platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: initial commit

Browse Source
This commit is contained in:
Jonas Juselius
2024-01-30 16:03:23 +01:00
commit 0aeca24aa4
26 changed files with 1950 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argo/kustomize-helm-with-rewrite/.gitignore
+2
View File
@@ -0,0 +1,2 @@
argo-repo-server.yaml
values.yaml
argo/kustomize-helm-with-rewrite/Dockerfile
+10
View File
@@ -0,0 +1,10 @@
FROM alpine/k8s:1.28.3
RUN mkdir -p /home/argocd/cmp-server/config/
COPY plugin.yaml /home/argocd/cmp-server/config/
WORKDIR /plugin
COPY init.sh get-values.sh generate.sh ./
argo/kustomize-helm-with-rewrite/deploy.sh
+7
View File
@@ -0,0 +1,7 @@
#!/bin/sh
img=registry.gitlab.com/oceanbox/gitops-manifests/kustomize-helm-with-rewrite
tag=${1:-latest}
docker build -t $img:$tag .
docker push $img:$tag
argo/kustomize-helm-with-rewrite/generate.sh
+25
View File
@@ -0,0 +1,25 @@
#!/bin/sh
export HOME=/tmp
echo $ARGOCD_APP_PARAMETERS | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml
if [ -f chart -a $PARAM_CHART = "." ]; then
CHART=$(cat chart)
else
CHART=$PARAM_CHART
fi
helm template $PARAM_FLAGS \
-f values.yaml \
-f parameters.yaml \
-f $PARAM_ENV/values.yaml \
$ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
sed -i "$PARAM_REWRITE" ./base/_manifest.yaml
cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest-rw.yaml
kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
cat /tmp/$ARGOCD_APP_NAME-manifest.yaml
argo/kustomize-helm-with-rewrite/get-values.sh
+19
View File
@@ -0,0 +1,19 @@
#!/bin/sh
# cat << EOF
# [{
# "name": "values",
# "title": "Values",
# "collectionType": "map",
# "map": { "replicaCount": "1" }
# }]
# EOF
yq e -o=p values.yaml | jq --slurp --raw-input '
[{
name: "helm-parameters",
title: "Helm Parameters",
collectionType: "map",
map: split("\n") | map(capture("(?<key>.*) = (?<value>.*)")) | from_entries
}]'
argo/kustomize-helm-with-rewrite/init.sh
+11
View File
@@ -0,0 +1,11 @@
#!/bin/sh
export HOME=/tmp
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add cerbos https://download.cerbos.dev/helm-charts
helm repo add dapr https://dapr.github.io/helm-charts/
helm repo add ncsa https://opensource.ncsa.illinois.edu/charts
helm repo update
argo/kustomize-helm-with-rewrite/plugin.yaml
+94
View File
@@ -0,0 +1,94 @@
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: kustomize-helm-with-rewrite
spec:
# version: v1.2
# The init command runs in the Application source directory at the beginning of each manifest generation. The init
# command can output anything. A non-zero status code will fail manifest generation.
init:
# Init always happens immediately before generate, but its output is not treated as manifests.
# This is a good place to, for example, download chart dependencies.
command: [ /bin/sh ]
args:
- /plugin/init.sh
# The generate command runs in the Application source directory each time manifests are generated. Standard output
# must be ONLY valid Kubernetes Objects in either YAML or JSON. A non-zero exit code will fail manifest generation.
# To write log messages from the command, write them to stderr, it will always be displayed.
# Error output will be sent to the UI, so avoid printing sensitive information (such as secrets).
generate:
command: [ /bin/sh ]
args:
- /plugin/generate.sh
# The discovery config is applied to a repository. If every configured discovery tool matches, then the plugin may be
# used to generate manifests for Applications using the repository. If the discovery config is omitted then the plugin
# will not match any application but can still be invoked explicitly by specifying the plugin name in the app spec.
# Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the
# first (in that order) is evaluated.
# discover:
# fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source
# directory. If there is a match, this plugin may be used for the Application.
# fileName: "./subdir/s*.yaml"
# find:
# This does the same thing as fileName, but it supports double-start (nested directory) glob patterns.
# glob: "**/Chart.yaml"
# The find command runs in the repository's root directory. To match, it must exit with status code 0 _and_
# produce non-empty output to standard out.
# command: [sh, -c, find . -name env.yaml]
# The parameters config describes what parameters the UI should display for an Application. It is up to the user to
# actually set parameters in the Application manifest (in spec.source.plugin.parameters). The announcements _only_
# inform the "Parameters" tab in the App Details page of the UI.
parameters:
# Static parameter announcements are sent to the UI for _all_ Applications handled by this plugin.
# Think of the `string`, `array`, and `map` values set here as "defaults". It is up to the plugin author to make
# sure that these default values actually reflect the plugin's behavior if the user doesn't explicitly set different
# values for those parameters.
static:
- name: env
title: Environment
tooltip: Kustomization env (directory in manifest folder)
required: true
itemType: string
collectionType: string
string: "staging"
- name: rewrite
title: Rewrite
tooltip: sed rewrite experssion
required: false
itemType: string
collectionType: string
string: ""
- name: chart
title: Chart
tooltip: Name or path of helm chart
required: false
itemType: string
collectionType: string
string: "."
- name: flags
title: Helm flags
tooltip: Extra helm flags
required: false
itemType: string
collectionType: string
string: ""
# All the fields above besides "string" apply to both the array and map type parameter announcements.
# - name: array-param
# # This field communicates the parameter's default value to the UI. Setting this field is optional.
# array: [default, items]
# collectionType: array
# - name: map-param
# # This field communicates the parameter's default value to the UI. Setting this field is optional.
# map:
# some: value
# collectionType: map
dynamic:
# The command is run in an Application's source directory. Standard output must be JSON matching the schema of the
# static parameter announcements list.
command: [ /bin/sh, /plugin/get-values.sh ]
# If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository
# might have executable files. Set to true only if you trust the CMP plugin authors.
preserveFileMode: false
busynix/applicationset.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: busynix
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: busynix.srv.oceanbox.io
- cluster: https://kubernetes.default.svc
env: staging
hostname: busynix.yolo.oceanbox.io
template:
metadata:
name: '{{ env }}-busynix'
spec:
destination:
namespace: oceanbox
server: '{{ cluster }}'
project: atlantis
source:
path: busynix
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: '{{ hostname }}'
repoURL: https://gitlab.com/oceanbox/charts.git
targetRevision: HEAD
cerbos/application.yaml
+63
View File
@@ -0,0 +1,63 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cerbos
namespace: argocd
spec:
project: atlantis
source:
repoURL: https://download.cerbos.dev/helm-charts
targetRevision: 0.33.0
chart: cerbos
helm:
values: |
replicaCount: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Spec of the cert-manager certificate to create for the Cerbos deployment.
# If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec.
# The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it.
# If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate.
certManager:
certSpec: {}
# Cerbos service settings.
service:
type: ClusterIP
httpPort: 3592
grpcPort: 3593
httpNodePort: 13592
grpcNodePort: 13593
annotations: {}
envFrom:
- secretRef:
name: cerbos-gitlab-token
cerbos:
httpPort: 3592
grpcPort: 3593
tlsSecretName: ""
logLevel: INFO
config:
storage:
driver: "git"
git:
protocol: https
url: https://gitlab.com/oceanbox/cerbos
branch: main
subDir: policies
checkoutDir: /work
updatePollInterval: 60s
https:
username: cerbos
password: ${GITLAB_TOKEN}
destination:
server: https://kubernetes.default.svc
namespace: atlantis
cerbos/cerbos-gitlab-token.yaml
+8
View File
@@ -0,0 +1,8 @@
apiVersion: v1
data:
GITLAB_TOKEN: Z2xwYXQtOTZvWmVwdnNiSnYyMzVXUWVqTnM=
kind: Secret
metadata:
name: cerbos-gitlab-token
namespace: atlantis
type: Opaque
dex/application.yaml
+71
View File
@@ -0,0 +1,71 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex
namespace: argocd
spec:
project: atlantis
source:
repoURL: https://charts.dexidp.io
targetRevision: 0.16.0
chart: dex
helm:
values: |
replicaCount: 1
https:
enabled: false
grpc:
enabled: false
configSecret:
create: true
name: ""
config: {}
volumes:
- name: web
persistentVolumeClaim:
claimName: oceanbox-dex
volumeMounts:
- name: web
mountPath: /srv/dex/web
envVars: []
service:
annotations: {}
type: ClusterIP
clusterIP: ""
ports:
http:
port: 5556
nodePort:
https:
port: 5554
nodePort:
grpc:
port: 5557
nodePort:
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: idp.beta.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: dex-tls
hosts:
- idp.beta.oceanbox.io
serviceMonitor:
enabled: true
destination:
server: https://kubernetes.default.svc
namespace: atlantis
dex/dex-config.yaml
+145
View File
@@ -0,0 +1,145 @@
apiVersion: v1
kind: Secret
metadata:
name: dex
namespace: atlantis
type: Opaque
stringData:
config.yaml: |
issuer: https://idp.oceanbox.io/dex
storage:
type: postgres
config:
host: oboxdb-rw
port: 5432
database: dex_db
user: dex
password: crafter keenness gilled sprinkled
ssl:
mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://keycloak.dev.oceanbox.io/realms/Oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.svc.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.svc.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.dev.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
dex/dex-volumes.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-oceanbox-dex
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 50M
mountOptions:
- vers=4.2
- soft
nfs:
path: /oceanbox/pv-oceanbox-dex
server: 10.255.241.210
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: oceanbox-dex
namespace: atlantis
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50M
storageClassName: ""
volumeMode: Filesystem
volumeName: pv-oceanbox-dex
dex/templates
Submodule
+1
Submodule dex/templates added at 1fd8cd005f
geoserver/application.yaml
+26
View File
@@ -0,0 +1,26 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: geoserver
namespace: argocd
spec:
project: gis
source:
repoURL: https://gitlab.com/oceanbox/charts.git
targetRevision: HEAD
path: geoserver
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: prod
- name: hostname
string: geoserver.srv.oceanbox.io
- name: flags
string: "--skip-tests"
- name: chart
string: ncsa/geoserver
destination:
server: https://kubernetes.default.svc
namespace: geoserver
geoserver/data/Biomasse.gpkg
BIN
View File
Binary file not shown.
geoserver/data/Flate.gpkg
BIN
View File
Binary file not shown.
geoserver/data/ILA.gpkg
BIN
View File
Binary file not shown.
geoserver/data/Lokaliteter.gpkg
BIN
View File
Binary file not shown.
geoserver/data/PD.gpkg
BIN
View File
Binary file not shown.
k1/oceanbox-wp.yaml
+1125
View File
File diff suppressed because it is too large Load Diff
k1/redis-nodeport.yaml
+18
View File
@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: redis-nodeport
namespace: oceanbox
spec:
externalTrafficPolicy: Cluster
ports:
- name: redis
nodePort: 30379
port: 6379
protocol: TCP
targetPort: 6379
selector:
app.kubernetes.io/instance: redis
app.kubernetes.io/name: redis
sessionAffinity: None
type: NodePort
keycloak/application.yaml
+59
View File
@@ -0,0 +1,59 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keycloak
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
source:
repoURL: https://charts.bitnami.com/bitnami
targetRevision: 18.3.3
chart: keycloak
helm:
values: |
auth:
adminPassword: en to tre fire
adminUser: admin
existingSecret: ""
managementPassword: ""
managementUser: manager
extraVolumeMounts:
- mountPath: /opt/bitnami/keycloak/themes/oceanbox
name: theme
extraVolumes:
- emptyDir: {}
name: theme
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/ssl-redirect: "true"
enabled: true
extraHosts: []
extraPaths: []
hostname: auth.oceanbox.io
ingressClassName: nginx
path: /
pathType: ImplementationSpecific
selfSigned: false
servicePort: http
tls: true
initContainers: |
- name: keycloak-theme-provider
image: docker.io/juselius/oceanbox-theme:1.0
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /theme/* /keycloak/themes/oceanbox
volumeMounts:
- name: theme
mountPath: /keycloak/themes/oceanbox
rabbitmq/application.yaml
+46
View File
@@ -0,0 +1,46 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: rabbitmq
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
source:
repoURL: https://charts.bitnami.com/bitnami
targetRevision: 12.9.0
chart: redis
helm:
values: |
auth:
erlangCookie: ""
existingErlangSecret: ""
existingPasswordSecret: ""
password: hunny-bunny
username: user
clusterDomain: cluster.local
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
enabled: true
extraHosts: []
extraPaths: []
extraRules: []
hostname: rabbitmq.svc.oceanbox.io
ingressClassName: ""
path: /
pathType: ImplementationSpecific
secrets: []
selfSigned: false
tls: true
persistence:
accessModes:
- ReadWriteOnce
enabled: true
existingClaim: ""
size: 8Gi
storageClass: ""
redis/application.yaml
+17
View File
@@ -0,0 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: redis
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
source:
repoURL: https://charts.bitnami.com/bitnami
targetRevision: 18.9.1
chart: redis
helm:
values: |
seq/application.yaml
+137
View File
@@ -0,0 +1,137 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: seq
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
source:
repoURL: https://helm.datalust.co
targetRevision: 2024.1.0
chart: seq
helm:
values: |
acceptEULA: "Y"
# Set this URL if you enable ingress and/or AAD authentication.
# Without this URL set to include HTTPS, Seq will try to set a login redirect
# URL with HTTP instead of HTTPS and AAD's registration requires HTTPS.
# The result is that you'll get an error during login:
# AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application
# baseURI: https://my.public.url/
# Set this to create an admin user with given password hash at first run.
# See here for docs on how to create the password hash: https://blog.datalust.co/setting-an-initial-password-when-deploying-seq-to-docker/
# firstRunAdminUsername: "admin"
# firstRunAdminPasswordHash: ""
# firstRunRequireAuthenticationForHttpIngestion: true
# The complete Seq API and UI.
# This API can accept events and serve API requests.
ui:
service:
port: 80
ingress:
enabled: true
path: /
hosts:
- seq.beta.oceanbox.io
# The ingestion-only API.
# This API is a subset of ui that can only ingest events.
ingestion:
service:
port: 5341
ingress:
enabled: false
path: /
hosts:
- ingestion.seq.beta.oceanbox.io
# Accept events in the GELF format and forward them to Seq.
gelf:
enabled: false
image:
repository: datalust/seq-input-gelf
pullPolicy: IfNotPresent
service:
port: 12201
# GELF can be ingested through either TCP or UDP
protocol: TCP
# Accept events in the Syslog format and forward them to Seq.
syslog:
enabled: false
image:
repository: datalust/seq-input-syslog
pullPolicy: IfNotPresent
service:
port: 514
# Only UDP is currently supported for ingesting Syslog
protocol: UDP
service:
type: ClusterIP
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
kubernetes.io/ingress.class: nginx
tls:
- secretName: seq-tls
hosts:
- seq.beta.oceanbox.io
labels: {}
resources:
limits:
memory: 2Gi
cache:
# The fraction of RAM that the cache should try fit within. Specifying a larger
# value may allow more events in RAM at the expense of potential instability.
# Setting it to `0` will disable the cache completely.
# 60% (`0.6`) is a good starting point for machines with up to ~8GB of RAM.
targetSize: 0.6
persistence:
enabled: true
path: /data
subPath: ""
accessMode: ReadWriteOnce
size: 8Gi
serviceAccount:
create: false
name:
## Enable RBAC
rbac:
create: false
rules: []
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 10