ||
- --health-probe-bind-address=:8082 | ||
- --metrics-bind-address=127.0.0.1:8080 | ||
- --leader-elect | ||
- --enable-webhooks | ||
## containerSecurityContext defines privilege and access control for the | ||
## container. | ||
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | ||
containerSecurityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
## image indicates which repository and tag combination will be used for | ||
## pulling the operator image. | ||
image: | ||
repository: ghcr.io/spinkube/spin-operator | ||
## By default, .Chart.AppVersion is used as the tag. | ||
## Updating this value to a version not aligned with the current chart | ||
## version may lead to unexpected or broken behavior. | ||
# tag: latest | ||
imagePullPolicy: IfNotPresent | ||
## resources represent default cpu/mem limits for the operator container. | ||
resources: | ||
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21 | ||
limits: | ||
cpu: 500m | ||
memory: 128Mi | ||
requests: | ||
cpu: 10m | ||
memory: 64Mi | ||
|
||
## kubeRbacProxy handles RBAC authorization with the Kubernetes API server. | ||
kubeRbacProxy: | ||
## args are the default arguments to supply to the RBAC proxy. | ||
## In general, these should be left as-is. | ||
args: | ||
- --secure-listen-address=0.0.0.0:8443 | ||
- --upstream=http://127.0.0.1:8080/ | ||
- --logtostderr=true | ||
- --v=0 | ||
## containerSecurityContext defines privilege and access control for the | ||
## container. | ||
## See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | ||
containerSecurityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
## image indicates which repository and tag combination will be used for | ||
## pulling the RBAC proxy image. | ||
image: | ||
repository: gcr.io/kubebuilder/kube-rbac-proxy | ||
tag: v0.15.0 | ||
## resources represent default cpu/mem limits for the RBAC proxy container. | ||
resources: | ||
# TODO: update these per https://github.com/spinkube/spin-operator/issues/21 | ||
limits: | ||
cpu: 500m | ||
memory: 128Mi | ||
requests: | ||
cpu: 5m | ||
memory: 64Mi | ||
|
||
# replicas represent how many pod replicas of the controllerManager to run. | ||
replicas: 1 | ||
|
||
# serviceAccount represents configuration for the controllerManager Service Account. | ||
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | ||
serviceAccount: | ||
annotations: {} | ||
|
||
## kubernetesClusterDomain represents the domain used for service DNS within the cluster. | ||
kubernetesClusterDomain: cluster.local | ||
|
||
## metricsService configuration. | ||
## This configuration should only be updated in tandem with corresponding | ||
## controller and RBAC proxy configuration. | ||
metricsService: | ||
ports: | ||
- name: https | ||
port: 8443 | ||
protocol: TCP | ||
targetPort: https | ||
type: ClusterIP | ||
|
||
## webhookService configuration. | ||
webhookService: | ||
ports: | ||
- port: 443 | ||
protocol: TCP | ||
targetPort: 9443 | ||
type: ClusterIP | ||
|
||
## Sub-chart(s) configuration | ||
|
||
## kwasm-operator configuration overrides can be added below. | ||
## See https://github.com/KWasm/kwasm-operator/blob/main/charts/kwasm-operator/values.yaml | ||
# kwasm-operator: |