-
Notifications
You must be signed in to change notification settings - Fork 134
Expand file tree
/
Copy pathvalues.yaml
More file actions
146 lines (130 loc) · 6.27 KB
/
Copy pathvalues.yaml
File metadata and controls
146 lines (130 loc) · 6.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
## =============================================================================
## NICo Bare Metal Manager — Umbrella Helm Chart
## =============================================================================
## This chart deploys all services for the NICo (NVIDIA Bare Metal Manager)
## platform. See README.md for full documentation and PREREQUISITES.md for
## required infrastructure setup.
##
## IMPORTANT: You MUST set global.image.repository and global.image.tag before
## installing. They default to empty strings and the chart will not render
## valid manifests without them.
##
## Top-level `global:` values are automatically passed to ALL sub-charts.
## Per-subchart overrides go under <chart-name>: key.
## Each sub-chart can be disabled via <chart-name>.enabled: false.
## =============================================================================
## ---------------------------------------------------------------------------
## Global settings (shared by all sub-charts)
## ---------------------------------------------------------------------------
global:
## Container image for NICo core services (REQUIRED -- must be set by user)
## Services that share this image: nico-api, nico-dhcp, nico-dns,
## nico-dsx-exchange-consumer, nico-hardware-health, nico-pxe,
## nico-ssh-console-rs.
## NOTE: unbound uses its own image settings.
image:
repository: ""
tag: ""
pullPolicy: IfNotPresent
## Image pull secrets shared by all sub-charts that use global.imagePullSecrets
imagePullSecrets: []
## cert-manager Certificate configuration (shared defaults for all services)
certificate:
duration: 720h0m0s
renewBefore: 360h0m0s
privateKey:
algorithm: ECDSA
size: 384
issuerRef:
kind: ClusterIssuer
name: vault-nico-issuer
group: cert-manager.io
## SPIFFE trust domain for mTLS between services
spiffe:
trustDomain: nico.local
## Common labels applied to all resources
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: site-controller
## ---------------------------------------------------------------------------
## nico-api — Core API server (gRPC + REST)
## Manages machines, provisioning, networking, firmware updates, and web UI.
## Requires PostgreSQL and Vault.
## ---------------------------------------------------------------------------
nico-api:
enabled: true
## ---------------------------------------------------------------------------
## nico-bmc-proxy — Standalone BMC proxy
## Provides an authenticated HTTP proxy to each BMC known by nico
## ---------------------------------------------------------------------------
nico-bmc-proxy:
enabled: false
## ---------------------------------------------------------------------------
## nico-dhcp — DHCP server (Kea-based)
## Provides DHCP for PXE boot and bare metal network assignment.
## ---------------------------------------------------------------------------
nico-dhcp:
enabled: true
## ---------------------------------------------------------------------------
## nico-dns — Authoritative DNS server
## Serves DNS records for managed machines and VPCs.
## ---------------------------------------------------------------------------
nico-dns:
enabled: true
## ---------------------------------------------------------------------------
## nico-dsx-exchange-consumer — DSX Exchange message consumer
## Consumes DSX exchange messages for machine telemetry and state updates.
## ---------------------------------------------------------------------------
nico-dsx-exchange-consumer:
enabled: true
## ---------------------------------------------------------------------------
## nico-flow — Flow (formerly RLA) rack lifecycle orchestrator
## Flow ships as a STANDALONE Helm release in its own namespace; it is not
## installed by `helm install nico ./helm`. The dependency is declared so the
## chart lives at helm/charts/nico-flow (Helm convention), but the condition
## keeps the umbrella from auto-rendering it. Deploy with:
## helm install flow ./helm/charts/nico-flow -n flow ...
## (helm-prereqs/setup.sh phase 7i does this for you.)
## ---------------------------------------------------------------------------
nico-flow:
enabled: false
## ---------------------------------------------------------------------------
## nico-hardware-health — Hardware health collector
## Collects and reports hardware health metrics from managed machines.
## ---------------------------------------------------------------------------
nico-hardware-health:
enabled: true
## ---------------------------------------------------------------------------
## nico-ntp — chrony NTP servers
## 3-replica StatefulSet that DPUs and bare-metal hosts sync against
## (advertised via nico-dhcp.config.kea.hookParameters.ntpServer). DPU
## pre-ingestion requires synced clocks, so this is enabled by default.
## Disable only when the provisioning network already has a reachable
## upstream NTP source.
## ---------------------------------------------------------------------------
nico-ntp:
enabled: true
## ---------------------------------------------------------------------------
## nico-pxe — PXE boot server
## HTTP-based PXE server for OS provisioning workflows.
## ---------------------------------------------------------------------------
nico-pxe:
enabled: true
## ---------------------------------------------------------------------------
## nico-ssh-console-rs — SSH console proxy
## Provides remote SSH access to managed machine BMCs and consoles.
## NOTE: This chart reads .Values.imagePullSecrets (not global).
## ---------------------------------------------------------------------------
nico-ssh-console-rs:
enabled: true
## ---------------------------------------------------------------------------
## unbound — Recursive DNS resolver (disabled by default)
## Provides layered DNS: forwards internal queries (*.nico.local) to
## nico-dns and external queries to upstream resolvers.
## Enable if your environment does not already provide a recursive resolver
## with the required forwarding rules for NICo internal domains.
## NOTE: Uses its own image / exporterImage (not global.image).
## Reads .Values.imagePullSecrets (not global) for pull secrets.
## ---------------------------------------------------------------------------
unbound:
enabled: false