| # -- Number of replicas in deployment |
| replicaCount: 1 |
| |
| # -- The Controller have CREATE and READ access to all Secrets in the namespaces listed below. |
| enabledNamespaces: [] |
| |
| # -- Single namespace mode. If enabled the controller will watch for resources only from namespace it is deployed in, ignoring others |
| singleNamespaceMode: false |
| |
| image: |
| # -- Ory Hydra-maester image |
| repository: oryd/hydra-maester |
| # -- Ory Hydra-maester version |
| tag: v0.0.27 |
| # -- Image pull policy |
| pullPolicy: IfNotPresent |
| |
| # -- Image pull secrets |
| imagePullSecrets: [] |
| |
| # -- Pod priority |
| ## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
| priorityClassName: "" |
| |
| # -- Connection data to admin service of Hydra |
| adminService: |
| # -- Service name |
| name: |
| # -- Service port |
| port: |
| # -- Set the clients endpoint, should be `/clients` for Hydra 1.x and |
| # `/admin/clients` for Hydra 2.x |
| endpoint: /admin/clients |
| |
| forwardedProto: |
| |
| deployment: |
| resources: |
| {} |
| # We usually recommend not to specify default resources and to leave this as a conscious |
| # choice for the user. This also increases chances charts run on environments with little |
| # resources, such as Minikube. If you do want to specify resources, uncomment the following |
| # lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
| # limits: |
| # cpu: 100m |
| # memory: 30Mi |
| # requests: |
| # cpu: 100m |
| # memory: 20Mi |
| |
| # -- Default security context |
| securityContext: |
| capabilities: |
| drop: |
| - ALL |
| seccompProfile: |
| type: RuntimeDefault |
| readOnlyRootFilesystem: true |
| runAsNonRoot: true |
| runAsUser: 1000 |
| allowPrivilegeEscalation: false |
| privileged: false |
| |
| # -- Node labels for pod assignment. |
| nodeSelector: {} |
| # If you do want to specify node labels, uncomment the following |
| # lines, adjust them as necessary, and remove the curly braces after 'annotations:'. |
| # foo: bar |
| |
| # -- Configure node tolerations. |
| tolerations: [] |
| # -- Deployment level extra annotations |
| extraAnnotations: {} |
| # -- Deployment level extra labels |
| extraLabels: {} |
| |
| # -- Configure pod topologySpreadConstraints. |
| topologySpreadConstraints: [] |
| # - maxSkew: 1 |
| # topologyKey: topology.kubernetes.io/zone |
| # whenUnsatisfiable: DoNotSchedule |
| # labelSelector: |
| # matchLabels: |
| # app.kubernetes.io/name: hydra |
| # app.kubernetes.io/instance: hydra |
| |
| # -- Configure pod dnsConfig. |
| dnsConfig: {} |
| # options: |
| # - name: "ndots" |
| # value: "1" |
| |
| # -- Specify pod metadata, this metadata is added directly to the pod, and not higher objects |
| podMetadata: |
| # -- Extra pod level labels |
| labels: {} |
| # -- Extra pod level annotations |
| annotations: {} |
| |
| # https://github.com/kubernetes/kubernetes/issues/57601 |
| # -- This applications connects to the k8s API and requires the permissions |
| automountServiceAccountToken: true |
| |
| # -- Arguments to be passed to the program |
| args: |
| # -- The minimum frequency at which watched resources are reconciled |
| syncPeriod: "" |
| # syncPeriod: 10h |
| |
| # -- Configure service account |
| serviceAccount: |
| # -- Annotations to add to the service account |
| annotations: {} |
| |
| # -- Configure node affinity |
| affinity: {} |
| |
| # -- PodDistributionBudget configuration |
| pdb: |
| enabled: false |
| spec: |
| minAvailable: 1 |