-
Notifications
You must be signed in to change notification settings - Fork 30
/
values.yaml
202 lines (190 loc) · 5.4 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# Default values for citrix-ingress-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# NetScaler Ingress Controller config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
imageTag: 1.42.12
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
openshift: false
adcCredentialSecret: "" # K8s Secret Name
# Enable secretStore to implement CSI Secret Provider classes for holding the nslogin credentials
secretStore:
enabled: false
username: {}
#valueFrom:
# configMapKeyRef:
# name: test1
# key: username
password: {}
#valueFrom:
# configMapKeyRef:
# name: test1
# key: password
nsIP: ""
nsVIP: ""
nsSNIPS: []
license:
accept: no
nsPort: 443
nsProtocol: HTTPS
nsEnableLabel: true
# nitroReadTimeout is timeout value in seconds for nitro api read timeout(default is 20)
nitroReadTimeout: 20
logLevel: INFO
jsonLog: false
entityPrefix: ""
kubernetesURL: ""
clusterName: ""
ingressClass: []
setAsDefaultIngressClass: False
serviceClass: []
defaultSSLCertSecret: ""
defaultSSLSNICertSecret: ""
podIPsforServiceGroupMembers: False
ignoreNodeExternalIP: False
ipam: False
# API server Cert verification can be disabled, while communicating with API Server, if disableAPIServerCertVerify set to True
disableAPIServerCertVerify: False
logProxy: ""
nodeWatch: false
cncPbr: False
nodeSelector:
key: ""
value: ""
tolerations: []
updateIngressStatus: True
nsHTTP2ServerSide: "OFF"
nsCookieVersion: "0"
nsConfigDnsRec: False
nsSvcLbDnsRec: False
nsDnsNameserver: ""
optimizeEndpointBinding: False
routeLabels: ""
namespaceLabels: ""
disableOpenshiftRoutes: False
profileSslFrontend: {}
# preconfigured: my_ssl_profile
# OR
# config:
# tls13: 'ENABLED'
# hsts: 'ENABLED'
profileHttpFrontend: {}
# preconfigured: my_http_profile
# OR
# config:
# dropinvalreqs: 'ENABLED'
# websocket: 'ENABLED'
profileTcpFrontend: {}
# preconfigured: my_tcp_profile
# OR
# config:
# sack: 'ENABLED'
# nagle: 'ENABLED'
# Exporter config details
exporter:
required: false
imageRegistry: quay.io
imageRepository: citrix/citrix-adc-metrics-exporter
imageTag: 1.4.9
image: "{{ .Values.exporter.imageRegistry }}/{{ .Values.exporter.imageRepository }}:{{ .Values.exporter.imageTag }}"
pullPolicy: IfNotPresent
ports:
containerPort: 8888
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
extraVolumeMounts: []
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user.
#- name: github-key
# mountPath: /etc/config/keys/
# readOnly: true
#- name: agent-init-scripts
# mountPath: /docker-entrypoint.d/
serviceMonitorExtraLabels: {}
# Enable RBAC role (so called local role), by default NSIC deployed with ClusterRole.
# below variable to deploy NSIC with RBAC role, only ingress service supported with this config
rbacRole: False
# Config required to be done by NetScaler Ingress Controller for sending metrics to NetScaler Observability Exporter
analyticsConfig:
required: false
distributedTracing:
enable: false
samplingrate: 100
endpoint:
server: ""
service: ""
timeseries:
port: 30002
metrics:
enable: false
mode: 'avro'
exportFrequency: 30
schemaFile: schema.json
enableNativeScrape: false
auditlogs:
enable: false
events:
enable: false
transactions:
enable: false
port: 30001
nsLbHashAlgo:
required: false
hashFingers: 256
hashAlgorithm: 'DEFAULT'
# Specifies whether a ServiceAccount should be created
serviceAccount:
create: true
# The name of the ServiceAccount to use.
# If not set and `create` is true, a name is generated using the fullname template
# name:
podAnnotations: {}
resources:
requests:
cpu: 32m
memory: 128Mi
# Following values depends on no of ingresses configured by Ingress Controllers, so it is
# advised to test with maximum no of ingresses to set these values.
# limits:
# cpu: 1000m
# memory: 1000Mi
limits: {}
# Following values depends on no of ingresses configured by Ingress Controllers, so it is
# advised to test with maximum no of ingresses to set these values.
# limits:
# cpu: 1000m
# memory: 1000Mi
affinity: {}
extraVolumeMounts: []
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user.
#- name: github-key
# mountPath: /etc/config/keys/
# readOnly: true
#- name: agent-init-scripts
# mountPath: /docker-entrypoint.d/
extraVolumes: []
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user.
#- name: agent-init-scripts
# configMap:
# name: agent-init-scripts
# defaultMode: 0755
#- name: github-key
# secret:
# secretName: github-key
# defaultMode: 0744