-
Notifications
You must be signed in to change notification settings - Fork 1
/
values.yaml
339 lines (314 loc) · 15.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
# @ignored
development_mode_enabled: placeholder_this_is_development
host_network:
enabled: placeholder_enable_host_network
external_secrets:
webhook_port: 45010
cert_manager:
webhook_secure_port: 45020
nginx_public:
controller:
host_port:
ports:
http: 45030
https: 45031
kube_pometheus_stack:
prometheusOperator:
tls:
internal_port: 45040
admissionWebhooks:
deployment:
tls:
internal_port: 45041
keda:
webhooks:
port: 45050
healthProbePort: 45051
service:
portHttps: 45052
portHttpsTarget: 45053
prometheus:
webhooks:
port: 45054
operator:
port: 45055
metricServer:
port: 45056
# -- The Route53 subdomain for the services on your cluster. It will be used as the suffix url for argocd, grafana, vault, and any other services that come out of the box in the glueops platform. Note: you need to create this before using this repo as this repo does not provision DNS Zones for you.
# This is the domain you created through: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
captain_domain: placeholder_cluster_environment.placeholder_tenant_key.placeholder_glueops_root_domain
glueops_alerts:
# -- Found at `opsgenie_credentials` in the json output that is part of `opsgenie_prometheus_api_keys` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
opsgenie_apikey: placeholder_opsgenie_api_key
# Configuration for backups taken by the GlueOps Platform
glueops_backups:
# s3 bucket where backups will be stored (one bucket per tenant that gets used for all clusters/environments)
s3_bucket_name: glueops-tenant-placeholder_tenant_key-primary
# Credentials and configuration for backing up vault, found at `vault_credentials` in the json output, values are generated by terraform-module-cloud-multy-prerequisites and are specific to this backup process, due to narrowly scoped permissions
vault:
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
# -- Part of `vault_s3_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_vault_aws_access_key
# -- Part of `vault_s3_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_vault_aws_secret_key
# @ignored
cron_expression: "0 */6 * * *"
company_key: placeholder_tenant_key
tls_cert_backup:
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
# -- Part of `loki_log_exporter` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_tls_cert_backup_aws_access_key
# -- Part of `loki_log_exporter` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_tls_cert_backup_aws_secret_key
backup_prefix: placeholder_tls_cert_backup_s3_key_prefix
# @ignored
cron_expression: "0 */6 * * *"
company_key: placeholder_tenant_key
captain_repo:
# -- This is a read only deploy key that will be used to read the captain repo. Part of output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
private_b64enc_deploy_key: placeholder_captain_repo_b64enc_private_deploy_key
# -- This is the github url of the captain repo https://github.com/glueops/development-captains/tenant . Part of output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
ssh_clone_url: placeholder_captain_repo_ssh_clone_url
gitHub:
# -- Create an Application in the tenant's github organization that has repo scope access and can comment against PRs. https://docs.github.com/en/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app. Format the key using format using `cat <key-file> | base64 | tr -d '\n'`
github_app_id: "placeholder_github_tenant_app_id"
github_app_installation_id: "placeholder_github_tenant_app_installation_id"
github_app_b64enc_private_key: placeholder_github_tenant_app_b64enc_private_key
tenant_github_org: placeholder_tenant_github_org_name
# -- The format is: <github-org-name>:<github-team-name> (The team should include the developers)
tenant_github_org_and_team: "placeholder_tenant_github_org_name:developers"
# Used to manage onglueops DNS entries, found at `externaldns_credentials` in the json output of terraform-module-cloud-multy-prerequisites
externalDns:
# -- Part of `externaldns_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_externaldns_aws_access_key
# -- Part of `externaldns_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_externaldns_aws_secret_key
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
# Used to manage SSL certificates. Leverages DNS verification for onglueops domains. Found at `certmanager_credentials` in the json output of terraform-module-cloud-multy-prerequisites
certManager:
# @ignore
name_of_default_certificate: default-ingress-cert
# -- Part of `certmanager_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_certmanager_aws_access_key
# -- Part of `certmanager_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_certmanager_aws_secret_key
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
grafana:
# @ignored
github_admin_org_name: placeholder_admin_github_org_name
# @ignored
github_admin_team_name: grafana_super_admins
github_other_org_names: placeholder_tenant_github_org_name
# -- Default admin password. CHANGE THIS!!!!
admin_password: placeholder_grafana_admin_password
loki:
# -- Format: glueops-tenant-placeholder_tenant_key-placeholder_cluster_environment-loki-primary, Credentials found at `loki_credentials` of json output of terraform-module-cloud-multy-prerequisites
bucket: glueops-tenant-placeholder_tenant_key-placeholder_cluster_environment-loki-primary
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
# -- Part of `loki_s3_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_loki_aws_access_key
# -- Part of `loki_s3_iam_credentials` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_loki_aws_secret_key
prometheus:
# -- Volume of storage requested for each Prometheus PVC, in Gi
volume_claim_storage_request: "50"
vault:
# -- Volume of storage requested for each Vault Data PVC, in Gi
data_storage: 10
nginx:
# -- number of replicas for ingress controller
controller_replica_count: 2
pull_request_bot:
# -- number of seconds to wait before checking ArgoCD for new applications
watch_for_apps_delay_seconds: '10'
dex:
github:
# -- To create a clientID please reference: https://github.com/GlueOps/github-oauth-apps/tree/v0.0.1
client_id: placeholder_dex_github_client_id
# -- To create a clientSecret please reference: https://github.com/GlueOps/github-oauth-apps/tree/v0.0.1
client_secret: placeholder_dex_github_client_secret
# -- Specify the github orgs you want to allow access to. This is a list of strings. Note: users still need to be in the proper groups to have access.
orgs:
- placeholder_admin_github_org_name
- placeholder_tenant_github_org_name
argocd:
# -- Specify a unique password here. This will be used to connect argocd via OIDC to the Dex IDP. You can create one with in bash `openssl rand -base64 32`
client_secret: placeholder_dex_argocd_client_secret
grafana:
# -- Specify a unique password here. This will be used to connect grafana via OAuth to the Dex IDP. You can create one with in bash `openssl rand -base64 32`
client_secret: placeholder_dex_grafana_client_secret
pomerium:
# -- Specify a unique password here. This will be used to connect argocd via OIDC to the Dex IDP. You can create one with in bash `openssl rand -base64 32`
client_secret: placeholder_dex_pomerium_client_secret
# -- Specify a unique password here. This will be used to connect argocd via OIDC to the Dex IDP. You can create one with in bash `openssl rand -base64 32`
vault:
client_secret: placeholder_dex_vault_client_secret
glueops_node_and_tolerations:
nodeSelector:
glueops.dev/role: "glueops-platform"
tolerations:
- key: "glueops.dev/role"
operator: "Equal"
value: "glueops-platform"
effect: "NoSchedule"
daemonset_tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/disk-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/pid-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/network-unavailable
operator: Exists
vault_init_controller:
# -- S3 bucket that will store the vault unseal key(s) and root token
s3_bucket_name: glueops-tenant-placeholder_tenant_key-primary
# -- S3 key/path to the unseal key(s) and root token
s3_key_path: placeholder_vault_init_controller_s3_key
# -- S3 Credentials to access the vault_access.json
aws_accessKey: placeholder_vault_init_controller_aws_access_key
# -- S3 Credentials to access the vault_access.json
aws_secretKey: placeholder_vault_init_controller_aws_access_secret
# -- S3 region to access the vault_access.json
aws_region: placeholder_aws_region
# -- How often the controller should run
reconcile_period: 30
# -- Enable/Disable reconcile
pause_reconcile: false
# -- Enable/Disable restore of an existing backup upon a fresh deployment of vault during cluster bootstrap
enable_restore: true
tls_cert_restore:
# -- Should be the same `primary_region` you used in: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_region: placeholder_aws_region
# -- Part of `loki_log_exporter` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_accessKey: placeholder_tls_cert_restore_aws_access_key
# -- Part of `loki_log_exporter` output from terraform-module-cloud-multy-prerequisites: https://github.com/GlueOps/terraform-module-cloud-multy-prerequisites
aws_secretKey: placeholder_tls_cert_restore_aws_secret_key
backup_prefix: placeholder_tls_cert_backup_s3_key_prefix
exclude_namespaces: placeholder_tls_cert_restore_exclude_namespaces
container_images:
app_backup_and_exports:
vault_backup_validator:
image:
registry: ghcr.io
repository: glueops/vault-backup-validator
tag: v0.3.3@sha256:7c8bbce86645efc1c8b2f1782cd524a682cdaa9062e6ea6480713aca1c7e7885
backup_tools:
image:
registry: ghcr.io
repository: glueops/backup-tools
tag: v0.17.1@sha256:cc06c4a3b0a01e16d6bef97ac8ff4457d411b05577e4a804fabe2b2eb4d9a997
certs_backup_restore:
image:
registry: ghcr.io
repository: glueops/certs-backup-restore
tag: v0.10.0@sha256:dbc6a7209ff2e92a0b9766fa61dc45bd6d4e124afdc236972327044c93858926
app_cluster_info_page:
cluster_information_help_page_html:
image:
registry: ghcr.io
repository: glueops/cluster-information-help-page-html
tag: v0.4.4@sha256:5c9a0cf36c3539a2076c654b3c2e253cc3f131c93395acb293f6ffb4ef053baf
app_dex:
dex:
image:
registry: ghcr.io
repository: dexidp/dex
tag: v2.41.1@sha256:bc7cfce7c17f52864e2bb2a4dc1d2f86a41e3019f6d42e81d92a301fad0c8a1d
app_glueops_alerts:
cluster_monitoring:
image:
registry: ghcr.io
repository: glueops/cluster-monitoring
tag: v0.8.0@sha256:79feeb74fc9e0ba5873d444689d7697926e533167bac7331e7edcb99858fbe49
app_kube_prometheus_stack:
grafana:
image:
registry: docker.io
repository: grafana/grafana
tag: 10.4.13@sha256:c8644d0d41757dd444bd1aabc23740be71f0a34549128454a2b37f57a0c496b0
app_loki_alert_group_controller:
loki_alert_group_controller:
image:
registry: ghcr.io
repository: glueops/metacontroller-operator-loki-rule-group
tag: v0.4.6@sha256:61aa2e48fd5c2277551daca68f287e77530a357d280a8199a5db5724b255401c
app_loki:
loki:
image:
registry: docker.io
repository: grafana/loki
tag: 2.9.10@sha256:35b02acc67654ddc38273e519b4f26f3967a907b9db5489af300c21f37ee1ae7
app_network_exporter:
network_exporter:
image:
registry: docker.io # not actually used
repository: syepes/network_exporter
tag: 1.7.9@sha256:36cd647c80c30e3f5b78f9d2ca60f38e1d024fb3b9588a845cac2dc3f4fb75e1
app_promtail:
promtail:
image:
registry: docker.io
repository: grafana/promtail
tag: 2.9.10@sha256:63a2e57a5b1401109f77d36a49a637889d431280ed38f5f885eedcd3949e52cf
app_pull_request_bot:
pull_request_bot:
image:
registry: ghcr.io
repository: glueops/pull-request-bot
tag: v0.22.0@sha256:a7b28359d7e658d41a45f01e1eba4b6b57fe453263cd94698394b53b88520127
app_qr_code_generator:
qr_code_generator:
image:
registry: ghcr.io
repository: glueops/qr-code-generator
tag: v0.7.0@sha256:bf8ed3bc7d036624e9317f3ffcbcb9a3f4609321e8886432d6b1a1ed94fcd005
app_vault_init_controller:
vault_init_controller:
image:
registry: ghcr.io
repository: glueops/vault-init-controller
tag: v0.8.0@sha256:ece5c50b5c05b1c676e5b68c54aaced0899457f13d9e41b5ea2c41a63011500a
app_vault:
vault:
image:
registry: docker.io # not actually used
repository: hashicorp/vault
tag: 1.14.10@sha256:14be0a8eb323181a56d10facab3b424809d9921e85d2f2678126ce232766a8e1
app_metacontroller:
metacontroller:
image:
registry: ghcr.io
repository: metacontroller/metacontroller
tag: v4.11.21@sha256:4cbf35c1c725b2c83b926d9ade1e282bf789bf4453f23fe2f1b055b781a6798c #this might need to be updated manually because of renovatebot errors
app_fluent_operator:
image:
registry: docker.io
repository: kubesphere/fluent-operator
tag: v2.7.0@sha256:b0668c0d878bde4ab04802a7e92d0dd3bef4c1fed1b5e63cf83d49bb3c5d3947
app_ingress_nginx:
controller:
image:
registry: registry.k8s.io
repository: ingress-nginx/controller
tag: v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7