본 한국어 번역은 사용자 편의를 위해 제공되는 기계 번역입니다. 영어 버전과 한국어 버전이 서로 어긋나는 경우에는 언제나 영어 버전이 우선합니다.
Kubernetes 모니터링 운영자 구성 옵션
기여자
변경 제안
PDF
그만큼 "쿠버네티스 모니터링 운영자" AgentConfiguration 파일을 통해 광범위한 사용자 지정 옵션을 제공합니다. 리소스 제한, 수집 간격, 프록시 설정, 허용 오차 및 구성 요소별 설정을 구성하여 Kubernetes 환경의 모니터링을 최적화할 수 있습니다. 이러한 옵션을 사용하여 telegraf, kube-state-metrics, 로그 수집, 워크로드 매핑, 변경 관리 및 기타 모니터링 구성 요소를 사용자 지정할 수 있습니다.
아래 표는 AgentConfiguration 파일에 대한 가능한 옵션을 나열합니다.
| 요소 | 옵션 | 설명 |
|---|---|---|
대리인 |
운영자가 설치할 수 있는 모든 구성 요소에 공통적인 구성 옵션입니다. 이러한 옵션은 "글로벌" 옵션으로 간주될 수 있습니다. |
|
도커리포 |
Data Infrastructure Insights Docker 저장소 대신 고객의 개인 Docker 저장소에서 이미지를 가져오도록 dockerRepo를 재정의합니다. 기본값은 Data Infrastructure Insights Docker 저장소입니다. |
|
dockerImagePullSecret |
선택 사항: 고객의 개인 저장소에 대한 비밀입니다. |
|
클러스터 이름 |
모든 고객 클러스터에서 클러스터를 고유하게 식별하는 자유 텍스트 필드입니다. 이 필드는 Data Infrastructure Insights 테넌트 전체에서 고유해야 합니다. 기본값은 고객이 UI에서 "클러스터 이름" 필드에 입력하는 내용입니다. |
|
프록시 형식: 프록시: 서버: 포트: 사용자 이름: 비밀번호: noProxy: isTelegrafProxyEnabled: isAuProxyEnabled: isFluentbitProxyEnabled: isCollectorProxyEnabled: |
프록시 설정은 선택 사항입니다. 이는 일반적으로 고객의 회사 대리인입니다. |
|
텔레그라프 |
Operator의 Telegraf 설치를 사용자 정의할 수 있는 구성 옵션 |
|
수집간격 |
메트릭 수집 간격(초)(최대 60초) |
|
dsCpuLimit |
Telegraf DS의 CPU 제한 |
|
dsMemLimit |
Telegraf DS의 메모리 제한 |
|
dsCpu요청 |
Telegraf DS에 대한 CPU 요청 |
|
dsMemRequest |
Telegraf DS에 대한 메모리 요청 |
|
rsCpuLimit |
Telegraf rs의 CPU 제한 |
|
rsMemLimit |
Telegraf RS의 메모리 제한 |
|
rsCpu요청 |
Telegraf rs에 대한 CPU 요청 |
|
rsMemRequest |
Telegraf rs에 대한 메모리 요청 |
|
권한이 있는 실행 |
특권 모드에서 telegraf DaemonSet의 telegraf-mountstats-poller 컨테이너를 실행합니다. Kubernetes 노드에서 SELinux가 활성화된 경우 이 값을 true로 설정합니다. |
|
runDs특권 |
telegraf DaemonSet의 telegraf 컨테이너를 특권 모드로 실행하려면 runDsPrivileged를 true로 설정합니다. |
|
배치 크기 |
||
버퍼 제한 |
||
라운드 간격 |
||
컬렉션지터 |
||
정도 |
||
플러시 간격 |
||
플러시지터 |
||
출력시간 초과 |
||
ds내성 |
telegraf-ds 추가 허용 범위. |
|
rsTolerations |
telegraf-rs 추가 허용 범위. |
|
스킵프로세서애그리게이터 |
||
보호되지 않은 |
이것을 보세요 "알려진 Telegraf 문제" . _unprotected_를 설정하면 Kubernetes Monitoring Operator가 Telegraf를 다음과 같이 실행하도록 지시합니다. |
|
insecureK8sSkipVerify |
IP SAN이 부족하여 Telegraf가 인증서를 확인할 수 없는 경우 확인 건너뛰기를 활성화해 보세요. |
|
kube-state-metrics |
Operator의 kube 상태 메트릭 설치를 사용자 정의할 수 있는 구성 옵션 |
|
CPU 제한 |
kube-state-metrics 배포를 위한 CPU 제한 |
|
메모리 제한 |
kube-state-metrics 배포에 대한 메모리 제한 |
|
cpu요청 |
kube state metrics 배포를 위한 CPU 요청 |
|
메모리 요청 |
kube state 메트릭 배포를 위한 메모리 요청 |
|
자원 |
캡처할 리소스를 쉼표로 구분하여 나열합니다. 예: cronjobs, daemonsets, deployments, ingresses, jobs, namespaces, nodes, persistentvolumeclaims, persistentvolumes, pods, replicasets, resourcequotas, services, statefulsets |
|
관용 |
kube-state-metrics 추가 허용 범위. |
|
라벨 |
kube-state-metrics가 레이블을 캡처해야 하는 리소스의 쉼표로 구분된 목록 예: cronjobs=[*],daemonsets=[*],deployments=[*],ingresses=[*],jobs=[*],namespaces=[*],nodes=[*], persistentvolumeclaims=[*],persistentvolumes=[*],pods=[*],replicasets=[*],resourcequotas=[*],services=[*],statefulsets=[*] |
|
통나무 |
운영자의 로그 수집 및 설치를 사용자 정의할 수 있는 구성 옵션 |
|
헤드에서 읽기 |
참/거짓, fluent bit가 head에서 로그를 읽어야 합니까? |
|
타임아웃 |
시간 초과(초) |
|
DNS 모드 |
TCP/UDP, DNS 모드 |
|
유창한 비트 허용 |
fluent-bit-ds 추가 허용 범위. |
|
이벤트 내보내기 허용 |
이벤트 내보내기 추가 허용 범위. |
|
이벤트 내보내기-maxEventAgeSeconds |
이벤트 내보내기 최대 이벤트 기간. 보다 https://github.com/jkroepke/resmoio-kubernetes-event-exporter |
|
유창한 비트 컨테이너 로그 경로 |
기본적으로 Fluentbit DaemonSet은 /var/log 및 /var/lib/docker/containers 호스트 경로를 마운트하여 Kubernetes 컨테이너 로그에 액세스하고 이를 읽습니다. Kubernetes가 컨테이너 로그를 기본이 아닌 위치에 저장하도록 구성된 경우 이 옵션을 사용하여 Fluentbit DaemonSet을 수정하여 기본이 아닌 경로를 마운트합니다. |
|
워크로드 맵 |
Operator의 작업 맵 수집 및 설치를 사용자 정의할 수 있는 구성 옵션입니다. |
|
CPU 제한 |
net observer ds에 대한 CPU 제한 |
|
메모리 제한 |
net observer ds에 대한 메모리 제한 |
|
cpu요청 |
net observer ds에 대한 CPU 요청 |
|
메모리 요청 |
net observer ds에 대한 mem 요청 |
|
메트릭 집계 간격 |
메트릭 집계 간격(초) |
|
bpfPollInterval |
BPF 폴링 간격(초) |
|
DNSLookup 활성화 |
true/false, DNS 조회 활성화 |
|
l4-내성 |
net-observer-l4-ds 추가 허용 범위. |
|
권한이 있는 실행 |
true/false - Kubernetes 노드에서 SELinux가 활성화된 경우 runPrivileged를 true로 설정합니다. |
|
변화 관리 |
Kubernetes 변경 관리 및 분석을 위한 구성 옵션 |
|
CPU 제한 |
change-observer-watch-rs에 대한 CPU 제한 |
|
메모리 제한 |
change-observer-watch-rs에 대한 메모리 제한 |
|
cpu요청 |
change-observer-watch-rs에 대한 CPU 요청 |
|
메모리 요청 |
change-observer-watch-rs에 대한 mem 요청 |
|
workloadFailureDeclarationIntervalSeconds |
작업 부하의 배포가 성공하지 못한 경우 배포가 실패로 표시되는 간격(초) |
|
workloadDeployAggrIntervalSeconds |
워크로드 배포가 결합되어 전송되는 빈도(초) |
|
nonWorkloadDeployAggrIntervalSeconds |
비작업 부하 배포가 결합되어 전송되는 빈도(초) |
|
용어삭제 |
값이 삭제되는 환경 이름 및 데이터 맵에 사용되는 정규 표현식 세트 예시 용어: "pwd", "password", "token", "apikey", "api-key", "jwt" |
|
추가적으로 주의해야 할 종류 |
수집기가 감시하는 기본 종류 집합에서 감시할 추가 종류의 쉼표로 구분된 목록 |
|
시계에서 무시할 종류 |
수집기가 감시하는 기본 종류 집합에서 감시를 무시할 종류의 쉼표로 구분된 목록 |
|
logRecordAggrIntervalSeconds |
수집기에서 CI로 로그 레코드가 전송되는 빈도 |
|
감시 관용 |
change-observer-watch-ds 추가적인 허용 범위. 축약된 단일 행 형식만 가능합니다. 예: '{키: taint1, 연산자: 존재, 효과: NoSchedule},{키: taint2, 연산자: 존재, 효과: NoExecute}' |
샘플 AgentConfiguration 파일
아래는 AgentConfiguration 파일의 샘플입니다.
apiVersion: monitoring.netapp.com/v1alpha1
kind: AgentConfiguration
metadata:
name: netapp-ci-monitoring-configuration
namespace: "netapp-monitoring"
labels:
installed-by: nkmo-netapp-monitoring
spec:
# # You can modify the following fields to configure the operator.
# # Optional settings are commented out and include default values for reference
# # To update them, uncomment the line, change the value, and apply the updated AgentConfiguration.
agent:
# # [Required Field] A uniquely identifiable user-friendly clustername.
# # clusterName must be unique across all clusters in your Data Infrastructure Insights environment.
clusterName: "my_cluster"
# # Proxy settings. The proxy that the operator should use to send metrics to Data Infrastructure Insights.
# # Please see documentation here: https://docs.netapp.com/us-en/cloudinsights/task_config_telegraf_agent_k8s.html#configuring-proxy-support
# proxy:
# server:
# port:
# noproxy:
# username:
# password:
# isTelegrafProxyEnabled:
# isFluentbitProxyEnabled:
# isCollectorsProxyEnabled:
# # [Required Field] By default, the operator uses the CI repository.
# # To use a private repository, change this field to your repository name.
# # Please see documentation here: https://docs.netapp.com/us-en/cloudinsights/task_config_telegraf_agent_k8s.html#using-a-custom-or-private-docker-repository
dockerRepo: 'docker.c01.cloudinsights.netapp.com'
# # [Required Field] The name of the imagePullSecret for dockerRepo.
# # If you are using a private repository, change this field from 'netapp-ci-docker' to the name of your secret.
dockerImagePullSecret: 'netapp-ci-docker'
# # Allow the operator to automatically rotate its ApiKey before expiration.
# tokenRotationEnabled: 'true'
# # Number of days before expiration that the ApiKey should be rotated. This must be less than the total ApiKey duration.
# tokenRotationThresholdDays: '30'
telegraf:
# # Settings to fine-tune metrics data collection. Telegraf config names are included in parenthesis.
# # See https://github.com/influxdata/telegraf/blob/master/docs/CONFIGURATION.md#agent
# # The default time telegraf will wait between inputs for all plugins (interval). Max=60
# collectionInterval: '60s'
# # Maximum number of records per output that telegraf will write in one batch (metric_batch_size).
# batchSize: '10000'
# # Maximum number of records per output that telegraf will cache pending a successful write (metric_buffer_limit).
# bufferLimit: '150000'
# # Collect metrics on multiples of interval (round_interval).
# roundInterval: 'true'
# # Each plugin waits a random amount of time between the scheduled collection time and that time + collection_jitter before collecting inputs (collection_jitter).
# collectionJitter: '0s'
# # Collected metrics are rounded to the precision specified. When set to "0s" precision will be set by the units specified by interval (precision).
# precision: '0s'
# # Time telegraf will wait between writing outputs (flush_interval). Max=collectionInterval
# flushInterval: '60s'
# # Each output waits a random amount of time between the scheduled write time and that time + flush_jitter before writing outputs (flush_jitter).
# flushJitter: '0s'
# # Timeout for writing to outputs (timeout).
# outputTimeout: '5s'
# # telegraf-ds CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# dsCpuLimit: '750m'
# dsMemLimit: '800Mi'
# dsCpuRequest: '100m'
# dsMemRequest: '500Mi'
# # telegraf-rs CPU/Mem limits and requests.
# rsCpuLimit: '3'
# rsMemLimit: '4Gi'
# rsCpuRequest: '100m'
# rsMemRequest: '500Mi'
# # Skip second run of processors after aggregators
# skipProcessorsAfterAggregators: 'true'
# # telegraf additional tolerations. Use the following abbreviated single line format only.
# # Inspect telegraf-rs/-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# dsTolerations: ''
# rsTolerations: ''
# If telegraf warns of insufficient lockable memory, try increasing the limit of lockable memory for Telegraf in the underlying operating system/node. If increasing the limit is not an option, set this to true to instruct Telegraf to not attempt to reserve locked memory pages. While this might pose a security risk as decrypted secrets might be swapped out to disk, it allows for execution in environments where reserving locked memory is not possible.
# unprotected: 'false'
# # Run the telegraf DaemonSet's telegraf-mountstats-poller container in privileged mode. Set runPrivileged to true if SELinux is enabled on your Kubernetes nodes.
# runPrivileged: '{{ .Values.telegraf_installer.kubernetes.privileged_mode }}'
# # Set runDsPrivileged to true to run the telegraf DaemonSet's telegraf container in privileged mode
# runDsPrivileged: '{{ .Values.telegraf_installer.kubernetes.ds.privileged_mode }}'
# # Collect container Block IO metrics.
# dsBlockIOEnabled: 'true'
# # Collect NFS IO metrics.
# dsNfsIOEnabled: 'true'
# # Collect kubernetes.system_container metrics and objects in the kube-system|cattle-system namespaces for managed kubernetes clusters (EKS, AKS, GKE, managed Rancher). Set this to true if you want collect these metrics.
# managedK8sSystemMetricCollectionEnabled: 'false'
# # Collect kubernetes.pod_volume (pod ephemeral storage) metrics. Set this to true if you want to collect these metrics.
# podVolumeMetricCollectionEnabled: 'false'
# # Declare Rancher cluster as managed. Set this to true if your Rancher cluster is managed as opposed to on-premise.
# isManagedRancher: 'false'
# # If telegraf-rs fails to start due to being unable to find the etcd crt and key, manually specify the appropriate path here.
# rsHostEtcdCrt: ''
# rsHostEtcdKey: ''
# kube-state-metrics:
# # kube-state-metrics CPU/Mem limits and requests.
# cpuLimit: '500m'
# memLimit: '1Gi'
# cpuRequest: '100m'
# memRequest: '500Mi'
# # Comma-separated list of resources to enable.
# # See resources in https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
# resources: 'cronjobs,daemonsets,deployments,ingresses,jobs,namespaces,nodes,persistentvolumeclaims,persistentvolumes,pods,replicasets,resourcequotas,services,statefulsets'
# # Comma-separated list of metrics to enable.
# # See metric-allowlist in https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
# metrics: 'kube_cronjob_created,kube_cronjob_status_active,kube_cronjob_labels,kube_daemonset_created,kube_daemonset_status_current_number_scheduled,kube_daemonset_status_desired_number_scheduled,kube_daemonset_status_number_available,kube_daemonset_status_number_misscheduled,kube_daemonset_status_number_ready,kube_daemonset_status_number_unavailable,kube_daemonset_status_observed_generation,kube_daemonset_status_updated_number_scheduled,kube_daemonset_metadata_generation,kube_daemonset_labels,kube_deployment_status_replicas,kube_deployment_status_replicas_available,kube_deployment_status_replicas_unavailable,kube_deployment_status_replicas_updated,kube_deployment_status_observed_generation,kube_deployment_spec_replicas,kube_deployment_spec_paused,kube_deployment_spec_strategy_rollingupdate_max_unavailable,kube_deployment_spec_strategy_rollingupdate_max_surge,kube_deployment_metadata_generation,kube_deployment_labels,kube_deployment_created,kube_job_created,kube_job_owner,kube_job_status_active,kube_job_status_succeeded,kube_job_status_failed,kube_job_labels,kube_job_status_start_time,kube_job_status_completion_time,kube_namespace_created,kube_namespace_labels,kube_namespace_status_phase,kube_node_info,kube_node_labels,kube_node_role,kube_node_spec_unschedulable,kube_node_created,kube_persistentvolume_capacity_bytes,kube_persistentvolume_status_phase,kube_persistentvolume_labels,kube_persistentvolume_info,kube_persistentvolume_claim_ref,kube_persistentvolumeclaim_access_mode,kube_persistentvolumeclaim_info,kube_persistentvolumeclaim_labels,kube_persistentvolumeclaim_resource_requests_storage_bytes,kube_persistentvolumeclaim_status_phase,kube_pod_info,kube_pod_start_time,kube_pod_completion_time,kube_pod_owner,kube_pod_labels,kube_pod_status_phase,kube_pod_status_ready,kube_pod_status_scheduled,kube_pod_container_info,kube_pod_container_status_waiting,kube_pod_container_status_waiting_reason,kube_pod_container_status_running,kube_pod_container_state_started,kube_pod_container_status_terminated,kube_pod_container_status_terminated_reason,kube_pod_container_status_last_terminated_reason,kube_pod_container_status_ready,kube_pod_container_status_restarts_total,kube_pod_overhead_cpu_cores,kube_pod_overhead_memory_bytes,kube_pod_created,kube_pod_deletion_timestamp,kube_pod_init_container_info,kube_pod_init_container_status_waiting,kube_pod_init_container_status_waiting_reason,kube_pod_init_container_status_running,kube_pod_init_container_status_terminated,kube_pod_init_container_status_terminated_reason,kube_pod_init_container_status_last_terminated_reason,kube_pod_init_container_status_ready,kube_pod_init_container_status_restarts_total,kube_pod_status_scheduled_time,kube_pod_status_unschedulable,kube_pod_spec_volumes_persistentvolumeclaims_readonly,kube_pod_container_resource_requests_cpu_cores,kube_pod_container_resource_requests_memory_bytes,kube_pod_container_resource_requests_storage_bytes,kube_pod_container_resource_requests_ephemeral_storage_bytes,kube_pod_container_resource_limits_cpu_cores,kube_pod_container_resource_limits_memory_bytes,kube_pod_container_resource_limits_storage_bytes,kube_pod_container_resource_limits_ephemeral_storage_bytes,kube_pod_init_container_resource_limits_cpu_cores,kube_pod_init_container_resource_limits_memory_bytes,kube_pod_init_container_resource_limits_storage_bytes,kube_pod_init_container_resource_limits_ephemeral_storage_bytes,kube_pod_init_container_resource_requests_cpu_cores,kube_pod_init_container_resource_requests_memory_bytes,kube_pod_init_container_resource_requests_storage_bytes,kube_pod_init_container_resource_requests_ephemeral_storage_bytes,kube_replicaset_status_replicas,kube_replicaset_status_ready_replicas,kube_replicaset_status_observed_generation,kube_replicaset_spec_replicas,kube_replicaset_metadata_generation,kube_replicaset_labels,kube_replicaset_created,kube_replicaset_owner,kube_resourcequota,kube_resourcequota_created,kube_service_info,kube_service_labels,kube_service_created,kube_service_spec_type,kube_statefulset_status_replicas,kube_statefulset_status_replicas_current,kube_statefulset_status_replicas_ready,kube_statefulset_status_replicas_updated,kube_statefulset_status_observed_generation,kube_statefulset_replicas,kube_statefulset_metadata_generation,kube_statefulset_created,kube_statefulset_labels,kube_statefulset_status_current_revision,kube_statefulset_status_update_revision,kube_node_status_capacity,kube_node_status_allocatable,kube_node_status_condition,kube_pod_container_resource_requests,kube_pod_container_resource_limits,kube_pod_init_container_resource_limits,kube_pod_init_container_resource_requests'
# # Comma-separated list of Kubernetes label keys that will be used in the resources' labels metric.
# # See metric-labels-allowlist in https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
# labels: 'cronjobs=[*],daemonsets=[*],deployments=[*],ingresses=[*],jobs=[*],namespaces=[*],nodes=[*],persistentvolumeclaims=[*],persistentvolumes=[*],pods=[*],replicasets=[*],resourcequotas=[*],services=[*],statefulsets=[*]'
# # kube-state-metrics additional tolerations. Use the following abbreviated single line format only.
# # No tolerations are applied by default
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# tolerations: ''
# # kube-state-metrics shards. Increase the number of shards for larger clusters if telegraf RS pod(s) experience collection timeouts
# shards: '2'
# # Settings for the Events Log feature.
# logs:
# # Set runPrivileged to true if Fluent Bit fails to start, trying to open/create its database.
# runPrivileged: 'false'
# # If Fluent Bit should read new files from the head, not tail.
# # See Read_from_Head in https://docs.fluentbit.io/manual/pipeline/inputs/tail
# readFromHead: "true"
# # Network protocol that Fluent Bit should use for DNS: "UDP" or "TCP".
# dnsMode: "UDP"
# # DNS resolver that Fluent Bit should use: "LEGACY" or "ASYNC"
# fluentBitDNSResolver: "LEGACY"
# # Logs additional tolerations. Use the following abbreviated single line format only.
# # Inspect fluent-bit-ds to view tolerations which are always present. No tolerations are applied by default for event-exporter.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# fluent-bit-tolerations: ''
# event-exporter-tolerations: ''
# # event-exporter CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# event-exporter-cpuLimit: '500m'
# event-exporter-memLimit: '1Gi'
# event-exporter-cpuRequest: '50m'
# event-exporter-memRequest: '100Mi'
# # event-exporter max event age.
# # See https://github.com/jkroepke/resmoio-kubernetes-event-exporter
# event-exporter-maxEventAgeSeconds: '10'
# # event-exporter client-side throttling
# # Set kubeBurst to roughly match your events per minute and kubeQPS=kubeBurst/5
# # See https://github.com/resmoio/kubernetes-event-exporter#troubleshoot-events-discarded-warning
# event-exporter-kubeQPS: 20
# event-exporter-kubeBurst: 100
# # fluent-bit CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# fluent-bit-cpuLimit: '500m'
# fluent-bit-memLimit: '1Gi'
# fluent-bit-cpuRequest: '50m'
# fluent-bit-memRequest: '100Mi'
# By default, the Fluentbit DaemonSet will mount the /var/log and /var/lib/docker/containers host paths to access/read the
# Kubernetes container logs. If Kubernetes has been configured to place container logs in a non-default location, use
# this option to modify the Fluentbit DaemonSet to mount the non-default path.
# fluent-bit-containerLogPath
# # Settings for the Network Performance and Map feature.
# workload-map:
# # netapp-ci-net-observer-l4-ds CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# cpuLimit: '500m'
# memLimit: '500Mi'
# cpuRequest: '100m'
# memRequest: '500Mi'
# # Metric aggregation interval in seconds. Min=30, Max=120
# metricAggregationInterval: '60'
# # Interval for bpf polling. Min=3, Max=15
# bpfPollInterval: '8'
# # Enable performing reverse DNS lookups on observed IPs.
# enableDNSLookup: 'true'
# # netapp-ci-net-observer-l4-ds additional tolerations. Use the following abbreviated single line format only.
# # Inspect netapp-ci-net-observer-l4-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# l4-tolerations: ''
# # Set runPrivileged to true if SELinux is enabled on your Kubernetes nodes.
# # Note: In OpenShift environments, this is set to true automatically.
# runPrivileged: 'false'
# change-management:
# # change-observer-watch-rs CPU/Mem limits and requests.
# # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
# cpuLimit: '1'
# memLimit: '1Gi'
# cpuRequest: '500m'
# memRequest: '500Mi'
# # Interval after which a non-successful deployment of a workload will be marked as failed, in seconds
# workloadFailureDeclarationIntervalSeconds: '30'
# # Frequency at which workload deployments are combined and sent, in seconds
# workloadDeployAggrIntervalSeconds: '300'
# # Frequency at which non-workload deployments are combined and sent, in seconds
# nonWorkloadDeployAggrIntervalSeconds: '15'
# # A set of regular expressions used in env names and data maps whose value will be redacted
# termsToRedact: '"pwd", "password", "token", "apikey", "api-key", "api_key", "jwt", "accesskey", "access_key", "access-key", "ca-file", "key-file", "cert", "cafile", "keyfile", "tls", "crt", "salt", ".dockerconfigjson", "auth", "secret"'
# # A comma separated list of additional kinds to watch from the default set of kinds watched by the collector
# # Each kind will have to be prefixed by its apigroup
# # Example: '"authorization.k8s.io.subjectaccessreviews"'
# additionalKindsToWatch: ''
# # A comma separated list of additional field paths whose diff is ignored as part of change analytics. This list in addition to the default set of field paths ignored by the collector.
# # Example: '"metadata.specTime", "data.status"'
# additionalFieldsDiffToIgnore: ''
# # A comma separated list of kinds to ignore from watching from the default set of kinds watched by the collector
# # Each kind will have to be prefixed by its apigroup
# # Example: '"networking.k8s.io.networkpolicies,batch.jobs", "authorization.k8s.io.subjectaccessreviews"'
# kindsToIgnoreFromWatch: ''
# # Frequency with which log records are sent to CI from the collector
# logRecordAggrIntervalSeconds: '20'
# # change-observer-watch-ds additional tolerations. Use the following abbreviated single line format only.
# # Inspect change-observer-watch-ds to view tolerations which are always present.
# # Example: '{key: taint1, operator: Exists, effect: NoSchedule},{key: taint2, operator: Exists, effect: NoExecute}'
# watch-tolerations: ''