187 lines
6.1 KiB
YAML
187 lines
6.1 KiB
YAML
################################################################################
|
|
## Deployment Configuration
|
|
################################################################################
|
|
|
|
# The Traffic Manager only support running with one replica at the moment.
|
|
# Configuring the replicaCount will be added in future versions of Telepresence
|
|
|
|
replicaCount: 1
|
|
|
|
# The Telepresence client will try to ensure that the Traffic Manager image is
|
|
# up to date and from the right registry. If you are changing the value below,
|
|
# ensure that the tag is the same as the client version and that the
|
|
# TELEPRESENCE_REGISTRY environment variable is equal to image.repository.
|
|
#
|
|
# The client will default to ghcr.io/telepresenceio/tel2:{{CLIENT_VERSION}}
|
|
|
|
image:
|
|
registry: ghcr.io/telepresenceio
|
|
name: tel2
|
|
pullPolicy: IfNotPresent
|
|
|
|
apiPort: 8081
|
|
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
################################################################################
|
|
## Traffic Manager Service Configuration
|
|
################################################################################
|
|
|
|
service:
|
|
type: ClusterIP
|
|
|
|
################################################################################
|
|
## Traffic Manager Configuration
|
|
################################################################################
|
|
|
|
# The log level of the Traffic Manager.
|
|
logLevel: info
|
|
|
|
# GRPC configuration for the Traffic Manager.
|
|
# This is identical to the grpc configuration for local clients.
|
|
# See https://www.telepresence.io/docs/latest/reference/config/#grpc for more info
|
|
grpc:
|
|
# Max time that the traffic-manager or traffic-agent will keep an idle client connection alive
|
|
connectionTTL: 24h
|
|
|
|
# maxReceiveSize is a quantity that configures the maximum message size that the traffic
|
|
# manager will service.
|
|
maxReceiveSize: 4Mi
|
|
|
|
# podCIDRStrategy controls what strategy the traffic-manager will use for finding out what
|
|
# CIDRs the cluster is using for its pods. Valid values are:
|
|
#
|
|
# nodePodCIDRs extract CIDRs from the podCIDR and podCIDRs field of the Node Spec.
|
|
# coverPodIPs extract IPs from the podIP and podIPs field of the Pod Status and compute the CIDRs needed to cover those IPs.
|
|
# environment use CIDRs listed in the space separated POD_CIDRS environment variable verbatim.
|
|
# auto first try nodePodCIDRs and if that fails, tru coverPodIPs
|
|
#
|
|
# Default: auto
|
|
podCIDRStrategy: auto
|
|
|
|
# maxNamespaceSpecificWatchers configures the threshold for when the traffic-manager switches from using one set of
|
|
# watchers for each managed namespace to using cluster-wide watchers. This threshold only applies when using a
|
|
# namespaceSelector, and only when the traffic-manager is permitted to list the cluster's namespaces.
|
|
maxNamespaceSpecificWatchers: 10
|
|
|
|
managerRbac:
|
|
# Default: true
|
|
create: true
|
|
|
|
timeouts:
|
|
# The duration the traffic manager should wait for an agent to arrive (i.e., to be registered in the traffic manager's state)
|
|
# Default: 30s
|
|
agentArrival: 30s
|
|
|
|
################################################################################
|
|
## Agent Injector Configuration
|
|
################################################################################
|
|
agentInjector:
|
|
enabled: true
|
|
name: agent-injector
|
|
secret:
|
|
name: mutator-webhook-tls
|
|
certificate:
|
|
# The method used by the agent-injector to access the generated secret.
|
|
# Possible options: watch or mount
|
|
#
|
|
# Default watch
|
|
accessMethod: watch
|
|
|
|
# The method used to generate the TLS certificate for the agent-injector.
|
|
#
|
|
# Possible options: helm, supplied, or certmanager.
|
|
#
|
|
# If set to `supplied`, ensure your Secret is in the same namespace as the traffic-manager,
|
|
# and that `.agentInjector.secret.name` is set to its name.
|
|
# See the Secret in `agentInjectorWebhook.yaml` for the expected structure of the data.
|
|
# NOTE: If the Secret values update, the helm chart MUST be re-applied to ensure the
|
|
# MutatingWebhookConfiguration uses the new values.
|
|
#
|
|
# Default: helm
|
|
method: helm
|
|
|
|
# The certmanager configuration block
|
|
#
|
|
certmanager:
|
|
commonName: agent-injector
|
|
duration: 2160h0m0s
|
|
issuerRef:
|
|
name: telepresence
|
|
kind: Issuer
|
|
|
|
injectPolicy: OnDemand
|
|
webhook:
|
|
name: agent-injector-webhook
|
|
admissionReviewVersions: ["v1"]
|
|
servicePath: /traffic-agent
|
|
port: 443
|
|
failurePolicy: Ignore
|
|
reinvocationPolicy: IfNeeded
|
|
sideEffects: None
|
|
timeoutSeconds: 5
|
|
|
|
################################################################################
|
|
## Telepresence traffic-agent configuration
|
|
################################################################################
|
|
agent:
|
|
appProtocolStrategy: http2Probe
|
|
port: 9900
|
|
mountPolicies:
|
|
"/tmp": Local
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
initContainer:
|
|
enabled: true
|
|
|
|
################################################################################
|
|
## Telepresence API Server Configuration
|
|
################################################################################
|
|
telepresenceAPI: {}
|
|
# The port on agent's localhost where the API service can be found
|
|
# Default: 0
|
|
# port: 0
|
|
|
|
################################################################################
|
|
## Prometheus Server Configuration
|
|
################################################################################
|
|
prometheus: {}
|
|
# Set this port number to enable a prometheus metrics http server for the
|
|
# traffic manager
|
|
# Default: 0
|
|
# port: 0
|
|
|
|
# Values specific to the helm chart hooks for managing upgrade/deleting
|
|
hooks:
|
|
busybox:
|
|
registry: docker.io
|
|
image: busybox
|
|
tag: latest
|
|
imagePullSecrets: []
|
|
|
|
curl:
|
|
registry: docker.io
|
|
image: "curlimages/curl"
|
|
tag: 8.1.1
|
|
imagePullSecrets: []
|
|
pullPolicy: IfNotPresent
|
|
|
|
client:
|
|
dns:
|
|
# Tell client's DNS resolver to never send names with these suffixes to the cluster side resolver
|
|
excludeSuffixes: [".com", ".io", ".net", ".org", ".ru"]
|
|
|
|
# Controls which workload kinds are recognized by Telepresence
|
|
workloads:
|
|
deployments:
|
|
enabled: true
|
|
replicaSets:
|
|
enabled: true
|
|
statefulSets:
|
|
enabled: true
|
|
argoRollouts:
|
|
enabled: false
|