A timoni.sh module for deploying flipt to Kubernetes clusters.
To create an instance using the default values:
timoni -n default apply flipt oci://ghcr.io/flipt-io/timoni-fliptTo change the default configuration,
create one or more values.cue files and apply them to the instance.
For example, create a file my-values.cue with the following content:
values: {
resources: requests: {
cpu: "100m"
memory: "128Mi"
}
}And apply the values with:
timoni -n default apply flipt oci://ghcr.io/flipt-io/timoni-flipt \
--values ./my-values.cueTo uninstall an instance and delete all its Kubernetes resources:
timoni -n default delete fliptFlipt itself is configured via a YAML configration file (with support for environment variable overrides).
This file is rendered directly from the field values.flipt in this Timoni module.
Checkout the CUE schema in this repository for Flipts full set of configurations.
values: {
flipt: {
log: level: "DEBUG"
authentication: required: true
authentication: methods: token: enabled: true
}
}| Key | Type | Default | Description |
|---|---|---|---|
image: tag: |
string |
<latest version> |
Container image tag |
image: digest: |
string |
<latest digest> |
Container image digest, takes precedence over tag when specified |
image: repository: |
string |
cgr.dev/chainguard/nginx |
Container image repository |
image: pullPolicy: |
string |
IfNotPresent |
Kubernetes image pull policy |
metadata: labels: |
{[ string]: string} |
{} |
Common labels for all resources |
metadata: annotations: |
{[ string]: string} |
{} |
Common annotations for all resources |
podAnnotations: |
{[ string]: string} |
{} |
Annotations applied to pods |
imagePullSecrets: |
[...timoniv1.ObjectReference] |
[] |
Kubernetes image pull secrets |
tolerations: |
[ ...corev1.#Toleration] |
[] |
Kubernetes toleration |
affinity: |
corev1.#Affinity |
{} |
Kubernetes affinity and anti-affinity |
resources: |
timoniv1.#ResourceRequirements |
{} |
Kubernetes resource requests and limits |
topologySpreadConstraints: |
[...corev1.#TopologySpreadConstraint] |
[] |
Kubernetes pod topology spread constraints |
podSecurityContext: |
corev1.#PodSecurityContext |
{} |
Kubernetes pod security context |
securityContext: |
corev1.#SecurityContext |
{} |
Kubernetes container security context |
service: annotations: |
{[ string]: string} |
{} |
Annotations applied to the Kubernetes Service |
service: port: |
int |
80 |
Kubernetes Service HTTP port |
test: enabled: |
bool |
false |
Run end-to-end tests at install and upgrades |
Comply with the restricted Kubernetes pod security standard:
values: {
podSecurityContext: {
runAsUser: 65532
runAsGroup: 65532
fsGroup: 65532
}
securityContext: {
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
capabilities: drop: ["ALL"]
seccompProfile: type: "RuntimeDefault"
}
}