diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 00000000..c477b4fa --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: etcd-operator +description: The official Kubernetes operator for etcd. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# Same value as in values.yml#image.tag + +icon: https://avatars.githubusercontent.com/u/41972792?s=48&v=4 + +home: https://github.com/etcd-io/etcd-operator/tree/main +sources: + - https://github.com/luismacosta/etcd-operator/helm + +maintainers: + - name: etcd-io + +appVersion: v3.5.18 +version: 3.5.18 diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 00000000..b7732037 --- /dev/null +++ b/helm/README.md @@ -0,0 +1,54 @@ +# etcd-operator + +![Version: 3.5.18](https://img.shields.io/badge/Version-3.5.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.5.18](https://img.shields.io/badge/AppVersion-v3.5.18-informational?style=flat-square) + +The official Kubernetes operator for etcd. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| etcd-io | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | | +| commonLabels | object | `{}` | Labels that get applied to every resource's metadata | +| image.repository | string | `"quay.io/coreos/etcd-operator"` | | +| image.tag | string | `"1.0.0"` | | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.initialDelaySeconds | int | `15` | | +| livenessProbe.periodSeconds | int | `20` | | +| livenessProbe.port | int | `8081` | | +| livenessProbe.timeoutSeconds | int | `1` | | +| manager.replicas | int | `1` | | +| nameOverride | string | `nil` | | +| networkPolicy.enabled | bool | `false` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). | +| prometheus.enabled | bool | `false` | | +| readinessProbe.failureThreshold | int | `12` | | +| readinessProbe.initialDelaySeconds | int | `5` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.port | int | `8081` | | +| readinessProbe.timeoutSeconds | int | `1` | | +| resources.limits.cpu | string | `"500m"` | | +| resources.limits.memory | string | `"128Mi"` | | +| resources.requests.cpu | string | `"10m"` | | +| resources.requests.memory | string | `"64Mi"` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `"controller-manager"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| terminationGracePeriodSeconds | int | `10` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/crds/operator.etcd.io_etcdclusters.yaml b/helm/crds/operator.etcd.io_etcdclusters.yaml new file mode 100644 index 00000000..d9ac256f --- /dev/null +++ b/helm/crds/operator.etcd.io_etcdclusters.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: etcdclusters.operator.etcd.io +spec: + group: operator.etcd.io + names: + kind: EtcdCluster + listKind: EtcdClusterList + plural: etcdclusters + singular: etcdcluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EtcdCluster is the Schema for the etcdclusters API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EtcdClusterSpec defines the desired state of EtcdCluster. + properties: + size: + description: Size is the expected size of the etcd cluster. + type: integer + storageSpec: + description: StorageSpec is the name of the StorageSpec to use for + the etcd cluster. If not provided, then each POD just uses the temporary + storage inside the container. + properties: + accessModes: + type: string + pvcName: + type: string + storageClassName: + type: string + volumeSizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + volumeSizeRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - volumeSizeRequest + type: object + tls: + description: TLS is the TLS certificate configuration to use for the + etcd cluster and etcd operator. + properties: + provider: + type: string + providerCfg: + properties: + autoCfg: + type: object + certManagerCfg: + type: object + type: object + type: object + version: + description: Version is the expected version of the etcd container + image. + type: string + required: + - size + - version + type: object + status: + description: EtcdClusterStatus defines the observed state of EtcdCluster. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 00000000..f0481dcc --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "etcd-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "etcd-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "etcd-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "etcd-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "etcd-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "etcd-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "etcd-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "etcd-operator.labels" -}} +helm.sh/chart: {{ include "etcd-operator.chart" . }} +{{ include "etcd-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} diff --git a/helm/templates/default/metrics_service.yaml b/helm/templates/default/metrics_service.yaml new file mode 100644 index 00000000..44ef6f0a --- /dev/null +++ b/helm/templates/default/metrics_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: etcd-operator + name: {{ include "etcd-operator.name" . }}-controller-manager-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager diff --git a/helm/templates/manager/manager.yaml b/helm/templates/manager/manager.yaml new file mode 100644 index 00000000..14fdd76a --- /dev/null +++ b/helm/templates/manager/manager.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "etcd-operator.name" . }}-controller-manager + namespace: {{ .Release.Namespace }} + labels: + control-plane: controller-manager + {{- include "etcd-operator.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} +spec: + selector: + matchLabels: + control-plane: controller-manager + {{- include "etcd-operator.selectorLabels" . | nindent 6 }} + replicas: {{ .Values.manager.replicas }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + control-plane: controller-manager + {{- include "etcd-operator.labels" . | nindent 8 }} + spec: + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.livenessProbe.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: /readyz + port: {{ .Values.livenessProbe.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + serviceAccountName: {{ include "etcd-operator.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} diff --git a/helm/templates/network-policy/allow-metrics-traffic.yaml b/helm/templates/network-policy/allow-metrics-traffic.yaml new file mode 100644 index 00000000..2010e984 --- /dev/null +++ b/helm/templates/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,28 @@ +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "etcd-operator.name" . }}-allow-metrics-traffic + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + {{- include "etcd-operator.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP +{{- end }} diff --git a/helm/templates/prometheus/monitor.yaml b/helm/templates/prometheus/monitor.yaml new file mode 100644 index 00000000..277e4d81 --- /dev/null +++ b/helm/templates/prometheus/monitor.yaml @@ -0,0 +1,33 @@ +# Prometheus Monitor Service (Metrics) +{{- if .Values.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "etcd-operator.name" . }}-controller-manager-metrics-monitor + namespace: {{ .Release.Namespace }} + labels: + control-plane: controller-manager + app.kubernetes.io/name: etcd-operator + app.kubernetes.io/managed-by: kustomize + +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager +{{- end }} diff --git a/helm/templates/rbac/etcdcluster_editor_role.yaml b/helm/templates/rbac/etcdcluster_editor_role.yaml new file mode 100644 index 00000000..6ea7ca1e --- /dev/null +++ b/helm/templates/rbac/etcdcluster_editor_role.yaml @@ -0,0 +1,26 @@ +# permissions for end users to edit etcdclusters. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + name: {{ include "etcd-operator.name" . }}-editor-role +rules: +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters/status + verbs: + - get diff --git a/helm/templates/rbac/etcdcluster_viewer_role.yaml b/helm/templates/rbac/etcdcluster_viewer_role.yaml new file mode 100644 index 00000000..a6d29b3d --- /dev/null +++ b/helm/templates/rbac/etcdcluster_viewer_role.yaml @@ -0,0 +1,22 @@ +# permissions for end users to view etcdclusters. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + name: {{ include "etcd-operator.name" . }}-viewer-role +rules: +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters + verbs: + - get + - list + - watch +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters/status + verbs: + - get diff --git a/helm/templates/rbac/leader_election_role.yaml b/helm/templates/rbac/leader_election_role.yaml new file mode 100644 index 00000000..d38b60f9 --- /dev/null +++ b/helm/templates/rbac/leader_election_role.yaml @@ -0,0 +1,39 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + name: {{ include "etcd-operator.name" . }}-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/helm/templates/rbac/leader_election_role_binding.yaml b/helm/templates/rbac/leader_election_role_binding.yaml new file mode 100644 index 00000000..b80c2106 --- /dev/null +++ b/helm/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + name: {{ include "etcd-operator.name" . }}-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: {{ include "etcd-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/helm/templates/rbac/metrics_auth_role.yaml b/helm/templates/rbac/metrics_auth_role.yaml new file mode 100644 index 00000000..aae3154f --- /dev/null +++ b/helm/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "etcd-operator.name" . }}-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/helm/templates/rbac/metrics_auth_role_binding.yaml b/helm/templates/rbac/metrics_auth_role_binding.yaml new file mode 100644 index 00000000..da7f4c56 --- /dev/null +++ b/helm/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "etcd-operator.name" . }}-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "etcd-operator.name" . }}-metrics-auth-role +subjects: +- kind: ServiceAccount + name: {{ include "etcd-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/helm/templates/rbac/metrics_reader_role.yaml b/helm/templates/rbac/metrics_reader_role.yaml new file mode 100644 index 00000000..d422f1fa --- /dev/null +++ b/helm/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "etcd-operator.name" . }}-metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/helm/templates/rbac/role.yaml b/helm/templates/rbac/role.yaml new file mode 100644 index 00000000..31682292 --- /dev/null +++ b/helm/templates/rbac/role.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "etcd-operator.name" . }}-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters/finalizers + verbs: + - update +- apiGroups: + - operator.etcd.io + resources: + - etcdclusters/status + verbs: + - get + - patch + - update diff --git a/helm/templates/rbac/role_binding.yaml b/helm/templates/rbac/role_binding.yaml new file mode 100644 index 00000000..bc24d884 --- /dev/null +++ b/helm/templates/rbac/role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + name: {{ include "etcd-operator.name" . }}-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: {{ include "etcd-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/helm/templates/service_account.yaml b/helm/templates/service_account.yaml new file mode 100644 index 00000000..cde65155 --- /dev/null +++ b/helm/templates/service_account.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "etcd-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 00000000..d5d48b05 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,66 @@ +# Default values for etcd-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# If you do want to specify resources, use the following example, and adjust +# it as necessary. +resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + +image: + repository: quay.io/coreos/etcd-operator + tag: 1.0.0 + +manager: + replicas: 1 + +prometheus: + enabled: false + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "controller-manager" + # -- Annotations to add to the service account + annotations: {} + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +podSecurityContext: {} + +podAnnotations: {} + +annotations: {} + +affinity: {} + +nameOverride: + +networkPolicy: + enabled: false + +terminationGracePeriodSeconds: 10 + +livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 20 + failureThreshold: 3 + timeoutSeconds: 1 + port: 8081 + +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 12 + timeoutSeconds: 1 + port: 8081