...

Text file src/github.com/linkerd/linkerd2/viz/charts/linkerd-viz/values.yaml

Documentation: github.com/linkerd/linkerd2/viz/charts/linkerd-viz

     1# Default values for linkerd.
     2# This is a YAML-formatted file.
     3# Declare variables to be passed into your templates.
     4
     5# Fields that should be common with the core control plane
     6
     7# -- control plane version. See Proxy section for proxy version
     8linkerdVersion: linkerdVersionValue
     9# -- Kubernetes DNS Domain name to use
    10clusterDomain: cluster.local
    11# -- Additional labels to add to all pods
    12podLabels: {}
    13# -- Labels to apply to all resources
    14commonLabels: {}
    15# -- Trust domain used for identity
    16# @default -- clusterDomain
    17identityTrustDomain: ""
    18# -- Specifies the number of old ReplicaSets to retain to allow rollback.
    19revisionHistoryLimit: 10
    20
    21# -- Docker registry for all viz components
    22defaultRegistry: cr.l5d.io/linkerd
    23# -- Docker imagePullPolicy for all viz components
    24defaultImagePullPolicy: IfNotPresent
    25# -- Log level for all the viz components
    26defaultLogLevel: info
    27# -- Log format (`plain` or `json`) for all the viz components.
    28defaultLogFormat: plain
    29# -- UID for all the viz components
    30defaultUID: 2103
    31# -- GID for all the viz components
    32defaultGID: 2103
    33
    34# -- Namespace of the Linkerd core control-plane install
    35linkerdNamespace: linkerd
    36
    37# -- Default nodeSelector section, See the
    38# [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
    39nodeSelector: &default_node_selector
    40  kubernetes.io/os: linux
    41
    42# -- For Private docker registries, authentication is needed.
    43#  Registry secrets are applied to the respective service accounts
    44imagePullSecrets: []
    45# - name: my-private-docker-registry-login-secret
    46
    47# -- Default tolerations section, See the
    48# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
    49# for more information
    50tolerations: &default_tolerations
    51
    52# -- Enables Pod Anti Affinity logic to balance the placement of replicas
    53# across hosts and zones for High Availability.
    54# Enable this only when you have multiple replicas of components.
    55enablePodAntiAffinity: false
    56
    57# -- enables the creation of pod disruption budgets for tap, tap-injector, web and metrics-api components
    58enablePodDisruptionBudget: false
    59
    60# -- NodeAffinity section, See the
    61# [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
    62# for more information
    63# nodeAffinity:
    64
    65# -- Creates a Job that adds necessary metadata to the extension's namespace
    66# during install; disable if lack of privileges require doing this manually
    67createNamespaceMetadataJob: true
    68
    69# -- Create Roles and RoleBindings to associate this extension's
    70# ServiceAccounts to the control plane PSP resource. This requires that
    71# `enabledPSP` is set to true on the control plane install. Note PSP has been
    72# deprecated since k8s v1.21
    73enablePSP: false
    74
    75# -- url of external prometheus instance
    76prometheusUrl: ""
    77
    78# -- url of external jaeger instance
    79# Set this to `jaeger.linkerd-jaeger.svc.<clusterDomain>:16686` if you plan to use jaeger extension
    80jaegerUrl: ""
    81
    82# metrics API configuration
    83metricsAPI:
    84  # -- Number of replicas of the metrics-api component
    85  replicas: 1
    86  # -- log level of the metrics-api component
    87  # @default -- defaultLogLevel
    88  logLevel: ""
    89  # -- log format of the metrics-api component
    90  # @default -- defaultLogFormat
    91  logFormat: ""
    92  image:
    93    # -- Docker registry for the metrics-api component
    94    # @default -- defaultRegistry
    95    registry: ""
    96    # -- Docker image name for the metrics-api component
    97    name: metrics-api
    98    # -- Docker image tag for the metrics-api component
    99    # @default -- linkerdVersion
   100    tag: ""
   101    # -- Pull policy for the metrics-api component
   102    # @default -- defaultImagePullPolicy
   103    pullPolicy: ""
   104
   105  resources:
   106    cpu:
   107      # -- Maximum amount of CPU units that the metrics-api container can use
   108      limit:
   109      # -- Amount of CPU units that the metrics-api container requests
   110      request:
   111    memory:
   112      # -- Maximum amount of memory that metrics-api container can use
   113      limit:
   114      # -- Amount of memory that the metrics-api container requests
   115      request:
   116    ephemeral-storage:
   117      # -- Maximum amount of ephemeral storage that the metrics-api container can use
   118      limit: ""
   119      # -- Amount of ephemeral storage that the metrics-api container requests
   120      request: ""
   121
   122  proxy:
   123    # -- If set, overrides default proxy resources for the proxy injected
   124    # into the metrics-api component
   125    # resources:
   126
   127  # -- UID for the metrics-api resource
   128  UID:
   129
   130  # -- GID for the metrics-api resource
   131  GID:
   132
   133  # -- NodeSelector section, See the
   134  # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
   135  nodeSelector: *default_node_selector
   136  # -- Tolerations section, See the
   137  # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
   138  # for more information
   139  tolerations: *default_tolerations
   140
   141  # -- metrics-api service configuration
   142  service:
   143    # -- Additional annotations to add to metrics-api service
   144    annotations: {}
   145
   146# tap configuration
   147tap:
   148  # -- Number of tap component replicas
   149  replicas: 1
   150  # -- log level of the tap component
   151  # @default -- defaultLogLevel
   152  logLevel: ""
   153  # -- log format of the tap component
   154  # @default -- defaultLogFormat
   155  logFormat: ""
   156  image:
   157    # -- Docker registry for the tap instance
   158    # @default -- defaultRegistry
   159    registry: ""
   160    # -- Docker image name for the tap instance
   161    name: tap
   162    # -- Docker image tag for the tap instance
   163    # @default -- linkerdVersion
   164    tag: ""
   165    # -- Pull policy for the tap component
   166    # @default -- defaultImagePullPolicy
   167    pullPolicy: ""
   168
   169  # -- Do not create a secret resource for the Tap component.
   170  # If this is set to `true`, the value `tap.caBundle` must be set
   171  # or the ca bundle must injected with cert-manager ca injector using
   172  # `tap.injectCaFrom` or `tap.injectCaFromSecret` (see below).
   173  externalSecret: false
   174
   175  # -- Certificate for the Tap component. If not provided and not using an external secret
   176  # then Helm will generate one.
   177  crtPEM: |
   178
   179  # -- Certificate key for Tap component. If not provided and not using an external secret
   180  # then Helm will generate one.
   181  keyPEM: |
   182
   183  # -- Bundle of CA certificates for tap.
   184  # If not provided nor injected with cert-manager,
   185  # then Helm will use the certificate generated for `tap.crtPEM`.
   186  # If `tap.externalSecret` is set to true, this value, injectCaFrom, or
   187  # injectCaFromSecret must be set, as no certificate will be generated.
   188  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information.
   189  caBundle: |
   190
   191  # -- Inject the CA bundle from a cert-manager Certificate.
   192  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource)
   193  # for more information.
   194  injectCaFrom: ""
   195
   196  # -- Inject the CA bundle from a Secret.
   197  # If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook.
   198  # The Secret must have the CA Bundle stored in the `ca.crt` key and have
   199  # the `cert-manager.io/allow-direct-injection` annotation set to `true`.
   200  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource)
   201  # for more information.
   202  injectCaFromSecret: ""
   203
   204  resources:
   205    cpu:
   206      # -- Maximum amount of CPU units that the tap container can use
   207      limit:
   208      # -- Amount of CPU units that the tap container requests
   209      request:
   210    memory:
   211      # -- Maximum amount of memory that tap container can use
   212      limit:
   213      # -- Amount of memory that the tap container requests
   214      request:
   215    ephemeral-storage:
   216      # -- Maximum amount of ephemeral storage that the tap container can use
   217      limit: ""
   218      # -- Amount of ephemeral storage that the tap container requests
   219      request: ""
   220
   221  # -- List of headers that will be ignored for Linkerd Tap
   222  ignoreHeaders: []
   223
   224  proxy:
   225    # -- If set, overrides default proxy resources for the proxy injected
   226    # into the tap component
   227    # resources:
   228
   229  # -- UID for the tap component
   230  UID:
   231
   232  # -- GID for the tap component
   233  GID:
   234
   235  # -- tap service configuration
   236  service:
   237    # -- Additional annotations to add to tap service
   238    annotations: {}
   239
   240# tapInjector configuration
   241tapInjector:
   242  # -- Number of replicas of tapInjector
   243  replicas: 1
   244  # -- log level of the tapInjector
   245  # @default -- defaultLogLevel
   246  logLevel: ""
   247  # -- log format of the tapInjector component
   248  # @default -- defaultLogFormat
   249  logFormat: ""
   250  image:
   251    # -- Docker registry for the tapInjector instance
   252    # @default -- defaultRegistry
   253    registry: ""
   254    # -- Docker image name for the tapInjector instance
   255    name: tap
   256    # -- Docker image tag for the tapInjector instance
   257    # @default -- linkerdVersion
   258    tag: ""
   259    # -- Pull policy for the tapInjector component
   260    # @default -- defaultImagePullPolicy
   261    pullPolicy: ""
   262
   263  # -- Namespace selector used by admission webhook.
   264  namespaceSelector:
   265    matchExpressions:
   266    - key: kubernetes.io/metadata.name
   267      operator: NotIn
   268      values:
   269      - kube-system
   270  objectSelector:
   271    # matchLabels:
   272    #   foo: bar
   273  # -- UID for the tapInjector resource
   274  UID:
   275  # -- GID for the tapInjector resource
   276  GID:
   277  failurePolicy: Ignore
   278  resources:
   279    cpu:
   280      # -- Maximum amount of CPU units that the tapInjector container can use
   281      limit:
   282      # -- Amount of CPU units that the tapInjector container requests
   283      request:
   284    memory:
   285      # -- Maximum amount of memory that tapInjector container can use
   286      limit:
   287      # -- Amount of memory that the tapInjector container requests
   288      request:
   289    ephemeral-storage:
   290      # -- Maximum amount of ephemeral storage that the tapInjector container can use
   291      limit: ""
   292      # -- Amount of ephemeral storage that the tapInjector container requests
   293      request: ""
   294  proxy:
   295    # -- If set, overrides default proxy resources for the proxy injected
   296    # into the tapInjector component
   297    # resources:
   298
   299  # -- Do not create a secret resource for the tapInjector webhook.
   300  # If this is set to `true`, the value `tapInjector.caBundle` must be set
   301  # or the ca bundle must injected with cert-manager ca injector using
   302  # `tapInjector.injectCaFrom` or `tapInjector.injectCaFromSecret` (see below).
   303  externalSecret: false
   304
   305  # -- Certificate for the tapInjector. If not provided and not using an external secret
   306  # then Helm will generate one.
   307  crtPEM: |
   308
   309  # -- Certificate key for the tapInjector. If not provided and not using an external secret
   310  # then Helm will generate one.
   311  keyPEM: |
   312
   313  # -- Bundle of CA certificates for the tapInjector.
   314  # If not provided nor injected with cert-manager,
   315  # then Helm will use the certificate generated for `tapInjector.crtPEM`.
   316  # If `tapInjector.externalSecret` is set to true, this value, injectCaFrom, or
   317  # injectCaFromSecret must be set, as no certificate will be generated.
   318  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector) for more information.
   319  caBundle: |
   320
   321  # -- Inject the CA bundle from a cert-manager Certificate.
   322  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource)
   323  # for more information.
   324  injectCaFrom: ""
   325
   326  # -- Inject the CA bundle from a Secret.
   327  # If set, the `cert-manager.io/inject-ca-from-secret` annotation will be added to the webhook.
   328  # The Secret must have the CA Bundle stored in the `ca.crt` key and have
   329  # the `cert-manager.io/allow-direct-injection` annotation set to `true`.
   330  # See the cert-manager [CA Injector Docs](https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-secret-resource)
   331  # for more information.
   332  injectCaFromSecret: ""
   333
   334  # -- tap service configuration
   335  service:
   336    # -- Additional annotations to add to tapInjector service
   337    annotations: {}
   338
   339# web dashboard configuration
   340dashboard:
   341  # -- Number of replicas of dashboard
   342  replicas: 1
   343  # -- log level of the dashboard component
   344  # @default -- defaultLogLevel
   345  logLevel: ""
   346  # -- log format of the dashboard component
   347  # @default -- defaultLogFormat
   348  logFormat: ""
   349  image:
   350    # -- Docker registry for the web instance
   351    # @default -- defaultRegistry
   352    registry: ""
   353    # -- Docker image name for the web instance
   354    name: web
   355    # -- Docker image tag for the web instance
   356    # @default -- linkerdVersion
   357    tag: ""
   358    # -- Pull policy for the  web component
   359    # @default -- defaultImagePullPolicy
   360    pullPolicy: ""
   361
   362  # -- UID for the dashboard resource
   363  UID:
   364
   365  # -- GID for the dashboard resource
   366  GID:
   367
   368  # -- Restrict the Linkerd Dashboard's default privileges to disallow Tap and Check
   369  restrictPrivileges: false
   370
   371  # -- Host header validation regex for the dashboard. See the [Linkerd
   372  # documentation](https://linkerd.io/2/tasks/exposing-dashboard) for more
   373  # information
   374  enforcedHostRegexp: ""
   375  resources:
   376    cpu:
   377      # -- Maximum amount of CPU units that the web container can use
   378      limit:
   379      # -- Amount of CPU units that the web container requests
   380      request:
   381    memory:
   382      # -- Maximum amount of memory that web container can use
   383      limit:
   384      # -- Amount of memory that the web container requests
   385      request:
   386    ephemeral-storage:
   387      # -- Maximum amount of ephemeral storage that the web container can use
   388      limit: ""
   389      # -- Amount of ephemeral storage that the web container requests
   390      request: ""
   391
   392  proxy:
   393    # -- If set, overrides default proxy resources for the proxy injected
   394    # into the dashboard component
   395    # resources:
   396
   397  # -- dashboard service configuration
   398  service:
   399    # -- Additional annotations to add to dashboard service
   400    annotations: {}
   401
   402namespaceMetadata:
   403  image:
   404    # -- Docker registry for the namespace-metadata instance
   405    # @default -- defaultRegistry
   406    registry: ""
   407    # -- Docker image name for the namespace-metadata instance
   408    name: extension-init
   409    # -- Docker image tag for the namespace-metadata instance
   410    tag: v0.1.0
   411    # -- Pull policy for the namespace-metadata instance
   412    # @default -- defaultImagePullPolicy
   413    pullPolicy: ""
   414
   415  # -- NodeSelector section, See the
   416  # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
   417  nodeSelector: *default_node_selector
   418  # -- Tolerations section, See the
   419  # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
   420  # for more information
   421  tolerations: *default_tolerations
   422
   423grafana:
   424  # -- url of an in-cluster Grafana instance with reverse proxy configured, used by the
   425  # Linkerd viz web dashboard to provide direct links to specific Grafana
   426  # dashboards. Cannot be set if grafana.externalUrl is set. See the [Linkerd
   427  # documentation](https://linkerd.io/2/tasks/grafana) for more information
   428  url:
   429  # -- url of a Grafana instance hosted off-cluster. Cannot be set if
   430  # grafana.url is set. The reverse proxy will not be used for this URL.
   431  externalUrl:
   432  # -- prefix for Grafana dashboard UID's, used when grafana.externalUrl is
   433  # set.
   434  uidPrefix:
   435
   436prometheus:
   437  # -- toggle field to enable or disable prometheus
   438  enabled: true
   439  image:
   440    # -- Docker registry for the prometheus instance
   441    registry: prom
   442    # -- Docker image name for the prometheus instance
   443    name: prometheus
   444    # -- Docker image tag for the prometheus instance
   445    tag: v2.48.1
   446    # -- Pull policy for the prometheus instance
   447    # @default -- defaultImagePullPolicy
   448    pullPolicy: ""
   449
   450  # -- log level of the prometheus instance
   451  # @default -- defaultLogLevel
   452  logLevel: ""
   453  # -- log format (plain, json) of the prometheus instance
   454  # @default -- defaultLogLevel
   455  logFormat: ""
   456  # -- Command line options for Prometheus binary
   457  args:
   458    storage.tsdb.path: /data
   459    storage.tsdb.retention.time: 6h
   460    config.file: /etc/prometheus/prometheus.yml
   461  # -- The global configuration specifies parameters that are valid in all other
   462  # configuration contexts.
   463  globalConfig:
   464    scrape_interval: 10s
   465    scrape_timeout: 10s
   466    evaluation_interval: 10s
   467
   468  # -- annotations for the prometheus pod
   469  podAnnotations: {}
   470
   471  # -- Alert relabeling is applied to alerts before they are sent to the
   472  # Alertmanager.
   473  alertRelabelConfigs:
   474  # Ex:
   475  # - action: labeldrop
   476  #   regex: prometheus_replica
   477
   478  # -- Alertmanager instances the Prometheus server sends alerts to configured via
   479  # the static_configs parameter.
   480  alertmanagers:
   481  # Ex:
   482  # - scheme: http
   483  #   static_configs:
   484  #   - targets:
   485  #     - "alertmanager.linkerd.svc:9093"
   486
   487  # -- Allows transparently sending samples to an endpoint. Mostly used for long
   488  # term storage.
   489  remoteWrite:
   490
   491  # -- Alerting/recording rule ConfigMap mounts (sub-path names must end in
   492  # ´_rules.yml´ or ´_rules.yaml´)
   493  ruleConfigMapMounts:
   494  # Ex:
   495  # - name: alerting-rules
   496  #   subPath: alerting_rules.yml
   497  #   configMap: linkerd-prometheus-rules
   498  # - name: recording-rules
   499  #   subPath: recording_rules.yml
   500  #   configMap: linkerd-prometheus-rules
   501
   502  # -- A scrapeConfigs section specifies a set of targets and parameters
   503  # describing how to scrape them.
   504  scrapeConfigs:
   505  # Ex:
   506  # - job_name: 'kubernetes-nodes'
   507  #   scheme: https
   508  #   tls_config:
   509  #     ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
   510  #   bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
   511  #   kubernetes_sd_configs:
   512  #   - role: node
   513  #   relabel_configs:
   514  #   - action: labelmap
   515  #     regex: __meta_kubernetes_node_label_(.+)
   516
   517  # -- A metricRelabelConfigs section allows to drop high cardinality metrics.
   518  # *NOTE:* Please use with caution. Some metrics are needed for linkerd-viz to
   519  # function properly.
   520  metricRelabelConfigs:
   521  # This allows us to fine tune prometheus cardinality by dropping certain
   522  # metrics as suggested here: https://itnext.io/optimizing-linkerd-metrics-in-prometheus-de607ec10f6b
   523  #
   524  # Ex:
   525  # - action: keep
   526  #   source_labels: [le]
   527  #   regex: "(?i)(|10|50|100|500|1000|10000|30000|\\+Inf)"
   528
   529  # -- A sidecarContainers section specifies a list of secondary containers to run
   530  # in the prometheus pod e.g. to export data to non-prometheus systems
   531  sidecarContainers:
   532  # Ex:
   533  # - name: sidecar
   534  #   image: gcr.io/myproject/stackdriver-prometheus-sidecar
   535  #   imagePullPolicy: Always
   536  #   command:
   537  #   - /bin/sh
   538  #   - -c
   539  #   - |
   540  #     exec /bin/stackdriver-prometheus-sidecar \
   541  #       --stackdriver.project-id=myproject \
   542  #       --stackdriver.kubernetes.location=us-central1 \
   543  #       --stackdriver.kubernetes.cluster-name=mycluster \
   544  #       --prometheus.wal-directory=/data/wal \
   545  #       --log.level=info
   546  #   volumeMounts:
   547  #   - mountPath: /data
   548  #     name: data
   549  #   ports:
   550  #   - name: foo
   551  #     containerPort: 9091
   552  #     protocol: TCP
   553  ### WARNING: persistence is experimental and has not been tested/vetted by the Linkerd team.
   554  ### As such, please refer to https://linkerd.io/2/tasks/exporting-metrics/ for the recommended approach to metrics data retention.
   555  # if enabled, creates a persistent volume claim for prometheus data
   556  # https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
   557  #persistence:
   558  # -- Storage class used to create prometheus data PV.
   559  #  storageClass:
   560  # -- PVC access mode.
   561  #  accessMode:
   562  # -- Prometheus data volume size.
   563  #  size:
   564
   565  resources:
   566    cpu:
   567      # -- Maximum amount of CPU units that the prometheus container can use
   568      limit:
   569      # -- Amount of CPU units that the prometheus container requests
   570      request:
   571    memory:
   572      # -- Maximum amount of memory that prometheus container can use
   573      limit:
   574      # -- Amount of memory that the prometheus container requests
   575      request:
   576    ephemeral-storage:
   577      # -- Maximum amount of ephemeral storage that the prometheus container can use
   578      limit: ""
   579      # -- Amount of ephemeral storage that the prometheus container requests
   580      request: ""
   581
   582  proxy:
   583    # -- If set, overrides default proxy resources for the proxy injected
   584    # into the prometheus component
   585    # resources:
   586
   587  # -- NodeSelector section, See the
   588  # [K8S documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) for more information
   589  nodeSelector: *default_node_selector
   590  # -- Tolerations section, See the
   591  # [K8S documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
   592  # for more information
   593  tolerations: *default_tolerations

View as plain text