values.yaml Description
Chart Version: 0.1.0
Key | Type | Default | Description |
---|---|---|---|
autoscaling.enabled |
bool |
|
Enables autoscaling. When set to |
autoscaling.maxReplicas |
int |
|
Sets maximum replicas for autoscaling. |
autoscaling.metrics |
list |
|
Metrics to use for autoscaling |
autoscaling.minReplicas |
int |
|
Sets minimum replicas for autoscaling. |
cache.nodes |
list |
|
Nodes of the cache to use. |
cache.type |
string |
|
Type of the cache to use. To disable the cache, set to "noop". Can be set to "redis", then the address of Redis nodes needs to be set to |
configRefs.storageUsersConfigRef |
string |
|
Reference to an existing storage-users config. |
debug.profiling |
bool |
|
Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals. You can use the endpoint on your machine by forwarding the port, eg: |
deploymentStrategy |
object |
|
Deployment strategy. |
externalDomain |
string |
|
Domain where oCIS is reachable for the outside world |
extraLabels |
object |
|
Custom labels for all manifests |
extraResources |
list |
|
Extra resources to be included. |
features.appsIntegration.enabled |
bool |
|
Enables the apps integration. |
features.appsIntegration.mimetypes |
list |
default configuration of oCIS, see doc.owncloud.com |
Mimetype configuration. Let’s you configure a mimetypes' default application, if it is allowed to create a new file and more. |
features.appsIntegration.wopiIntegration.officeSuites[0].enabled |
bool |
|
Enables the office suite. |
features.appsIntegration.wopiIntegration.officeSuites[0].iconURI |
string |
|
URI for the icon of the office suite. Will be displayed to the users. |
features.appsIntegration.wopiIntegration.officeSuites[0].insecure |
bool |
|
Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations. |
features.appsIntegration.wopiIntegration.officeSuites[0].name |
string |
|
Name of the office suite. Will be displayed to the users. |
features.appsIntegration.wopiIntegration.officeSuites[0].uri |
string |
|
URI of the office suite. |
features.appsIntegration.wopiIntegration.officeSuites[1].enabled |
bool |
|
Enables the office suite. |
features.appsIntegration.wopiIntegration.officeSuites[1].iconURI |
string |
|
URI for the icon of the office suite. Will be displayed to the users. |
features.appsIntegration.wopiIntegration.officeSuites[1].insecure |
bool |
|
Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations. |
features.appsIntegration.wopiIntegration.officeSuites[1].name |
string |
|
Name of the office suite. Will be displayed to the users. |
features.appsIntegration.wopiIntegration.officeSuites[1].uri |
string |
|
URI of the office suite. |
features.appsIntegration.wopiIntegration.wopiServerURI |
string |
|
URL of the cs3org/wopiserver. Can be deployed with this Chart. |
features.basicAuthentication |
bool |
|
Enable basic authentication. Not recommended for production installations. |
features.demoUsers |
bool |
|
Create demo users on the first startup. Not recommended for production installations. |
features.emailNotifications.enabled |
bool |
|
Enables email notifications. This features needs the secret from notificationsSmtpSecretRef present. |
features.emailNotifications.smtp.authentication |
string |
|
Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’ |
features.emailNotifications.smtp.encryption |
string |
|
Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’. |
features.emailNotifications.smtp.host |
string |
|
SMTP host to connect to. |
features.emailNotifications.smtp.port |
string |
|
Port of the SMTP host to connect to. |
features.emailNotifications.smtp.sender |
string |
|
Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>' |
features.externalUserManagement.adminUUID |
string |
|
UUID of the inital admin user. If the given value matches a user’s value from |
features.externalUserManagement.enabled |
bool |
|
Enables external user management (and disables internal user management). Needs an external OpenID Connect Identity Provider and an external LDAP server. |
features.externalUserManagement.ldap.bindDN |
string |
|
DN of the user to use to bind to the LDAP server. The password for the user needs to be set in the secret referenced by |
features.externalUserManagement.ldap.certTrusted |
bool |
|
Set only to false, if the certificate of your LDAP secure service is not trusted. If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" |
features.externalUserManagement.ldap.group.baseDN |
string |
|
Search base DN for looking up LDAP groups. |
features.externalUserManagement.ldap.group.filter |
string |
|
LDAP filter to add to the default filters for group searches. |
features.externalUserManagement.ldap.group.objectClass |
string |
|
The object class to use for groups in the default group search filter like |
features.externalUserManagement.ldap.group.schema.displayName |
string |
|
LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). |
features.externalUserManagement.ldap.group.schema.groupName |
string |
|
LDAP Attribute to use for the name of groups. |
features.externalUserManagement.ldap.group.schema.id |
string |
|
LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID. |
features.externalUserManagement.ldap.group.schema.idIsOctetString |
bool |
|
Set this to true if the defined |
features.externalUserManagement.ldap.group.schema.mail |
string |
|
LDAP Attribute to use for the email address of groups (can be empty). |
features.externalUserManagement.ldap.group.schema.member |
string |
|
LDAP Attribute that is used for group members. |
features.externalUserManagement.ldap.group.scope |
string |
|
LDAP search scope to use when looking up groups. Supported values are |
features.externalUserManagement.ldap.insecure |
bool |
|
For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" Not recommended for production installations. |
features.externalUserManagement.ldap.uri |
string |
|
URI to connect to the LDAP secure server. |
features.externalUserManagement.ldap.user.baseDN |
string |
|
Search base DN for looking up LDAP users. |
features.externalUserManagement.ldap.user.filter |
string |
|
LDAP filter to add to the default filters for user search like |
features.externalUserManagement.ldap.user.objectClass |
string |
|
The object class to use for users in the default user search filter like |
features.externalUserManagement.ldap.user.schema.displayName |
string |
|
LDAP Attribute to use for the displayname of users. |
features.externalUserManagement.ldap.user.schema.id |
string |
|
LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID. |
features.externalUserManagement.ldap.user.schema.idIsOctetString |
bool |
|
Set this to true if the defined |
features.externalUserManagement.ldap.user.schema.mail |
string |
|
LDAP Attribute to use for the email address of users. |
features.externalUserManagement.ldap.user.schema.userName |
string |
|
LDAP Attribute to use for username of users. |
features.externalUserManagement.ldap.user.scope |
string |
|
LDAP search scope to use when looking up users. Supported values are |
features.externalUserManagement.ldap.user.substringFilterType |
string |
|
Type of substring search filter to use for substring searches for users. Possible values: |
features.externalUserManagement.oidc.issuerURI |
string |
|
Issuer URI of the OpenID Connect Identity Provider. If the IDP doesn’t have valid / trusted SSL certificates, certificate validation can be disabled with the |
features.externalUserManagement.oidc.userIDClaim |
string |
|
Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server. |
features.externalUserManagement.oidc.userIDClaimAttributeMapping |
string |
|
Attribute mapping of for the userIDClaim. Set to |
image.pullPolicy |
string |
|
Image pull policy |
image.repository |
string |
|
Image repository |
image.sha |
string |
|
Image sha / digest (optional). |
image.tag |
string |
|
Image tag. Defaults to the chart’s appVersion. |
ingress.annotations |
object |
|
Ingress annotations. |
ingress.enabled |
bool |
|
Enables the Ingress. |
ingress.ingressClassName |
string |
|
Ingress class to use. Uses the default ingress class if not set. |
ingress.labels |
object |
|
Labels for the ingress. |
ingress.tls |
list |
|
Ingress TLS configuration. |
insecure.ocisHttpApiInsecure |
bool |
|
Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations. |
insecure.oidcIdpInsecure |
bool |
|
Disables SSL certificate checking for connections to the openID connect identity provider. Not recommended for production installations. |
logging.color |
string |
|
Activates colorized log output. Not recommended for production installations. |
logging.level |
string |
|
Log level. Valid values: |
logging.pretty |
string |
|
Activates pretty log output. Not recommended for production installations. |
namespaceOverride |
string |
|
Override the deployment namespace of all resources in this Helm chart. |
replicas |
int |
|
Number of replicas for each scalable service. Has no effect when |
resources |
object |
|
Default resources to apply to all services, except per-service resources configuration in |
secretRefs.adminUserSecretRef |
string |
|
Reference to an existing admin user secret (see Secrets). Not used if |
secretRefs.idpSecretRef |
string |
|
Reference to an existing IDP secret (see Secrets). Not used if |
secretRefs.jwtSecretRef |
string |
|
Reference to an existing JWT secret (see Secrets). |
secretRefs.ldapCaRef |
string |
|
Reference to an existing LDAP certificate authority secret (see Secrets) |
secretRefs.ldapCertRef |
string |
|
Reference to an existing LDAP cert secret (see Secrets). Not used if |
secretRefs.ldapSecretRef |
string |
|
Reference to an existing LDAP bind secret (see Secrets). |
secretRefs.machineAuthApiKeySecretRef |
string |
|
Reference to an existing machine auth api key secret (see Secrets) |
secretRefs.notificationsSmtpSecretRef |
string |
|
Reference to an existing SMTP email server settings secret (see Secrets). Not used if |
secretRefs.storageSystemJwtSecretRef |
string |
|
Reference to an existing storage-system JWT secret (see Secrets) |
secretRefs.storageSystemSecretRef |
string |
|
Reference to an existing storage-system secret (see Secrets) |
secretRefs.thumbnailsSecretRef |
string |
|
Reference to an existing thumbnails transfer secret (see Secrets) |
secretRefs.transferSecretSecretRef |
string |
|
Reference to an existing transfer secret (see Secrets) |
securityContext.fsGroup |
int |
|
File system group for all volumes. |
securityContext.fsGroupChangePolicy |
string |
|
File system group change policy for all volumes. Possible values "Always" and "OnRootMismatch". |
securityContext.runAsGroup |
int |
|
Group ID that all processes within any containers will run with. |
securityContext.runAsUser |
int |
|
User ID that all processes within any containers will run with. |
services.appProvider |
object |
see detailed service configuration options below |
APP PROVIDER service. Not used if |
services.appProvider.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.appRegistry |
object |
see detailed service configuration options below |
APP REGISTRY service. Not used if |
services.appRegistry.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.audit |
object |
see detailed service configuration options below |
AUDIT service. |
services.audit.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.authBasic |
object |
see detailed service configuration options below |
AUTH BASIC service. Not used if |
services.authBasic.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.authMachine |
object |
see detailed service configuration options below |
AUTH MACHINE service. |
services.authMachine.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.frontend |
object |
see detailed service configuration options below |
FRONTEND service. |
services.frontend.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.gateway |
object |
see detailed service configuration options below |
GATEWAY service. |
services.gateway.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.graph |
object |
see detailed service configuration options below |
GRAPH service. |
services.graph.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.groups |
object |
see detailed service configuration options below |
GROUPS service. |
services.groups.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.idm |
object |
see detailed service configuration options below |
IDM service. Not used if |
services.idm.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.idm.persistence.annotations |
object |
|
Persistent volume annotations. |
services.idm.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.idm.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations, except |
services.idm.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.idm.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.idm.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.idm.persistence.size |
string |
|
Size of the persistent volume. |
services.idm.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.idm.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.idp |
object |
see detailed service configuration options below |
IDP service. Not used if |
services.idp.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.nats |
object |
see detailed service configuration options below |
NATS service. |
services.nats.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.nats.persistence.annotations |
object |
|
Persistent volume annotations. |
services.nats.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.nats.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage. |
services.nats.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.nats.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.nats.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.nats.persistence.size |
string |
|
Size of the persistent volume. |
services.nats.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.nats.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.notifications |
object |
see detailed service configuration options below |
NOTIFICATIONS service. Not used if |
services.notifications.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.ocdav |
object |
see detailed service configuration options below |
OCDAV service. |
services.ocdav.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.ocs |
object |
see detailed service configuration options below |
OCS service. |
services.ocs.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.proxy |
object |
see detailed service configuration options below |
PROXY service. |
services.proxy.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.search |
object |
see detailed service configuration options below |
SEARCH service. |
services.search.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.search.persistence.annotations |
object |
|
Persistent volume annotations. |
services.search.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.search.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage. |
services.search.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.search.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.search.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.search.persistence.size |
string |
|
Size of the persistent volume. |
services.search.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.search.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.settings |
object |
see detailed service configuration options below |
SETTINGS service. |
services.settings.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.sharing |
object |
see detailed service configuration options below |
SHARING service. |
services.sharing.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.storagePublicLink |
object |
see detailed service configuration options below |
STORAGE-PUBLICLINK service. |
services.storagePublicLink.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.storageShares |
object |
see detailed service configuration options below |
STORAGE-SHARES service. |
services.storageShares.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.storageSystem |
object |
see detailed service configuration options below |
STORAGE-SYSTEM service. |
services.storageSystem.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.storageSystem.persistence.annotations |
object |
|
Persistent volume annotations. |
services.storageSystem.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.storageSystem.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage. |
services.storageSystem.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.storageSystem.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.storageSystem.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.storageSystem.persistence.size |
string |
|
Size of the persistent volume. |
services.storageSystem.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.storageSystem.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.storageUsers |
object |
see detailed service configuration options below |
STORAGE-USERS service. |
services.storageUsers.maintenance.cleanUpExpiredUploads.enabled |
bool |
|
Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage. |
services.storageUsers.maintenance.cleanUpExpiredUploads.schedule |
string |
|
Cron pattern for the job to be run. Defaults to every minute. |
services.storageUsers.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.storageUsers.persistence.annotations |
object |
|
Persistent volume annotations. |
services.storageUsers.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.storageUsers.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage. |
services.storageUsers.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.storageUsers.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.storageUsers.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.storageUsers.persistence.size |
string |
|
Size of the persistent volume. |
services.storageUsers.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.storageUsers.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.storageUsers.storageBackend.driver |
string |
|
Configures the storage driver. Possible values are "ocis" and "s3ng". The oCIS driver stores all data in the persistent volume if persistence is enabled. The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled. |
services.storageUsers.storageBackend.driverConfig.s3ng.accessKey |
string |
|
S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng". |
services.storageUsers.storageBackend.driverConfig.s3ng.bucket |
string |
|
S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng". |
services.storageUsers.storageBackend.driverConfig.s3ng.endpoint |
string |
|
S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng". |
services.storageUsers.storageBackend.driverConfig.s3ng.region |
string |
|
S3 region to use for the S3NG driver. Only used if driver is set to "s3ng". |
services.storageUsers.storageBackend.driverConfig.s3ng.secretKey |
string |
|
S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng". |
services.store |
object |
see detailed service configuration options below |
STORE service. |
services.store.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.store.persistence.annotations |
object |
|
Persistent volume annotations. |
services.store.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.store.persistence.enabled |
bool |
|
Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage. |
services.store.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.store.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.store.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.store.persistence.size |
string |
|
Size of the persistent volume. |
services.store.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.store.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.thumbnails |
object |
see detailed service configuration options below |
THUMBNAILS service. |
services.thumbnails.persistence.accessModes |
list |
|
Persistent volume access modes. Needs to be |
services.thumbnails.persistence.annotations |
object |
|
Persistent volume annotations. |
services.thumbnails.persistence.chownInitContainer |
bool |
|
Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. |
services.thumbnails.persistence.enabled |
bool |
|
Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage. |
services.thumbnails.persistence.existingClaim |
string |
|
Use an existing PersistentVolumeClaim for persistence. |
services.thumbnails.persistence.finalizers |
list |
|
Persistent volume finalizers. |
services.thumbnails.persistence.selectorLabels |
object |
|
Persistent volume selector labels. |
services.thumbnails.persistence.size |
string |
|
Size of the persistent volume. |
services.thumbnails.persistence.storageClassName |
string |
|
Storage class to use. Uses the default storage class if not set. |
services.thumbnails.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.users |
object |
see detailed service configuration options below |
USERS service. |
services.users.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.web |
object |
see detailed service configuration options below |
ownCloud WEB service. |
services.web.config.applications |
list |
|
Configure the {"applications": []} section in the Web config.json. |
services.web.config.apps |
list |
|
Configure the {"apps": []} section in the Web config.json. |
services.web.config.disableFeedbackLink |
bool |
|
Disables the feedback link in the Web UI. |
services.web.config.externalApplications |
list |
|
Configure the {"external_apps": []} section in the Web config.json. |
services.web.config.theme.path |
string |
|
URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme. |
services.web.config.theme.server |
string |
|
URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain". |
services.web.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
services.webdav |
object |
see detailed service configuration options below |
WEBDAV service. |
services.webdav.resources |
object |
|
Per-service resources configuration. Overrides the default setting from |
topologySpreadConstraints |
string |
|
TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains. Defaults to allow skew no more then 1 node per node. Passed through tpl and therefore needs to be configured as string. |