Helm Chart Options#
Following options are available in the Helm Chart for Multi Tenant Operator:
platform: Kubernetes
# bypassedGroups are the comma-separated names of Groups which are bypassed in Namespace and Rolebinding webhooks
bypassedGroups: "system:cluster-admins,system:masters"
replicaCount: 1
operator:
image:
repository: ghcr.io/stakater/public/tenant-operator
tag: v0.12.64
pullPolicy: IfNotPresent
serviceAccount:
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "controller-manager"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
watchNamespaces: []
# Webhook Configuration
webhook:
enabled: true
certificates:
create: true
deployment:
annotations:
# reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 443
podSecurityContext:
runAsNonRoot: true
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources:
limits:
cpu: 100m
memory: 2Gi
requests:
cpu: 10m
memory: 200Mi
nodeSelector: {}
tolerations: []
affinity: {}
integrationConfig:
# create: false
accessControl:
privileged:
namespaces:
- ^default$
- ^openshift-.*
- ^stakater-.*
- ^kube-.*
- ^redhat-.*
- ^hive-.*
serviceAccounts:
- ^system:serviceaccount:openshift-.*
- ^system:serviceaccount:stakater-.*
- ^system:serviceaccount:kube-.*
- ^system:serviceaccount:redhat-.*
- ^system:serviceaccount:hive-.*
groups:
# - saap-cluster-admins
components:
console: false
showback: false
userRoles:
create: true
# Extend tenant cluster manager role
managerRoleExtendedRules:
{}
# - apiGroups:
# - user.openshift.io
# resources:
# - groups
# verbs:
# - create
# - delete
# - get
# - list
# - patch
# - update
# - watch