This repository was archived by the owner on Oct 14, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathvalues.yaml
More file actions
76 lines (69 loc) · 2.95 KB
/
values.yaml
File metadata and controls
76 lines (69 loc) · 2.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Default values for operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# telemetryEnabled -- The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry
telemetryEnabled: true
image:
# image.repository -- The operator image repository
repository: docker.io/securecodebox/operator
# image.tag -- Parser image tag
# @default -- defaults to the charts version
tag: null
# image.pullPolicy -- Image pull policy
pullPolicy: Always
securityContext:
# securityContext.runAsNonRoot -- Enforces that the Operator image is run as a non root user
runAsNonRoot: true
# securityContext.readOnlyRootFilesystem -- Prevents write access to the containers file system
readOnlyRootFilesystem: true
# securityContext.allowPrivilegeEscalation -- Ensure that users privileges cannot be escalated
allowPrivilegeEscalation: false
# securityContext.privileged -- Ensures that the operator container is not run in privileged mode
privileged: false
capabilities:
drop:
# securityContext.capabilities.drop[0] -- This drops all linux privileges from the operator container. They are not required
- all
lurcher:
image:
# lurcher.image.repository -- The operator image repository
repository: docker.io/securecodebox/lurcher
# lurcher.image.tag -- Parser image tag
# @default -- defaults to the charts version
tag: null
# lurcher.image.pullPolicy -- Image pull policy
pullPolicy: Always
minio:
# minio.enabled Enable this to use minio as storage backend instead of a cloud bucket provider like AWS S3, Google Cloud Storage, DigitalOcean Spaces etc.
enabled: true
defaultBucket:
enabled: true
name: "securecodebox"
# Config for external s3 systems
s3:
# s3.enabled Enable this and disable minio if you want to directly connect agains AWS S3, Google Cloud Storage, DigitalOcean Spaces etc.
enabled: false
endpoint: "fra1.digitaloceanspaces.com"
bucket: "my-bucket"
# Implicit 443. You probably only need to change this when the system uses a non default port
port: null
# Name to a k8s secret in the same namespace as this release with credentials to the s3 bucket
# By default this assumes to have 'accesskey' and 'secretkey' as attributes
# Example creation via kubectl:
# kubectl create secret generic my-secret --from-literal=accessKey="******" --from-literal=secretKey="******"
keySecret: my-secret
# Names to the attributes in the s3 secret
secretAttributeNames:
accesskey: accesskey
secretkey: secretkey
#
# Config for the operator ressource limits
#
# resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi