benjaminapetersen · December 4, 2024 20:53
diff --git a/gistfile1.txt b/gistfile1.txt
 # Default values for secrets-store-sync-controller.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 controllerName: secrets-store-sync-controller-manager

 tokenRequestAudience:
  - audience: api://AzureADTokenExchange  # e.g. api://TokenAudienceExample

 logVerbosity: 5 

 validatingAdmissionPolicies:
  applyPolicies: true
  kubernetesReleaseVersion: "1.30.5"
  allowedSecretTypes:
    - "Opaque"
    - "kubernetes.io/basic-auth"
    - "bootstrap.kubernetes.io/token"
    - "kubernetes.io/dockerconfigjson"
    - "kubernetes.io/dockercfg"
    - "kubernetes.io/ssh-auth"
    - "kubernetes.io/tls"

  deniedSecretTypes:
    - "kubernetes.io/service-account-token"

 image:
  repository: registry.k8s.io/secrets-store-sync/controller # e.g. my-registry.example.com/my-repo
  pullPolicy: IfNotPresent
  tag: v0.0.1

 securityContext:
  # Default values, can be overridden or extended
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL

 resources:
  limits:
    cpu: 500m
    memory: 128Mi
  requests:
    cpu: 10m
    memory: 64Mi

 podAnnotations:
  kubectl.kubernetes.io/default-container: manager

 podLabels:
  control-plane: controller-manager
  secrets-store.io/system: "true"
  app: secrets-store-sync-controller

 nodeSelector:

 tolerations: 
 - operator: Exists

 affinity:

 metricsPort: 8085

 providerContainer:
  - name: provider-azure-installer
    image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.6.0
    imagePullPolicy: IfNotPresent
    args:
      - --endpoint=unix:///provider/azure.sock
      - --construct-pem-chain=true
      - --healthz-port=8989
      - --healthz-path=/healthz
      - --healthz-timeout=5s
    livenessProbe:
      httpGet:
        path: /healthz
        port: 8989
      failureThreshold: 3
      initialDelaySeconds: 5
      timeoutSeconds: 10
      periodSeconds: 30
    resources:
      requests:
        cpu: 50m
        memory: 100Mi
      limits:
        cpu: 50m
        memory: 100Mi
    ports:
      - containerPort: 8898
        name: metrics
        protocol: TCP
    securityContext:
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: true
      runAsUser: 0
      capabilities:
        drop:
          - ALL
    volumeMounts:
      - mountPath: "/provider"
        name: providervol
	# Default values for secrets-store-sync-controller.
	# This is a YAML-formatted file.
	# Declare variables to be passed into your templates.
	controllerName: secrets-store-sync-controller-manager

	tokenRequestAudience:
	- audience: api://AzureADTokenExchange # e.g. api://TokenAudienceExample

	logVerbosity: 5

	validatingAdmissionPolicies:
	applyPolicies: true
	kubernetesReleaseVersion: "1.30.5"
	allowedSecretTypes:
	- "Opaque"
	- "kubernetes.io/basic-auth"
	- "bootstrap.kubernetes.io/token"
	- "kubernetes.io/dockerconfigjson"
	- "kubernetes.io/dockercfg"
	- "kubernetes.io/ssh-auth"
	- "kubernetes.io/tls"

	deniedSecretTypes:
	- "kubernetes.io/service-account-token"

	image:
	repository: registry.k8s.io/secrets-store-sync/controller # e.g. my-registry.example.com/my-repo
	pullPolicy: IfNotPresent
	tag: v0.0.1

	securityContext:
	# Default values, can be overridden or extended
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL

	resources:
	limits:
	cpu: 500m
	memory: 128Mi
	requests:
	cpu: 10m
	memory: 64Mi

	podAnnotations:
	kubectl.kubernetes.io/default-container: manager

	podLabels:
	control-plane: controller-manager
	secrets-store.io/system: "true"
	app: secrets-store-sync-controller

	nodeSelector:

	tolerations:
	- operator: Exists

	affinity:

	metricsPort: 8085

	providerContainer:
	- name: provider-azure-installer
	image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.6.0
	imagePullPolicy: IfNotPresent
	args:
	- --endpoint=unix:///provider/azure.sock
	- --construct-pem-chain=true
	- --healthz-port=8989
	- --healthz-path=/healthz
	- --healthz-timeout=5s
	livenessProbe:
	httpGet:
	path: /healthz
	port: 8989
	failureThreshold: 3
	initialDelaySeconds: 5
	timeoutSeconds: 10
	periodSeconds: 30
	resources:
	requests:
	cpu: 50m
	memory: 100Mi
	limits:
	cpu: 50m
	memory: 100Mi
	ports:
	- containerPort: 8898
	name: metrics
	protocol: TCP
	securityContext:
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	runAsUser: 0
	capabilities:
	drop:
	- ALL
	volumeMounts:
	- mountPath: "/provider"
	name: providervol