mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 19:45:35 +00:00
de85610be0
cmd/k8s-operator/deploy/chart: allow users to configure additional labels for the operator's Pod via Helm chart values. Fixes #11947 Signed-off-by: Gabe Gorelick <gabe@hightouch.io>
76 lines
2.6 KiB
YAML
76 lines
2.6 KiB
YAML
# Copyright (c) Tailscale Inc & AUTHORS
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
# Operator oauth credentials. If set a Kubernetes Secret with the provided
|
|
# values will be created in the operator namespace. If unset a Secret named
|
|
# operator-oauth must be precreated.
|
|
oauth: {}
|
|
# clientId: ""
|
|
# clientSecret: ""
|
|
|
|
# installCRDs determines whether tailscale.com CRDs should be installed as part
|
|
# of chart installation. We do not use Helm's CRD installation mechanism as that
|
|
# does not allow for upgrading CRDs.
|
|
# https://helm.sh/docs/chart_best_practices/custom_resource_definitions/
|
|
installCRDs: true
|
|
|
|
operatorConfig:
|
|
# ACL tag that operator will be tagged with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags are defined as array items and passed to the operator as a comma-separated string
|
|
defaultTags:
|
|
- "tag:k8s-operator"
|
|
|
|
image:
|
|
repo: tailscale/k8s-operator
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
pullPolicy: Always
|
|
logging: "info" # info, debug, dev
|
|
hostname: "tailscale-operator"
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
|
|
resources: {}
|
|
|
|
podAnnotations: {}
|
|
podLabels: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
podSecurityContext: {}
|
|
|
|
securityContext: {}
|
|
|
|
# proxyConfig contains configuraton that will be applied to any ingress/egress
|
|
# proxies created by the operator.
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-ingress
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#cluster-egress
|
|
proxyConfig:
|
|
image:
|
|
repo: tailscale/tailscale
|
|
# Digest will be prioritized over tag. If neither are set appVersion will be
|
|
# used.
|
|
tag: ""
|
|
digest: ""
|
|
# ACL tag that operator will tag proxies with. Operator must be made owner of
|
|
# these tags
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/?q=operator#setting-up-the-kubernetes-operator
|
|
# Multiple tags can be passed as a comma-separated string i.e 'tag:k8s-proxies,tag:prod'.
|
|
# Note that if you pass multiple tags to this field via `--set` flag to helm upgrade/install commands you must escape the comma (for example, "tag:k8s-proxies\,tag:prod"). See https://github.com/helm/helm/issues/1556
|
|
defaultTags: "tag:k8s"
|
|
firewallMode: auto
|
|
|
|
# apiServerProxyConfig allows to configure whether the operator should expose
|
|
# Kubernetes API server.
|
|
# https://tailscale.com/kb/1236/kubernetes-operator/#accessing-the-kubernetes-control-plane-using-an-api-server-proxy
|
|
apiServerProxyConfig:
|
|
mode: "false" # "true", "false", "noauth"
|
|
|
|
imagePullSecrets: []
|