wip: merge old serit-platfrom into manifests

2025-05-03 16:42:39 +02:00
parent 6a5e5db08f
commit 3ee4369cc1
187 changed files with 48389 additions and 0 deletions
@@ -0,0 +1,160 @@
+cluster_config:
+  env: "prod"
+  distro: "talos"
+  domain: "adm.oceanbox.io"
+  initca: ""
+  apiserver: ""
+  apiserverip: ""
+  etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
+  k8s_nodes: [ "" ]
+  cluster: "oceanbox"
+  ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
+  ingress_replica_count: 3
+  fileserver: "10.255.241.210"
+  acme_email: "acme@oceanbox.io"
+  oidc:
+  - name: serit-oidc
+    provider: azuread
+    tenant: "95e5d757-4fb3-4113-a93c-c41393be61cf"
+    secret_ref:
+      name: serit-oidc
+    group_id: "dd2aa2d6-269d-48fe-90cc-04fd5c08bd29"
+    external_access:
+      enabled: false
+  - name: oceanbox-oidc
+    provider: azuread
+    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+    secret_ref:
+      name: oceanbox-oidc
+    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
+  nodes: []
+  ingress_whitelist_ips:
+    #itp internal
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16
+    - 172.19.255.0/24
+argocd:
+  adminLogin: false
+  version: 7.5.2
+  additional_rbac_settings: 
+    - g, "eb17a659-4ce6-41bc-9153-d9b117c44479", role:org-admin
+  resources:
+    controller:
+      memory: 2000Mi
+  repoServer:
+    cmp:
+      enabled: true
+      name: "kustomize-helm-with-rewrite"
+      image: "registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest"
+      helmTokenSecret: oceanbox-helm
+      imagePullSecret:
+        - name: gitlab-pull-secret
+      initContainers:
+      - command:
+        - /bin/sh
+        - /plugin/init-helm-repos.sh
+        image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
+        imagePullPolicy: Always
+        name: init-helm-repos
+        resources: {}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 999
+          seccompProfile:
+            type: RuntimeDefault
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        env:
+        - name: OCEANBOX_HELM_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: token
+              name: oceanbox-helm
+              optional: false
+        volumeMounts:
+        - mountPath: /helm-working-dir
+          name: helm-working-dir
+linkerd:
+  enabled: false
+prometheus:
+  snitchUrl: "https://nosnch.in/136c1b564f"
+  pagerdutyRoutingKey: a5cff1fc46414d0bc02851e4af159ee7
+  certRenewCronEnabled: false
+  fullname: prom
+  enableFeatures:
+    - otlp-write-reciever
+    #- remote-write-reciever
+  grafana:
+    persistence: true
+  thanos:
+    enabled: true
+  coredns:
+    targetPort: 9153
+  scheduler:
+    targetPort: 10259
+  kubelet:
+    enabled: true
+    https: true
+nfs_provisioner:
+  extraMountOpts:
+    - soft
+gitlab_runner:
+  enabled: false
+kyverno:
+  enabled: true
+cilium:
+  enabled: true
+  kubeProxyReplacement: true
+  upgradeCompatability: 1.15
+  nodePort:
+    enabled: true
+  l2announcement:
+    enabled: true
+  policyAuditMode: false
+  encryption:
+    type: wireguard
+  ingressController:
+    enabled: false
+    defaultClass: false
+    loadbalancerMode: shared
+  loadbalancerPool:
+    enabled: true
+    cidr:
+     - 10.255.241.11/32
+     - 10.255.241.12/32
+     - 10.255.241.13/32
+     - 10.255.241.14/32
+     - 10.255.241.15/32
+velero:
+  enabled: true
+  # Opt-in or opt-out pvc backup
+  # https://velero.io/docs/main/file-system-backup/#to-back-up
+  backupAllVolumes: false
+  credentials:
+    secretName: "velero-s3"
+  s3:
+    region: us-east-1
+    url: "http://10.255.241.30:30080"
+    insecureSkipTLSVerify: true
+  bsl: default
+  bucket: velero
+  kubeletRootDir: "/var/lib/kubelet/pods"
+  resources:
+    velero:
+      request:
+        cpu: 20m
+        memory: 1Gi
+      limit:
+        memory: 2Gi
+    nodeAgent:
+      request:
+        cpu: 20m
+        memory: 1Gi
+      limit:
+        memory: 2Gi