· 6 years ago · Nov 06, 2019, 04:02 PM
1# Available parameters and their default values for the Consul chart.
2
3global:
4 # enabled is the master enabled switch. Setting this to true or false
5 # will enable or disable all the components within this chart by default.
6 # Each component can be overridden using the component-specific "enabled"
7 # value.
8 enabled: false
9
10 # Domain to register the Consul DNS server to listen for.
11 domain: consul
12
13 # Image is the name (and tag) of the Consul Docker image for clients and
14 # servers below. This can be overridden per component.
15 #
16 # Examples:
17 # image: "consul:1.4.2"
18 # image: "hashicorp/consul-enterprise:1.4.2-ent" # Enterprise Consul image
19 image: "consul:1.4.2"
20
21 # imageK8S is the name (and tag) of the consul-k8s Docker image that
22 # is used for functionality such as the catalog sync. This can be overridden
23 # per component below.
24 # Note: support for the catalog sync's liveness and readiness probes was added
25 # to consul-k8s v0.6.0. If using an older consul-k8s version, you may need to
26 # remove these checks to make the sync work.
27 imageK8S: "hashicorp/consul-k8s:0.7.0"
28
29 # Datacenter is the name of the datacenter that the agents should register
30 # as. This shouldn't be changed once the Consul cluster is up and running
31 # since Consul doesn't support an automatic way to change this value
32 # currently: https://github.com/hashicorp/consul/issues/1858
33 datacenter: dc1
34
35 # enablePodSecurityPolicies is a boolean flag that controls whether pod
36 # security policies are created for the consul components created by this
37 # chart. See https://kubernetes.io/docs/concepts/policy/pod-security-policy/
38 enablePodSecurityPolicies: false
39
40 # Gossip encryption key. To enable gossip encryption, provide the name of
41 # a Kubernetes secret that contains a gossip key. You can create a gossip
42 # key with the "consul keygen" command.
43 # See https://www.consul.io/docs/commands/keygen.html
44 gossipEncryption:
45 enabled: false
46 secretName: consul
47 secretKey: gossip-encryption-key
48
49# Server, when enabled, configures a server cluster to run. This should
50# be disabled if you plan on connecting to a Consul cluster external to
51# the Kube cluster.
52server:
53 enabled: false
54 image: null
55 replicas: 3
56 bootstrapExpect: 3 # Should <= replicas count
57
58 # enterpriseLicense refers to a Kubernetes secret that you have created that
59 # contains your enterprise license. It is required if you are using an
60 # enterprise binary. Defining it here applies it to your cluster once a leader
61 # has been elected. If you are not using an enterprise image
62 # or if you plan to introduce the license key via another route, then set
63 # these fields to null.
64 enterpriseLicense:
65 secretName: null
66 secretKey: null
67
68 # storage and storageClass are the settings for configuring stateful
69 # storage for the server pods. storage should be set to the disk size of
70 # the attached volume. storageClass is the class of storage which defaults
71 # to null (the Kube cluster will pick the default).
72 storage: 1Gi
73 storageClass: nfs-61
74
75 # connect will enable Connect on all the servers, initializing a CA
76 # for Connect-related connections. Other customizations can be done
77 # via the extraConfig setting.
78 connect: false
79
80 # Resource requests, limits, etc. for the server cluster placement. This
81 # should map directly to the value of the resources field for a PodSpec,
82 # formatted as a multi-line string. By default no direct resource request
83 # is made.
84 resources: null
85
86 # updatePartition is used to control a careful rolling update of Consul
87 # servers. This should be done particularly when changing the version
88 # of Consul. Please refer to the documentation for more information.
89 updatePartition: 0
90
91 # disruptionBudget enables the creation of a PodDisruptionBudget to
92 # prevent voluntary degrading of the Consul server cluster.
93 disruptionBudget:
94 enabled: true
95
96 # maxUnavailable will default to (n/2)-1 where n is the number of
97 # replicas. If you'd like a custom value, you can specify an override here.
98 maxUnavailable: null
99
100 # extraConfig is a raw string of extra configuration to set with the
101 # server. This should be JSON.
102 extraConfig: |
103 {
104 "cert_file": "/consul/userconfig/consul/consul.pem",
105 "ca_file": "/consul/userconfig/consul/ca.pem",
106 "key_file": "/consul/userconfig/consul/consul-key.pem",
107 "retry_join_wan":["192.168.246.102"]
108 }
109
110 # extraVolumes is a list of extra volumes to mount. These will be exposed
111 # to Consul in the path `/consul/userconfig/<name>/`. The value below is
112 # an array of objects, examples are shown below.
113 extraVolumes:
114 - type: "secret"
115 name: "consul"
116 load: false
117 # - type: secret (or "configMap")
118 # name: my-secret
119 # load: false # if true, will add to `-config-dir` to load by Consul
120
121 # Affinity Settings
122 # Commenting out or setting as empty the affinity variable, will allow
123 # deployment to single node services such as Minikube
124 affinity: |
125 podAntiAffinity:
126 requiredDuringSchedulingIgnoredDuringExecution:
127 - labelSelector:
128 matchLabels:
129 app: {{ template "consul.name" . }}
130 release: "{{ .Release.Name }}"
131 component: server
132 topologyKey: kubernetes.io/hostname
133
134 # Toleration Settings for server pods
135 # This should be a multi-line string matching the Toleration array
136 # in a PodSpec.
137 tolerations: ""
138
139 # nodeSelector labels for server pod assignment, formatted as a muli-line string.
140 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
141 # Example:
142 # nodeSelector: |
143 # beta.kubernetes.io/arch: amd64
144 nodeSelector: null
145
146 # used to assign priority to server pods
147 # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
148 priorityClassName: ""
149
150 # Extra annotations to attach to the server pods
151 # This should be a multi-line string mapping directly to the a map of
152 # the annotations to apply to the server pods
153 annotations: null
154
155 # extraEnvVars is a list of extra enviroment variables to set with the stateful set. These could be
156 # used to include proxy settings required for cloud auto-join feature,
157 # in case kubernetes cluster is behind egress http proxies. Additionally, it could be used to configure
158 # custom consul parameters.
159 extraEnvironmentVars: {}
160 # http_proxy: http://localhost:3128,
161 # https_proxy: http://localhost:3128,
162 # no_proxy: internal.domain.com
163
164# Client, when enabled, configures Consul clients to run on every node
165# within the Kube cluster. The current deployment model follows a traditional
166# DC where a single agent is deployed per node.
167client:
168 enabled: true
169 image: consul:1.4.4
170 join: ["192.168.246.102"]
171
172
173 # grpc should be set to true if the gRPC listener should be enabled.
174 # This should be set to true if connectInject is enabled.
175 grpc: false
176
177 # Resource requests, limits, etc. for the client cluster placement. This
178 # should map directly to the value of the resources field for a PodSpec,
179 # formatted as a multi-line string. By default no direct resource request
180 # is made.
181 resources: null
182
183 # extraConfig is a raw string of extra configuration to set with the -advertise=$(POD_IP)
184 # server. This should be JSON.
185 extraConfig: |
186 {
187 "cert_file": "/consul/userconfig/consul/consul.pem",
188 "ca_file": "/consul/userconfig/consul/ca.pem",
189 "key_file": "/consul/userconfig/consul/consul-key.pem"
190 }
191
192 # extraVolumes is a list of extra volumes to mount. These will be exposed
193 # to Consul in the path `/consul/userconfig/<name>/`. The value below is
194 # an array of objects, examples are shown below.
195 extraVolumes:
196 - type: "secret"
197 name: "consul"
198 load: false
199 # - type: secret (or "configMap")
200 # name: my-secret
201 # load: false # if true, will add to `-config-dir` to load by Consul
202
203 # Toleration Settings for Client pods
204 # This should be a multi-line string matching the Toleration array
205 # in a PodSpec.
206 # The example below will allow Client pods to run on every node
207 # regardless of taints
208 # tolerations: |
209 # - operator: "Exists"
210 tolerations: ""
211
212 # nodeSelector labels for client pod assignment, formatted as a muli-line string.
213 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
214 # Example:
215 # nodeSelector: |
216 # beta.kubernetes.io/arch: amd64
217 nodeSelector: null
218
219 # used to assign priority to client pods
220 # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
221 priorityClassName: ""
222
223 # Extra annotations to attach to the client pods
224 # This should be a multi-line string mapping directly to the a map of
225 # the annotations to apply to the client pods
226 annotations: null
227
228 # extraEnvVars is a list of extra enviroment variables to set with the pod. These could be
229 # used to include proxy settings required for cloud auto-join feature,
230 # in case kubernetes cluster is behind egress http proxies. Additionally, it could be used to configure
231 # custom consul parameters.
232 extraEnvironmentVars: {}
233 # http_proxy: http://localhost:3128,
234 # https_proxy: http://localhost:3128,
235 # no_proxy: internal.domain.com
236
237# Configuration for DNS configuration within the Kubernetes cluster.
238# This creates a service that routes to all agents (client or server)
239# for serving DNS requests. This DOES NOT automatically configure kube-dns
240# today, so you must still manually configure a `stubDomain` with kube-dns
241# for this to have any effect:
242# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers
243dns:
244 enabled: false
245
246ui:
247 # True if you want to enable the Consul UI. The UI will run only
248 # on the server nodes. This makes UI access via the service below (if
249 # enabled) predictable rather than "any node" if you're running Consul
250 # clients as well.
251 enabled: "True"
252
253 # True if you want to create a Service entry for the Consul UI.
254 #
255 # serviceType can be used to control the type of service created. For
256 # example, setting this to "LoadBalancer" will create an external load
257 # balancer (for supported K8S installations) to access the UI.
258 service:
259 enabled: true
260 type: null
261 # This should be a multi-line string mapping directly to the a map of
262 # the annotations to apply to the UI service
263 annotations: null
264 # Additional ServiceSpec values
265 # This should be a multi-line string mapping directly to a Kubernetes
266 # ServiceSpec object.
267 additionalSpec: null
268
269# syncCatalog will run the catalog sync process to sync K8S with Consul
270# services. This can run bidirectional (default) or unidirectionally (Consul
271# to K8S or K8S to Consul only).
272#
273# This process assumes that a Consul agent is available on the host IP.
274# This is done automatically if clients are enabled. If clients are not
275# enabled then set the node selection so that it chooses a node with a
276# Consul agent.
277syncCatalog:
278 # True if you want to enable the catalog sync. "-" for default.
279 enabled: true
280 image: null
281 default: false # true will sync by default, otherwise requires annotation
282
283 # toConsul and toK8S control whether syncing is enabled to Consul or K8S
284 # as a destination. If both of these are disabled, the sync will do nothing.
285 toConsul: true
286 toK8S: true
287
288 # k8sPrefix is the service prefix to prepend to services before registering
289 # with Kubernetes. For example "consul-" will register all services
290 # prepended with "consul-". (Consul -> Kubernetes sync)
291 k8sPrefix: null
292
293 # k8sTag is an optional tag that is applied to all of the Kubernetes services
294 # that are synced into Consul. If nothing is set, defaults to "k8s".
295 # (Kubernetes -> Consul sync)
296 k8sTag: null
297
298 # syncClusterIPServices syncs services of the ClusterIP type, which may
299 # or may not be broadly accessible depending on your Kubernetes cluster.
300 # Set this to false to skip syncing ClusterIP services.
301 syncClusterIPServices: true
302
303 # nodePortSyncType configures the type of syncing that happens for NodePort
304 # services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst.
305 # - ExternalOnly will only use a node's ExternalIP address for the sync
306 # - InternalOnly use's the node's InternalIP address
307 # - ExternalFirst will preferentially use the node's ExternalIP address, but
308 # if it doesn't exist, it will use the node's InternalIP address instead.
309 nodePortSyncType: ExternalFirst
310
311 # aclSyncToken refers to a Kubernetes secret that you have created that contains
312 # an ACL token for your Consul cluster which allows the sync process the correct
313 # permissions. This is only needed if ACLs are enabled on the Consul cluster.
314 aclSyncToken:
315 secretName: null
316 secretKey: null
317
318 # nodeSelector labels for syncCatalog pod assignment, formatted as a muli-line string.
319 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
320 # Example:
321 # nodeSelector: |
322 # beta.kubernetes.io/arch: amd64
323 nodeSelector: |
324 node-role.kubernetes.io/worker: worker
325
326# ConnectInject will enable the automatic Connect sidecar injector.
327connectInject:
328 enabled: false
329 image: null # image for consul-k8s that contains the injector
330 default: false # true will inject by default, otherwise requires annotation
331
332 # imageConsul and imageEnvoy can be set to Docker images for Consul and
333 # Envoy, respectively. If the Consul image is not specified, the global
334 # default will be used. If the Envoy image is not specified, an early
335 # version of Envoy will be used.
336 imageConsul: null
337 imageEnvoy: null
338
339 # namespaceSelector is the selector for restricting the webhook to only
340 # specific namespaces. This should be set to a multiline string.
341 namespaceSelector: null
342
343 # The certs section configures how the webhook TLS certs are configured.
344 # These are the TLS certs for the Kube apiserver communicating to the
345 # webhook. By default, the injector will generate and manage its own certs,
346 # but this requires the ability for the injector to update its own
347 # MutatingWebhookConfiguration. In a production environment, custom certs
348 # should probaly be used. Configure the values below to enable this.
349 certs:
350 # secretName is the name of the secret that has the TLS certificate and
351 # private key to serve the injector webhook. If this is null, then the
352 # injector will default to its automatic management mode that will assign
353 # a service account to the injector to generate its own certificates.
354 secretName: null
355
356 # caBundle is a base64-encoded PEM-encoded certificate bundle for the
357 # CA that signed the TLS certificate that the webhook serves. This must
358 # be set if secretName is non-null.
359 caBundle: ""
360
361 # certName and keyName are the names of the files within the secret for
362 # the TLS cert and private key, respectively. These have reasonable
363 # defaults but can be customized if necessary.
364 certName: tls.crt
365 keyName: tls.key
366
367 # nodeSelector labels for connectInject pod assignment, formatted as a muli-line string.
368 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
369 # Example:
370 # nodeSelector: |
371 # beta.kubernetes.io/arch: amd64
372 nodeSelector: null