Venafi Kubernetes Agent Helm values¶

metrics.enabled¶

true

Enable the metrics server. If false, the metrics server will be disabled and the other metrics fields below will be ignored.

metrics.podmonitor.enabled¶

false

Create a PodMonitor to add the metrics to Prometheus, if you are using Prometheus Operator.
See the Prometheus documentation

metrics.podmonitor.namespace¶

The namespace that the pod monitor should live in. Defaults to the venafi-kubernetes-agent namespace.

metrics.podmonitor.prometheusInstance¶

default

Specifies the prometheus label on the created PodMonitor. This is used when different Prometheus instances have label selectors matching different PodMonitors.

metrics.podmonitor.interval¶

60s

-- The interval to scrape metrics.

metrics.podmonitor.scrapeTimeout¶

30s

The timeout before a metrics scrape fails.

metrics.podmonitor.labels¶

{}

Additional labels to add to the PodMonitor.

metrics.podmonitor.annotations¶

{}

Additional annotations to add to the PodMonitor.

metrics.podmonitor.honorLabels¶

false

Keep labels from scraped data, overriding server-side labels.

metrics.podmonitor.endpointAdditionalProperties¶

{}

EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc.

For example:

endpointAdditionalProperties:
 relabelings:
 - action: replace
   sourceLabels:
   - __meta_kubernetes_pod_node_name
   targetLabel: instance

replicaCount¶

1

Default replicas. Do not scale up.

image.repository¶

registry.venafi.cloud/venafi-agent/venafi-agent

Defaults to Open Source image repository.

image.pullPolicy¶

IfNotPresent

Defaults - only pull if not already present.

image.tag¶

v0.1.48

Overrides the image tag whose default is the chart appVersion.

imagePullSecrets¶

[]

Specify image pull credentials if you are using a private registry
For example: - name: my-pull-secret

nameOverride¶

""

Helm default setting to override release name. Usually left blank.

fullnameOverride¶

""

Helm default setting. Use this to shorten the full install name.

serviceAccount.create¶

true

Specifies whether a service account should be created or not.

serviceAccount.annotations¶

{}

Annotations YAML to add to the service account.

serviceAccount.name¶

""

The name of the service account to use. If blank and serviceAccount.create is true, a name is generated using the fullname template of the release.

podAnnotations¶

{}

Additional YAML annotations to add the the pod.

podSecurityContext¶

{}

Optional Pod (all containers) SecurityContext options. For more information, see Set the security contect for a pod.

http_proxy¶

Configures the HTTP_PROXY environment variable where a HTTP proxy is required.

https_proxy¶

Configures the HTTPS_PROXY environment variable where a HTTP proxy is required.

no_proxy¶

Configures the NO_PROXY environment variable where a HTTP proxy is required, but certain domains should be excluded.

securityContext.capabilities.drop[0]¶

ALL

securityContext.readOnlyRootFilesystem¶

true

securityContext.runAsNonRoot¶

true

securityContext.runAsUser¶

1000

resources.requests.memory¶

200Mi

resources.requests.cpu¶

200m

resources.limits.memory¶

500Mi

nodeSelector¶

{}

Embed YAML for nodeSelector settings. For more information, see Assign Pods to Nodes.

tolerations¶

[]

Embed YAML for toleration settings. For more information, see Taints and Tolerations.

affinity¶

{}

Embed YAML for Node affinity settings. For more information, see Assign Pods to Nodes using Node Affinity.

command¶

[]

Specify the command to run overriding the default binary.

extraArgs¶

[]

Specify additional arguments to pass to the agent binary.
For example ["--strict", "--oneshot"].

volumes¶

[]

Additional volumes to add to the Venafi Kubernetes Agent container. This is
useful for mounting a custom CA bundle. For example:

volumes:
  - name: cabundle
    configMap:
      name: cabundle
      optional: false
      defaultMode: 0644

In order to create the ConfigMap, you can use the following command:

kubectl create configmap cabundle \  
    --from-file=cabundle=./your/custom/ca/bundle.pem

volumeMounts¶

[]

Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For example:

volumeMounts:
  - name: cabundle
    mountPath: /etc/ssl/certs/cabundle
    subPath: cabundle
    readOnly: true

authentication.secretName¶

agent-credentials

The name of the secret containing the private key.

authentication.secretKey¶

privatekey.pem

The key name in the referenced secret.

config.server¶

https://api.venafi.cloud/

Overrides the server if you are using a proxy in your environment
For the EU variant use: https://api.venafi.eu/.

config.clientId¶

""

The client-id returned from the Venafi Control Plane.

config.period¶

0h1m0s

Send data back to the platform every minute unless changed.

config.clusterName¶

""

The name for the cluster resource if it needs to be created in Venafi Control Plane.

config.clusterDescription¶

""

The description for the cluster resource if it needs to be created in Venafi Control Plane.

config.configmap.name¶

null

config.configmap.key¶

null

podDisruptionBudget.enabled¶

false

Enable or disable the PodDisruptionBudget resource, which helps prevent downtime during voluntary disruptions such as during a Node upgrade.