Wenn Sie für die Build-Pods keinen Istio-Sidecar benötigen, können Sie diese deaktivieren, indem Sie den Wert auf true setzen. Aktivieren Sie diese Option, indem Sie den Wert auf false setzen.
Die Standardgröße von Pod-Ressourcen kann von der Standardgröße erhöht werden, um sehr große Builds zu berücksichtigen. Die Einheiten für den Wert sind in Mi oder Gi angegeben.
Wenn Sie selbst signierte Zertifikate für TLS (https statt http) für die Service Broker-URL verwenden möchten, benötigt der Kf-Controller das CA-Zertifikat. Zur Konfiguration von Kf für dieses Szenario erstellen Sie ein unveränderliches Kubernetes-Secret im Namespace kf und aktualisieren Sie das Objekt kfsystem.spec.kf.config.secrets.controllerCACerts.name so, dass es darauf verweist.
Erstellen Sie ein Secret zum Speichern des selbst signierten Zertifikats.
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-09-04 (UTC)."],[],[],null,["# Customizing Kf Features\n\n| **Warning:** Please proceed with caution, and test before using any customizations in production.\n\nBuild Retention\n---------------\n\nYou can control how many Kf Builds are kept before being garbage collected.\n**Note:** This example sets the retention to 1 Build. Change the value as needed. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildRetentionCount', 'value': 1}]\"\n```\n\nEnable or Disable the Istio Sidecar\n-----------------------------------\n\nIf you do not require the Istio sidecar for the Build pods, then they can be disabled by setting the value to `true`. Enable by setting the value to `false`. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildDisableIstioSidecar', 'value': true}]\"\n```\n\nBuild Pod Resource Limits\n-------------------------\n\nThe default pod resource size can be increased from the default to accommodate very large builds. The units for the value are in `Mi` or `Gi`.\n**Note:** This is only applicable for built-in Tasks (which is normal for a `kf push` build). For V2 buildpack builds, this will be set on two steps and one for V3 buildpacks or Dockerfiles. This means that for a V2 build the required Pod size will be double the limit. For example, if the memory limit is 1Gi, then the pod will require 2Gi. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildPodResources', 'value': {'limits': {'memory': '234Mi'}}}]\"\n```\n\nRead [Kubernetes container resource docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for more information about container resource management.\n\nSelf Signed Certificates for Service Brokers\n--------------------------------------------\n\nIf you want to use self signed certificates for TLS (`https` instead of `http`) for the service broker URL, the Kf controller requires the CA certificate. To configure Kf for this scenario, create an immutable Kubernetes secret in the `kf` namespace and update the `kfsystem.spec.kf.config.secrets.controllerCACerts.name` object to point to it.\n\n1. Create a secret to store the self-signed certificate.\n\n **Note:** Customize the secret name if desired, or leave the default name of `cacerts`. Replace `/path/to/cert/certs.pem` with the path to the self-signed certificate. \n\n ```\n kubectl create secret generic cacerts -nkf --from-file /path/to/cert/certs.pem\n ```\n2. Make the secret immutable.\n\n ```\n kubectl patch -nkf secret cacerts \\\n --type='json' \\\n -p=\"[{'op':'add','path':'/immutable','value':true}]\"\n ```\n3. Update kfsystem to point to the secret.\n\n **Note:** This will cause the controller pod to be re-deployed with the certs mounted as a volume. \n\n ```\n kubectl patch \\\n kfsystem kfsystem \\\n --type='json' \\\n -p=\"[{'op':'add','path':'/spec/kf/config/secrets','value':{'controllerCACerts':{'name':'cacerts'}}}]\"\n ```"]]