Habilita o inhabilita el archivo adicional de Istio
Si no necesitas el archivo adicional de Istio para los Pods de compilación, puedes inhabilitarlos si configuras el valor como true. Para habilitar, configura el valor en false.
El tamaño del recurso de Pod predeterminado se puede aumentar del valor predeterminado para adaptarse a compilaciones muy grandes. Las unidades del valor están en Mi o Gi.
Certificados autofirmados para agentes del servicio
Si quieres usar certificados autofirmados para TLS (https en lugar de http) para la URL del agente del servicio, el controlador de Kf requiere el certificado de CA. A fin de configurar Kf para esta situación, crea un Secret de Kubernetes inmutable en el espacio de nombres kf y actualiza el objeto kfsystem.spec.kf.config.secrets.controllerCACerts.name a fin de que apunte a él.
Crea un Secret para almacenar el certificado autofirmado.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[],[],null,["# Customizing Kf Features\n\n| **Warning:** Please proceed with caution, and test before using any customizations in production.\n\nBuild Retention\n---------------\n\nYou can control how many Kf Builds are kept before being garbage collected.\n**Note:** This example sets the retention to 1 Build. Change the value as needed. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildRetentionCount', 'value': 1}]\"\n```\n\nEnable or Disable the Istio Sidecar\n-----------------------------------\n\nIf you do not require the Istio sidecar for the Build pods, then they can be disabled by setting the value to `true`. Enable by setting the value to `false`. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildDisableIstioSidecar', 'value': true}]\"\n```\n\nBuild Pod Resource Limits\n-------------------------\n\nThe default pod resource size can be increased from the default to accommodate very large builds. The units for the value are in `Mi` or `Gi`.\n**Note:** This is only applicable for built-in Tasks (which is normal for a `kf push` build). For V2 buildpack builds, this will be set on two steps and one for V3 buildpacks or Dockerfiles. This means that for a V2 build the required Pod size will be double the limit. For example, if the memory limit is 1Gi, then the pod will require 2Gi. \n\n```\nkubectl patch \\\nkfsystem kfsystem \\\n--type='json' \\\n-p=\"[{'op': 'replace', 'path': '/spec/kf/config/buildPodResources', 'value': {'limits': {'memory': '234Mi'}}}]\"\n```\n\nRead [Kubernetes container resource docs](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for more information about container resource management.\n\nSelf Signed Certificates for Service Brokers\n--------------------------------------------\n\nIf you want to use self signed certificates for TLS (`https` instead of `http`) for the service broker URL, the Kf controller requires the CA certificate. To configure Kf for this scenario, create an immutable Kubernetes secret in the `kf` namespace and update the `kfsystem.spec.kf.config.secrets.controllerCACerts.name` object to point to it.\n\n1. Create a secret to store the self-signed certificate.\n\n **Note:** Customize the secret name if desired, or leave the default name of `cacerts`. Replace `/path/to/cert/certs.pem` with the path to the self-signed certificate. \n\n ```\n kubectl create secret generic cacerts -nkf --from-file /path/to/cert/certs.pem\n ```\n2. Make the secret immutable.\n\n ```\n kubectl patch -nkf secret cacerts \\\n --type='json' \\\n -p=\"[{'op':'add','path':'/immutable','value':true}]\"\n ```\n3. Update kfsystem to point to the secret.\n\n **Note:** This will cause the controller pod to be re-deployed with the certs mounted as a volume. \n\n ```\n kubectl patch \\\n kfsystem kfsystem \\\n --type='json' \\\n -p=\"[{'op':'add','path':'/spec/kf/config/secrets','value':{'controllerCACerts':{'name':'cacerts'}}}]\"\n ```"]]