Factory/sriov-network-operator-chart/values.yaml

126 lines
4.4 KiB
YAML

operator:
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- effect: NoExecute
key: node-role.kubernetes.io/etcd
operator: Exists
nodeSelector: {}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: In
values: [""]
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/control-plane"
operator: In
values: [""]
nameOverride: ""
fullnameOverride: ""
resourcePrefix: "rancher.io"
cniBinPath: "/opt/cni/bin"
clusterType: "kubernetes"
admissionControllers:
enabled: false
certificates:
secretNames:
operator: "operator-webhook-cert"
injector: "network-resources-injector-cert"
certManager:
# When enabled, makes use of certificates managed by cert-manager.
enabled: false
# When enabled, certificates are generated via cert-manager and then name will match the name of the secrets
# defined above
generateSelfSigned: false
# If not specified, no secret is created and secrets with the names defined above are expected to exist in the
# cluster. In that case, the ca.crt must be base64 encoded twice since it ends up being an env variable.
custom:
enabled: false
# operator:
# caCrt: |
# -----BEGIN CERTIFICATE-----
# MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
# ...
# -----END CERTIFICATE-----
# tlsCrt: |
# -----BEGIN CERTIFICATE-----
# MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
# ...
# -----END CERTIFICATE-----
# tlsKey: |
# -----BEGIN EC PRIVATE KEY-----
# MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
# ...
# -----END EC PRIVATE KEY-----
# injector:
# caCrt: |
# -----BEGIN CERTIFICATE-----
# MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
# ...
# -----END CERTIFICATE-----
# tlsCrt: |
# -----BEGIN CERTIFICATE-----
# MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
# ...
# -----END CERTIFICATE-----
# tlsKey: |
# -----BEGIN EC PRIVATE KEY-----
# MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
# ...
# -----END EC PRIVATE KEY-----
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
# node slectors for sriov-network-config-daemon
configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
# log level for both operator and sriov-network-config-daemon
logLevel: 2
# disable node draining when configuring SR-IOV, set to true in case of a single node
# cluster or any other justifiable reason
disableDrain: false
# sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
configurationMode: daemon
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
operator:
repository: rancher/hardened-sriov-network-operator
tag: v1.4.0-build20241113
sriovConfigDaemon:
repository: rancher/hardened-sriov-network-config-daemon
tag: v1.4.0-build20241113
sriovCni:
repository: rancher/hardened-sriov-cni
tag: v2.8.1-build20241113
ibSriovCni:
repository: rancher/hardened-ib-sriov-cni
tag: v1.1.1-build20241113
sriovDevicePlugin:
repository: rancher/hardened-sriov-network-device-plugin
tag: v3.8.0-build20241114
resourcesInjector:
repository: rancher/hardened-sriov-network-resources-injector
tag: v1.6.0-build20241113
webhook:
repository: rancher/hardened-sriov-network-webhook
tag: v1.4.0-build20241113
imagePullSecrets: []
extraDeploy: []
global:
cattle:
systemDefaultRegistry: ""
rbac:
userRoles:
aggregateToDefaultRoles: false