Venafi Kubernetes Agent Helm values
metrics.enabled
Property | metrics.enabled |
Type | bool |
Default | |
Enable the metrics server. If false, the metrics server will be disabled and the other metrics fields below will be ignored.
metrics.podmonitor.enabled
Property | metrics.podmonitor.enabled |
Type | bool |
Default | |
Create a PodMonitor to add the metrics to Prometheus, if you are using Prometheus Operator.
See the Prometheus documentation
metrics.podmonitor.namespace
Property | metrics.podmonitor.namespace |
Type | string |
Default | |
The namespace that the pod monitor should live in. Defaults to the venafi-kubernetes-agent namespace.
metrics.podmonitor.prometheusInstance
Property | metrics.podmonitor.prometheusInstance |
Type | string |
Default | |
Specifies the prometheus
label on the created PodMonitor. This is used when different Prometheus instances have label selectors matching different PodMonitors.
metrics.podmonitor.interval
Property | metrics.podmonitor.interval |
Type | string |
Default | |
-- The interval to scrape metrics.
metrics.podmonitor.scrapeTimeout
Property | metrics.podmonitor.scrapeTimeout |
Type | string |
Default | |
The timeout before a metrics scrape fails.
metrics.podmonitor.labels
Property | metrics.podmonitor.labels |
Type | object |
Default | |
Additional labels to add to the PodMonitor.
metrics.podmonitor.annotations
Property | metrics.podmonitor.annotations |
Type | object |
Default | |
Additional annotations to add to the PodMonitor.
metrics.podmonitor.honorLabels
Property | metrics.podmonitor.honorLabels |
Type | bool |
Default | |
Keep labels from scraped data, overriding server-side labels.
metrics.podmonitor.endpointAdditionalProperties
Property | metrics.podmonitor.endpointAdditionalProperties |
Type | object |
Default | |
EndpointAdditionalProperties
allows setting additional properties on the endpoint such as relabelings, metricRelabelings
etc.
For example:
endpointAdditionalProperties:
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
replicaCount
Property | replicaCount |
Type | number |
Default | |
Default replicas. Do not scale up.
image.repository
Property | image.repository |
Type | string |
Default | registry.venafi.cloud/venafi-agent/venafi-agent
|
Defaults to Open Source image repository.
image.pullPolicy
Property | image.pullPolicy |
Type | string |
Default | |
Defaults - only pull if not already present.
image.tag
Property | image.tag |
Type | string |
Default | |
Overrides the image tag whose default is the chart appVersion.
imagePullSecrets
Property | imagePullSecrets |
Type | array |
Default | |
Specify image pull credentials if you are using a private registry
For example: - name: my-pull-secret
nameOverride
Property | nameOverride |
Type | string |
Default | |
Helm default setting to override release name. Usually left blank.
fullnameOverride
Property | fullnameOverride |
Type | string |
Default | |
Helm default setting. Use this to shorten the full install name.
serviceAccount.create
Property | serviceAccount.create |
Type | bool |
Default | |
Specifies whether a service account should be created or not.
serviceAccount.annotations
Property | serviceAccount.annotations |
Type | object |
Default | |
Annotations YAML to add to the service account.
serviceAccount.name
Property | serviceAccount.name |
Type | string |
Default | |
The name of the service account to use. If blank and serviceAccount.create
is true, a name is generated using the fullname template of the release.
podAnnotations
Property | podAnnotations |
Type | object |
Default | |
Additional YAML annotations to add the the pod.
podSecurityContext
Property | podSecurityContext |
Type | object |
Default | |
Optional Pod (all containers) SecurityContext
options. For more information, see Set the security contect for a pod.
http_proxy
Property | http_proxy |
Type | string |
Default | |
Configures the HTTP_PROXY environment variable where a HTTP proxy is required.
https_proxy
Property | https_proxy |
Type | string |
Default | |
Configures the HTTPS_PROXY environment variable where a HTTP proxy is required.
no_proxy
Property | no_proxy |
Type | string |
Default | |
Configures the NO_PROXY environment variable where a HTTP proxy is required, but certain domains should be excluded.
securityContext.capabilities.drop[0]
Property | securityContext.capabilities.drop[0] |
Type | string |
Default | |
securityContext.readOnlyRootFilesystem
Property | securityContext.readOnlyRootFilesystem |
Type | bool |
Default | |
securityContext.runAsNonRoot
Property | securityContext.runAsNonRoot |
Type | bool |
Default | |
securityContext.runAsUser
Property | securityContext.runAsUser |
Type | number |
Default | |
resources.requests.memory
Property | resources.requests.memory |
Type | string |
Default | |
resources.requests.cpu
Property | resources.requests.cpu |
Type | string |
Default | |
resources.limits.memory
Property | resources.limits.memory |
Type | string |
Default | |
nodeSelector
Property | nodeSelector |
Type | object |
Default | |
Embed YAML for nodeSelector settings. For more information, see Assign Pods to Nodes.
tolerations
Property | tolerations |
Type | array |
Default | |
Embed YAML for toleration settings. For more information, see Taints and Tolerations.
affinity
Property | affinity |
Type | object |
Default | |
Embed YAML for Node affinity settings. For more information, see Assign Pods to Nodes using Node Affinity.
command
Property | command |
Type | array |
Default | |
Specify the command to run overriding the default binary.
Property | extraArgs |
Type | array |
Default | |
Specify additional arguments to pass to the agent binary.
For example ["--strict", "--oneshot"]
.
volumes
Property | volumes |
Type | array |
Default | |
Additional volumes to add to the Venafi Kubernetes Agent container. This is
useful for mounting a custom CA bundle. For example:
volumes:
- name: cabundle
configMap:
name: cabundle
optional: false
defaultMode: 0644
In order to create the ConfigMap, you can use the following command:
kubectl create configmap cabundle \
--from-file=cabundle=./your/custom/ca/bundle.pem
volumeMounts
Property | volumeMounts |
Type | array |
Default | |
Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For example:
volumeMounts:
- name: cabundle
mountPath: /etc/ssl/certs/cabundle
subPath: cabundle
readOnly: true
authentication.secretName
Property | authentication.secretName |
Type | string |
Default | |
The name of the secret containing the private key.
authentication.secretKey
Property | authentication.secretKey |
Type | string |
Default | |
The key name in the referenced secret.
config.server
Property | config.server |
Type | string |
Default | https://api.venafi.cloud/
|
Overrides the server if you are using a proxy in your environment
For the EU variant use: https://api.venafi.eu/
.
config.clientId
Property | config.clientId |
Type | string |
Default | |
The client-id returned from the Venafi Control Plane.
config.period
Property | config.period |
Type | string |
Default | |
Send data back to the platform every minute unless changed.
config.clusterName
Property | config.clusterName |
Type | string |
Default | |
The name for the cluster resource if it needs to be created in Venafi Control Plane.
config.clusterDescription
Property | config.clusterDescription |
Type | string |
Default | |
The description for the cluster resource if it needs to be created in Venafi Control Plane.
config.configmap.name
Property | config.configmap.name |
Type | unknown |
Default | |
config.configmap.key
Property | config.configmap.key |
Type | unknown |
Default | |
podDisruptionBudget.enabled
Property | podDisruptionBudget.enabled |
Type | bool |
Default | |
Enable or disable the PodDisruptionBudget resource, which helps prevent downtime during voluntary disruptions such as during a Node upgrade.