From 32528950757dba6d3930d85085965ef19bdd8804 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Mon, 13 Apr 2020 17:39:24 +0200 Subject: [PATCH] add nfs-client-provisioner (#8) * add nfs-client-provisioner * fix line-endings * add default value * change badge * fix ending --- README.md | 3 +- charts/nfs-client-provisioner/Chart.yaml | 15 ++++ charts/nfs-client-provisioner/README.md | 73 ++++++++++++++++++ .../templates/_helpers.tpl | 62 +++++++++++++++ .../templates/clusterrole.yaml | 30 ++++++++ .../templates/clusterrolebinding.yaml | 19 +++++ .../templates/deployment.yaml | 73 ++++++++++++++++++ .../templates/persistentvolume.yaml | 25 +++++++ .../templates/persistentvolumeclaim.yaml | 17 +++++ .../templates/podsecuritypolicy.yaml | 31 ++++++++ .../templates/role.yaml | 21 ++++++ .../templates/rolebinding.yaml | 19 +++++ .../templates/serviceaccount.yaml | 11 +++ .../templates/storageclass.yaml | 26 +++++++ charts/nfs-client-provisioner/values.yaml | 75 +++++++++++++++++++ 15 files changed, 499 insertions(+), 1 deletion(-) create mode 100644 charts/nfs-client-provisioner/Chart.yaml create mode 100644 charts/nfs-client-provisioner/README.md create mode 100644 charts/nfs-client-provisioner/templates/_helpers.tpl create mode 100644 charts/nfs-client-provisioner/templates/clusterrole.yaml create mode 100644 charts/nfs-client-provisioner/templates/clusterrolebinding.yaml create mode 100644 charts/nfs-client-provisioner/templates/deployment.yaml create mode 100644 charts/nfs-client-provisioner/templates/persistentvolume.yaml create mode 100644 charts/nfs-client-provisioner/templates/persistentvolumeclaim.yaml create mode 100644 charts/nfs-client-provisioner/templates/podsecuritypolicy.yaml create mode 100644 charts/nfs-client-provisioner/templates/role.yaml create mode 100644 charts/nfs-client-provisioner/templates/rolebinding.yaml create mode 100644 charts/nfs-client-provisioner/templates/serviceaccount.yaml create mode 100644 charts/nfs-client-provisioner/templates/storageclass.yaml create mode 100644 charts/nfs-client-provisioner/values.yaml diff --git a/README.md b/README.md index d6787a1..fe4c277 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Helm Charts -![GitHub Workflow Status](https://img.shields.io/github/workflow/status/code-chris/helm-charts/Release%20Charts?style=flat-square) +[![](https://github.com/code-chris/helm-charts/workflows/Release%20Charts/badge.svg?branch=master)](https://github.com/code-chris/helm-charts/actions) [![Mergify Status][mergify-status]][mergify] [mergify]: https://mergify.io @@ -17,5 +17,6 @@ helm repo add code-chris https://code-chris.github.io/helm-charts ## Charts - [cadvisor](https://github.com/code-chris/helm-charts/tree/master/charts/cadvisor) +- [nfs-client-provisioner](https://github.com/code-chris/helm-charts/tree/master/charts/nfs-client-provisioner) - [prometheus-blackbox-exporter](https://github.com/code-chris/helm-charts/tree/master/charts/prometheus-blackbox-exporter) - [prometheus-msteams](https://github.com/code-chris/helm-charts/tree/master/charts/prometheus-msteams) diff --git a/charts/nfs-client-provisioner/Chart.yaml b/charts/nfs-client-provisioner/Chart.yaml new file mode 100644 index 0000000..fcf273f --- /dev/null +++ b/charts/nfs-client-provisioner/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +description: nfs-client is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. +name: nfs-client-provisioner +version: 1.0.0 +appVersion: 3.1.0 +home: https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client +sources: + - https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client + - https://github.com/code-chris/helm-charts +maintainers: + - name: code-chris + email: christian.kotzbauer@gmail.com +keywords: +- nfs +- storage diff --git a/charts/nfs-client-provisioner/README.md b/charts/nfs-client-provisioner/README.md new file mode 100644 index 0000000..d6df061 --- /dev/null +++ b/charts/nfs-client-provisioner/README.md @@ -0,0 +1,73 @@ +# nfs-client-provisioner + +The [NFS client provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) is an automatic provisioner for Kubernetes that uses your *already configured* NFS server, automatically creating Persistent Volumes. + +## TL;DR; + +```console +$ helm install --set nfs.server=x.x.x.x --set nfs.path=/exported/path code-chris/nfs-client-provisioner +``` + +For **arm** deployments set `image.repository` to `--set image.repository=quay.io/external_storage/nfs-client-provisioner-arm` + +## Introduction + +This charts installs custom [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/) into a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It also installs a [NFS client provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) into the cluster which dynamically creates persistent volumes from single NFS share. + +## Prerequisites + +- Kubernetes 1.9+ +- Existing NFS Share + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release --set nfs.server=x.x.x.x --set nfs.path=/exported/path code-chris/nfs-client-provisioner +``` + +The command deploys the given storage class in the default configuration. It can be used afterswards to provision persistent volumes. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of this chart and their default values. + +| Parameter | Description | Default | +| --------------------------------- | ------------------------------------- | --------------------------------------------------------- | +| `replicaCount` | Number of provisioner instances to deployed | `1` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| `image.repository` | Provisioner image | `quay.io/external_storage/nfs-client-provisioner` | +| `image.tag` | Version of provisioner image | `v3.1.0-k8s1.11` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `storageClass.name` | Name of the storageClass | `nfs-client` | +| `storageClass.defaultClass` | Set as the default StorageClass | `false` | +| `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` | +| `storageClass.reclaimPolicy` | Method used to reclaim an obsoleted volume | `Delete` | +| `storageClass.provisionerName` | Name of the provisionerName | null | +| `storageClass.archiveOnDelete` | Archive pvc when deleting | `true` | +| `nfs.server` | Hostname of the NFS server | null (ip or hostname) | +| `nfs.path` | Basepath of the mount point to be used | `/ifs/kubernetes` | +| `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null | +| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| `rbac.create` | Use Role-based Access Control | `true` | +| `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | +| `priorityClassName` | Set pod priorityClassName | null | +| `serviceAccount.create` | Should we create a ServiceAccount | `true` | +| `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | + diff --git a/charts/nfs-client-provisioner/templates/_helpers.tpl b/charts/nfs-client-provisioner/templates/_helpers.tpl new file mode 100644 index 0000000..d8d4e51 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nfs-client-provisioner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nfs-client-provisioner.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nfs-client-provisioner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "nfs-client-provisioner.provisionerName" -}} +{{- if .Values.storageClass.provisionerName -}} +{{- printf .Values.storageClass.provisionerName -}} +{{- else -}} +cluster.local/{{ template "nfs-client-provisioner.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nfs-client-provisioner.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "nfs-client-provisioner.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiVersion" -}} +{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nfs-client-provisioner/templates/clusterrole.yaml b/charts/nfs-client-provisioner/templates/clusterrole.yaml new file mode 100644 index 0000000..fa43e0d --- /dev/null +++ b/charts/nfs-client-provisioner/templates/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "nfs-client-provisioner.fullname" . }}-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "nfs-client-provisioner.fullname" . }}] +{{- end }} +{{- end }} diff --git a/charts/nfs-client-provisioner/templates/clusterrolebinding.yaml b/charts/nfs-client-provisioner/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..e04c719 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: run-{{ template "nfs-client-provisioner.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "nfs-client-provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "nfs-client-provisioner.fullname" . }}-runner + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/nfs-client-provisioner/templates/deployment.yaml b/charts/nfs-client-provisioner/templates/deployment.yaml new file mode 100644 index 0000000..57ab72c --- /dev/null +++ b/charts/nfs-client-provisioner/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nfs-client-provisioner.fullname" . }} + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.strategyType }} + selector: + matchLabels: + app: {{ template "nfs-client-provisioner.name" . }} + release: {{ .Release.Name }} + template: + metadata: + annotations: + {{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }} + scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}' + {{- end }} + labels: + app: {{ template "nfs-client-provisioner.name" . }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "nfs-client-provisioner.serviceAccountName" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: {{ template "nfs-client-provisioner.provisionerName" . }} + - name: NFS_SERVER + value: {{ .Values.nfs.server }} + - name: NFS_PATH + value: {{ .Values.nfs.path }} + {{- with .Values.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + volumes: + - name: nfs-client-root +{{- if .Values.buildMode }} + emptyDir: {} +{{- else if .Values.nfs.mountOptions }} + persistentVolumeClaim: + claimName: pvc-{{ template "nfs-client-provisioner.fullname" . }} +{{- else }} + nfs: + server: {{ .Values.nfs.server }} + path: {{ .Values.nfs.path }} +{{- end }} + {{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} diff --git a/charts/nfs-client-provisioner/templates/persistentvolume.yaml b/charts/nfs-client-provisioner/templates/persistentvolume.yaml new file mode 100644 index 0000000..62cec4b --- /dev/null +++ b/charts/nfs-client-provisioner/templates/persistentvolume.yaml @@ -0,0 +1,25 @@ +{{ if .Values.nfs.mountOptions -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-{{ template "nfs-client-provisioner.fullname" . }} + labels: + nfs-client-provisioner: {{ template "nfs-client-provisioner.fullname" . }} +spec: + capacity: + storage: 10Mi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} + storageClassName: "" + {{- if .Values.nfs.mountOptions }} + mountOptions: + {{- range .Values.nfs.mountOptions }} + - {{ . }} + {{- end }} + {{- end }} + nfs: + server: {{ .Values.nfs.server }} + path: {{ .Values.nfs.path }} +{{ end -}} diff --git a/charts/nfs-client-provisioner/templates/persistentvolumeclaim.yaml b/charts/nfs-client-provisioner/templates/persistentvolumeclaim.yaml new file mode 100644 index 0000000..1afd6b3 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/persistentvolumeclaim.yaml @@ -0,0 +1,17 @@ +{{ if .Values.nfs.mountOptions -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pvc-{{ template "nfs-client-provisioner.fullname" . }} +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + storageClassName: "" + selector: + matchLabels: + nfs-client-provisioner: {{ template "nfs-client-provisioner.fullname" . }} + resources: + requests: + storage: 10Mi +{{ end -}} diff --git a/charts/nfs-client-provisioner/templates/podsecuritypolicy.yaml b/charts/nfs-client-provisioner/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000..830fad6 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/podsecuritypolicy.yaml @@ -0,0 +1,31 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "nfs-client-provisioner.fullname" . }} + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'secret' + - 'nfs' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/nfs-client-provisioner/templates/role.yaml b/charts/nfs-client-provisioner/templates/role.yaml new file mode 100644 index 0000000..0cccdcb --- /dev/null +++ b/charts/nfs-client-provisioner/templates/role.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }} +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "nfs-client-provisioner.fullname" . }}] +{{- end }} +{{- end }} diff --git a/charts/nfs-client-provisioner/templates/rolebinding.yaml b/charts/nfs-client-provisioner/templates/rolebinding.yaml new file mode 100644 index 0000000..57c1c87 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "nfs-client-provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/nfs-client-provisioner/templates/serviceaccount.yaml b/charts/nfs-client-provisioner/templates/serviceaccount.yaml new file mode 100644 index 0000000..2940896 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "nfs-client-provisioner.serviceAccountName" . }} +{{- end -}} diff --git a/charts/nfs-client-provisioner/templates/storageclass.yaml b/charts/nfs-client-provisioner/templates/storageclass.yaml new file mode 100644 index 0000000..81953c0 --- /dev/null +++ b/charts/nfs-client-provisioner/templates/storageclass.yaml @@ -0,0 +1,26 @@ +{{ if .Values.storageClass.create -}} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + labels: + app: {{ template "nfs-client-provisioner.name" . }} + chart: {{ template "nfs-client-provisioner.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ .Values.storageClass.name }} +{{- if .Values.storageClass.defaultClass }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: {{ template "nfs-client-provisioner.provisionerName" . }} +allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} +reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} +parameters: + archiveOnDelete: "{{ .Values.storageClass.archiveOnDelete }}" +{{- if .Values.nfs.mountOptions }} +mountOptions: + {{- range .Values.nfs.mountOptions }} + - {{ . }} + {{- end }} +{{- end }} +{{ end -}} diff --git a/charts/nfs-client-provisioner/values.yaml b/charts/nfs-client-provisioner/values.yaml new file mode 100644 index 0000000..db9c64d --- /dev/null +++ b/charts/nfs-client-provisioner/values.yaml @@ -0,0 +1,75 @@ +# Default values for nfs-client-provisioner. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 +strategyType: Recreate + +image: + repository: quay.io/external_storage/nfs-client-provisioner + tag: v3.1.0-k8s1.11 + pullPolicy: IfNotPresent + +nfs: + server: nfs.myserver.com + path: /ifs/kubernetes + mountOptions: {} + +# For creating the StorageClass automatically: +storageClass: + create: true + + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: + + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + +## For RBAC support: +rbac: + # Specifies whether RBAC resources should be created + create: true + +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}