Build Retention
You can control how many Kf Builds are kept before being garbage collected.
kubectl patch \
kfsystem kfsystem \
--type='json' \
-p="[{'op': 'replace', 'path': '/spec/kf/config/buildRetentionCount', 'value': 1}]"
Enable or Disable the Istio Sidecar
If you do not require the Istio sidecar for the Build pods, then they can be disabled by setting the value to true. Enable by setting the value to false.
kubectl patch \
kfsystem kfsystem \
--type='json' \
-p="[{'op': 'replace', 'path': '/spec/kf/config/buildDisableIstioSidecar', 'value': true}]"
Build Pod Resource Limits
The default pod resource size can be increased from the default to accommodate very large builds. The units for the value are in Mi or Gi.
kubectl patch \
kfsystem kfsystem \
--type='json' \
-p="[{'op': 'replace', 'path': '/spec/kf/config/buildPodResources', 'value': {'limits': {'memory': '234Mi'}}}]"
Read Kubernetes container resource docs for more information about container resource management.
Self Signed Certificates for Service Brokers
If you want to use self signed certificates for TLS (https instead of http) for the service broker URL, the Kf controller requires the CA certificate. To configure Kf for this scenario, create an immutable Kubernetes secret in the kf namespace and update the kfsystem.spec.kf.config.secrets.controllerCACerts.name object to point to it.
Create a secret to store the self-signed certificate.
kubectl create secret generic cacerts -nkf --from-file /path/to/cert/certs.pem
Make the secret immutable.
kubectl patch -nkf secret cacerts \ --type='json' \ -p="[{'op':'add','path':'/immutable','value':true}]"Update kfsystem to point to the secret.
kubectl patch \ kfsystem kfsystem \ --type='json' \ -p="[{'op':'add','path':'/spec/kf/config/secrets','value':{'controllerCACerts':{'name':'cacerts'}}}]"