134 lines
3.5 KiB
YAML
134 lines
3.5 KiB
YAML
image:
|
|
pullPolicy: IfNotPresent
|
|
repository: registry.k8s.io/sig-storage/snapshot-controller
|
|
tag: v7.0.1
|
|
|
|
portal:
|
|
open:
|
|
enabled: false
|
|
service:
|
|
main:
|
|
enabled: true
|
|
ports:
|
|
main:
|
|
enabled: true
|
|
port: 8080
|
|
protocol: http
|
|
webhook:
|
|
enabled: true
|
|
ports:
|
|
webhook:
|
|
enabled: true
|
|
port: 8443
|
|
protocol: https
|
|
|
|
podOptions:
|
|
automountServiceAccountToken: true
|
|
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
args:
|
|
- "--http-endpoint=:{{ .Values.service.main.ports.main.port }}"
|
|
- "--leader-election=true"
|
|
- "--leader-election-namespace={{ .Release.Namespace }}"
|
|
probes:
|
|
liveness:
|
|
path: /metrics
|
|
readiness:
|
|
path: /metrics
|
|
startup:
|
|
path: /metrics
|
|
webhook:
|
|
enabled: false
|
|
podSpec:
|
|
containers:
|
|
webhook:
|
|
enabled: false
|
|
args:
|
|
- "--tlsPrivateKeyFile=/etc/snapshot-validation/tls.key"
|
|
- "--tlsCertFile=/etc/snapshot-validation/tls.crt"
|
|
- "--port={{ .Values.service.webhook.ports.webhook.port }}"
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
type: https
|
|
path: /readyz
|
|
port: 8443
|
|
readiness:
|
|
enabled: true
|
|
type: https
|
|
path: /readyz
|
|
port: 8443
|
|
startup:
|
|
enabled: true
|
|
type: https
|
|
path: /readyz
|
|
port: 8443
|
|
|
|
metrics:
|
|
main:
|
|
enabled: true
|
|
type: servicemonitor
|
|
endpoints:
|
|
- port: main
|
|
path: /metrics
|
|
targetSelector: main
|
|
|
|
serviceAccount:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
targetSelectAll: true
|
|
|
|
rbac:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
clusterWide: true
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumes"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumeclaims"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["storageclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["events"]
|
|
verbs: ["list", "watch", "create", "update", "patch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotcontents"]
|
|
verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotcontents/status"]
|
|
verbs: ["patch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshots"]
|
|
verbs: ["get", "list", "watch", "update", "patch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshots/status"]
|
|
verbs: ["update", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io", "groupsnapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotclasses", "volumegroupsnapshotclasses"]
|
|
verbs: ["list", "watch"]
|
|
role:
|
|
enabled: true
|
|
primary: false
|
|
clusterWide: false
|
|
serviceAccounts: ["main"]
|
|
rules:
|
|
- apiGroups: ["coordination.k8s.io"]
|
|
resources: ["leases"]
|
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|