fleet/tools/ci/helm-values/enable-cloudsql-proxy.yaml
2021-06-06 19:26:35 -07:00

142 lines
3.9 KiB
YAML

## Section: Kubernetes
# All settings related to how Fleet is deployed in Kubernetes
hostName: fleet.localhost
replicas: 3 # The number of Fleet instances to deploy
imageTag: 3.6.0 # Version of Fleet to deploy
createIngress: true # Whether or not to automatically create an Ingress
ingressAnnotations: {} # Additional annotation to add to the Ingress
podAnnotations: {} # Additional annotations to add to the Fleet pod
serviceAccountAnnotations: {} # Additional annotations to add to the Fleet service account
resources:
limits:
cpu: 1 # 1GHz
memory: 1Gi
requests:
cpu: 0.1 # 100Mhz
memory: 50Mi
## Section: Fleet
# All of the settings relating to configuring the Fleet server
fleet:
listenPort: 8080
# Name of the Secret resource storing TLS and S3 bucket secrets
secretName: fleet
# Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
# WARNING: This may cause database corruption if more than one migration is attempted at a time
autoApplySQLMigrations: false
tls:
enabled: true
compatibility: modern
certSecretKey: server.cert
keySecretKey: server.key
auth:
bcryptCost: 12
saltKeySize: 24
app:
tokenKeySize: 24
inviteTokenValidityPeriod: 120h # 5 days
session:
keySize: 64
duration: 2160h # 90 days
logging:
debug: false
json: false
disableBanner: false
carving:
s3:
bucketName: ""
prefix: ""
accessKeyID: ""
secretKey: s3-bucket
stsAssumeRoleARN: ""
## Section: osquery
# All of the settings related to osquery's interactions with the Fleet server
osquery:
# Name of the secret resource containing optional secrets for AWS credentials
secretName: osquery
nodeKeySize: 24
labelUpdateInterval: 30m
detailUpdateInterval: 30m
# To change where Fleet store the logs sent from osquery, set the values below
logging:
statusPlugin: filesystem
resultPlugin: filesystem
# To congigure the filesystem logger, change the values below
filesystem:
statusLogFile: /tmp/osquery_status
resultLogFile: /tmp/osquery_result
enableRotation: "false"
enableCompression: "false"
# To configure the AWS Firehose logger, change the values below
firehose:
region: ""
accessKeyID: ""
secretKey: firehose
stsAssumeRoleARN: ""
statusStream: ""
resultStream: ""
# To configure the AWS Kinesis logger, change the values below
kinesis:
region: ""
accessKeyID: ""
secretKey: kinesis
stsAssumeRoleARN: ""
statusStream: ""
resultStream: ""
# To configure the GCP PubSub logger, change the values below
pubsub:
project: ""
statusTopic: ""
resultTopic: ""
## Section: MySQL
# All of the connection settings for MySQL
mysql:
# Name of the Secret resource containing MySQL password and TLS secrets
secretName: mysql
address: 127.0.0.1:3306
database: fleet
username: fleet
passwordKey: mysql-password
maxOpenConns: 50
maxIdleConns: 50
connMaxLifetime: 0
tls:
enabled: false
caCertKey: ca.cert
certKey: client.cert
keyKey: client.key
config: ""
serverName: ""
## Section: Redis
# All of the connection settings for Redis
redis:
address: 127.0.0.1:6379
database: "0"
usePassword: false
secretName: redis
passwordKey: redis-password
## Section: GKE
# Settings that make running on Google Kubernetes Engine easier
gke:
# The CloudSQL Proxy runs as a container in the Fleet Pod that proxies connections to a Cloud SQL instance
cloudSQL:
enableProxy: true
imageTag: 1.17-alpine
verbose: true
instanceName: "project:instance:region"
# The GKE Ingress requires a few changes that other ingress controllers don't
ingress:
useGKEIngress: false
useManagedCertificate: false
# Workload Identity allows the K8s service account to assume the IAM permissions of a GCP service account
workloadIdentityEmail: ""