add istio with kiali [ci skip]
This commit is contained in:
parent
a1382cf46a
commit
757e598c4d
4 changed files with 797 additions and 0 deletions
122
modules/kubernetes/istio/kiali.yaml
Normal file
122
modules/kubernetes/istio/kiali.yaml
Normal file
|
|
@ -0,0 +1,122 @@
|
|||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
image: # see: https://quay.io/repository/kiali/kiali-operator?tab=tags
|
||||
repo: quay.io/kiali/kiali-operator # quay.io/kiali/kiali-operator
|
||||
tag: v1.78.0 # version string like v1.39.0 or a digest hash
|
||||
digest: "" # use "sha256" if tag is a sha256 hash (do NOT prefix this value with a "@")
|
||||
pullPolicy: Always
|
||||
pullSecrets: []
|
||||
|
||||
# Deployment options for the operator pod.
|
||||
nodeSelector: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
env: []
|
||||
tolerations: []
|
||||
resources:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "64Mi"
|
||||
affinity: {}
|
||||
replicaCount: 1
|
||||
priorityClassName: ""
|
||||
securityContext: {}
|
||||
|
||||
# metrics.enabled: set to true if you want Prometheus to collect metrics from the operator
|
||||
metrics:
|
||||
enabled: true
|
||||
|
||||
# debug.enabled: when true the full ansible logs are dumped after each reconciliation run
|
||||
# debug.verbosity: defines the amount of details the operator will log (higher numbers are more noisy)
|
||||
# debug.enableProfiler: when true (regardless of debug.enabled), timings for the most expensive tasks will be logged after each reconciliation loop
|
||||
debug:
|
||||
enabled: true
|
||||
verbosity: "1"
|
||||
enableProfiler: false
|
||||
|
||||
# Defines where the operator will look for Kial CR resources. "" means "all namespaces".
|
||||
watchNamespace: ""
|
||||
|
||||
# Set to true if you want the operator to be able to create cluster roles. This is necessary
|
||||
# if you want to support Kiali CRs with spec.deployment.accessible_namespaces of '**'.
|
||||
# Setting this to "true" requires allowAllAccessibleNamespaces to be "true" also.
|
||||
# Note that this will be overriden to "true" if cr.create is true and cr.spec.deployment.accessible_namespaces is ['**'].
|
||||
clusterRoleCreator: true
|
||||
|
||||
# Set to a list of secrets in the cluster that the operator will be allowed to read. This is necessary if you want to
|
||||
# support Kiali CRs with spec.kiali_feature_flags.certificates_information_indicators.enabled=true.
|
||||
# The secrets in this list will be the only ones allowed to be specified in any Kiali CR (in the setting
|
||||
# spec.kiali_feature_flags.certificates_information_indicators.secrets).
|
||||
# If you set this to an empty list, the operator will not be given permission to read any additional secrets
|
||||
# found in the cluster, and thus will only support a value of "false" in the Kiali CR setting
|
||||
# spec.kiali_feature_flags.certificates_information_indicators.enabled.
|
||||
secretReader: ["cacerts", "istio-ca-secret"]
|
||||
|
||||
# Set to true if you want to allow the operator to only be able to install Kiali in view-only-mode.
|
||||
# The purpose for this setting is to allow you to restrict the permissions given to the operator itself.
|
||||
onlyViewOnlyMode: false
|
||||
|
||||
# allowAdHocKialiNamespace tells the operator to allow a user to be able to install a Kiali CR in one namespace but
|
||||
# be able to install Kiali in another namespace. In other words, it will allow the Kiali CR spec.deployment.namespace
|
||||
# to be something other than the namespace where the CR is installed. You may want to disable this if you are
|
||||
# running in a multi-tenant scenario in which you only want a user to be able to install Kiali in the same namespace
|
||||
# where the user has permissions to install a Kiali CR.
|
||||
allowAdHocKialiNamespace: true
|
||||
|
||||
# allowAdHocKialiImage tells the operator to allow a user to be able to install a custom Kiali image as opposed
|
||||
# to the image the operator will install by default. In other words, it will allow the
|
||||
# Kiali CR spec.deployment.image_name and spec.deployment.image_version to be configured by the user.
|
||||
# You may want to disable this if you do not want users to install their own Kiali images.
|
||||
allowAdHocKialiImage: false
|
||||
|
||||
# allowAdHocOSSMConsoleImage tells the operator to allow a user to be able to install a custom OSSMC image as opposed
|
||||
# to the image the operator will install by default. In other words, it will allow the
|
||||
# OSSMConsole CR spec.deployment.imageName and spec.deployment.imageVersion to be configured by the user.
|
||||
# You may want to disable this if you do not want users to install their own OSSMC images.
|
||||
# This is only applicable when running on OpenShift.
|
||||
allowAdHocOSSMConsoleImage: false
|
||||
|
||||
# allowSecurityContextOverride tells the operator to allow a user to be able to fully override the Kiali
|
||||
# container securityContext. If this is false, certain securityContext settings must exist on the Kiali
|
||||
# container and any attempt to override them will be ignored.
|
||||
allowSecurityContextOverride: false
|
||||
|
||||
# allowAllAccessibleNamespaces tells the operator to allow a user to be able to configure Kiali
|
||||
# to access all namespaces in the cluster via spec.deployment.accessible_namespaces=['**'].
|
||||
# If this is false, the user must specify an explicit list of namespaces in the Kiali CR.
|
||||
# Setting this to "true" requires clusterRoleCreator to be "true" also.
|
||||
# Note that this will be overriden to "true" if cr.create is true and cr.spec.deployment.accessible_namespaces is ['**'].
|
||||
allowAllAccessibleNamespaces: true
|
||||
|
||||
# accessibleNamespacesLabel restricts the namespaces that a user can add to the Kiali CR spec.deployment.accessible_namespaces.
|
||||
# This value is either an empty string (which disables this feature) or a label name with an optional label value
|
||||
# (e.g. "mylabel" or "mylabel=myvalue"). Only namespaces that have that label will be permitted in
|
||||
# spec.deployment.accessible_namespaces. Any namespace not labeled properly but specified in accessible_namespaces will cause
|
||||
# the operator to abort the Kiali installation.
|
||||
# If just a label name (but no label value) is specified, the label value the operator will look for is the value of
|
||||
# the Kiali CR's spec.istio_namespace. In other words, the operator will look for the named label whose value must be the name
|
||||
# of the Istio control plane namespace (which is typically, but not necessarily, "istio-system").
|
||||
accessibleNamespacesLabel: ""
|
||||
|
||||
# For what a Kiali CR spec can look like, see:
|
||||
# https://github.com/kiali/kiali-operator/blob/master/deploy/kiali/kiali_cr.yaml
|
||||
cr:
|
||||
create: false
|
||||
name: kiali
|
||||
# If you elect to create a Kiali CR (--set cr.create=true)
|
||||
# and the operator is watching all namespaces (--set watchNamespace="")
|
||||
# then this is the namespace where the CR will be created (the default will be the operator namespace).
|
||||
namespace: ""
|
||||
|
||||
# Annotations to place in the Kiali CR metadata.
|
||||
annotations: {}
|
||||
|
||||
spec:
|
||||
deployment:
|
||||
accessible_namespaces:
|
||||
- "**"
|
||||
external_services:
|
||||
prometheus:
|
||||
# Prometheus service name is "metrics" and is in the "telemetry" namespace
|
||||
url: "http://prometheus-server.monitoring:80/"
|
||||
Loading…
Add table
Add a link
Reference in a new issue