mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/deploy/charts/external-secrets/values.yaml
Gustavo Fernandes de Carvalho 0cb799b5cf
Feature/push secret (#1315) 
Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
2022-11-29 16:04:46 -03:00

390 lines
9.8 KiB
YAML
Raw Blame History

replicaCount: 1
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
# -- The image tag to use. The default is the chart appVersion.
# There are different image flavours available, like distroless and ubi.
# Please see GitHub release notes for image tags for these flavors.
# By default the distroless image is used.
tag: ""
# -- If set, install and upgrade CRDs through helm chart.
installCRDs: true
crds:
# -- If true, create CRDs for Cluster External Secret.
createClusterExternalSecret: true
# -- If true, create CRDs for Cluster Secret Store.
createClusterSecretStore: true
# -- If true, create CRDs for Push Secret.
createPushSecret: true
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- If true, external-secrets will perform leader election between instances to ensure no more
# than one instance of external-secrets operates at a time.
leaderElect: false
# -- If set external secrets will filter matching
# Secret Stores with the appropriate controller values.
controllerClass: ""
# -- If set external secrets are only reconciled in the
# provided namespace
scopedNamespace: ""
# -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace
# and implicitly disable cluster stores and cluster external secrets
scopedRBAC: false
# -- if true, the operator will process cluster external secret. Else, it will ignore them.
processClusterExternalSecret: true
# -- if true, the operator will process cluster store. Else, it will ignore them.
processClusterStore: true
# -- Specifies whether an external secret operator deployment be created.
createOperator: true
# -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
# a time.
concurrent: 1
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
webhook:
# -- Specifies whether a webhook deployment be created.
create: true
# -- Specifices the time to check if the cert is valid
certCheckInterval: "5m"
# -- Specifices the lookaheadInterval for certificate validity
lookaheadInterval: ""
replicaCount: 1
certDir: /tmp/certs
# -- specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
failurePolicy: Fail
# -- Specifies if webhook pod should use hostNetwork or not.
hostNetwork: false
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
# -- The image tag to use. The default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- The port the webhook will listen to
port: 10250
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
nodeSelector: {}
tolerations: []
affinity: {}
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
readinessProbe:
# -- Address for readiness probe
address: ""
# -- ReadinessProbe port for kubelet
port: 8081
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to Secret
secretAnnotations: {}
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
certController:
# -- Specifies whether a certificate controller deployment be created.
create: true
requeueInterval: "5m"
replicaCount: 1
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
nodeSelector: {}
tolerations: []
affinity: {}
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
# -- Specifies `dnsOptions` to deployment
dnsConfig: {}
View git blame Copy permalink