cluster_config: manifests: https://gitlab.com/oceanbox/manifests.git policies: policies/sys resources: resources/sys distro: "" #[nixos, talos] env: "" #[dev, test, staging, prod] initca: "" domain: "itpartner.no" apiserver: "" apiserverip: "" etcd_nodes: [] k8s_nodes: [] cluster: "" ingress_nodes: [] ingress_replica_count: 3 fileserver: "" acme_email: "" nodenames: [] nodes: [] ingress_clusterissuer: "letsencrypt-production" ingress_whitelist_ips: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 172.19.255.0/24 external_kubectl_access: enabled: false admin_group: "" external_access: enabled: false admin_group: "" groups: [] #- group_id: # - "" # name: # namespaces: # - oidc: [] #- name: azure-oidc # provider: azuread # tenant: "https://login.microsoftonline.com//oauth2/v2.0" # secret_ref: # name: azure-oidc # group_id: "" #- name: github-oidc # provider: github # secret_ref: # name: github-oidc # allowed_organizations: # allowed_teams: argocd: autosync: true version: 7.5.2 ingress: enabled: true adminLogin: false anyNamespaces: enabled: false kustomizeHelmSupport: false applicationset_webhook: enabled: false additional_rbac_settings: [] resources: controller: memory: "" repoServer: cmp: enabled: false name: "" image: "" imagePullSecret: [] helmTokenSecret: "" argocd_apps: autosync: true version: 0.0.1 argo_workflows: enabled: false autosync: true version: 0.45.0 metrics: enabled: false allowed_namespaces: [] argo_rollouts: enabled: false autosync: true version: 2.35.2 metrics: enabled: false dashboard_enabled: false cilium: enabled: false autosync: true version: 1.16.2 spire: enabled: false policyAuditMode: false encryption: enabled: true type: ipsec endpointStatus: enabled: true kubeProxyReplacement: false k8sServiceHost: localhost k8sServicePort: 7445 nodePort: enabled: false # NOTE: requires that ingressconroller is also enabled (bug) gatewayAPI: enabled: false ingressController: enabled: false defaultClass: false loadbalancerMode: shared l2announcement: enabled: false k8sClientRateLimit: qps: 10 burst: 3 loadbalancerPool: enabled: false cidr: [] envoy: enabled: false hubble: ui: true upgradeCompatability: "" linkerd: enabled: true autosync: true version: 1.9.3 trustAnchorPEM: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- webhookPEM: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- identyIssuerPEM: "" secretScheme: kubernetes.io/tls crds: version: 1.4.0 multicluster: version: 30.2.0 enabled: false viz: enabled: false jaeger: enabled: false thanos: enabled: false autosync: true version: 8.3.0 pagerdutyRoutingKey: "" prometheus: enabled: true autosync: true version: 62.7.0 # Helm chart version, and app version is different. CRD version MUST be equals to chart's APP version crd_version: 14.0.0 certRenewCronEnabled: true snitchUrl: "" oncallUrl: "" pagerdutyRoutingKey: "" fullname: "" # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L47 defaultRules: {} additionalScrapeConfigs: [] additionalDataSources: [] enableFeatures: [] storage: size: 50Gi grafana: defaultDashboardsEnabled: true persistence: false disable_login_form: true plugins: [] coredns: targetPort: "" etcd: targetPort: "" scheduler: targetPort: "" kubelet: enabled: false https: false thanos: enabled: false datasource: enabled: false nfs_provisioner: enabled: true autosync: true version: 4.0.13 archiveOnDelete: true defaultClass: true extraMountOpts: [] cert_manager: autosync: true version: 1.12.13 kubernetes_dashboard: enabled: false autosync: true version: v2.3.1 metrics_server: autosync: true version: 3.8.2 ignoreTLS: false nginx: enabled: true autosync: true version: 4.8.3 pdb: minAvailable: 1 resources: controller: cpu: "100m" memory: "100Mi" kyverno: enabled: false autosync: true metrics: false version: 3.2.5 resources: cleanupController: memory: "64Mi" reportsController: memory: "64Mi" backgroundController: memory: "64Mi" velero: enabled: true autosync: true version: 6.0.0 kubeletRootDir: "/var/lib/kubernetes/pods" bucket: velero-backup bsl: default # Opt-in or opt-out pvc backup # https://velero.io/docs/main/file-system-backup/#to-back-up backupAllVolumes: true credentials: secretName: "s3-credentials" s3: region: us-east-1 url: "https://nutanix-obj-s3.kube-system" insecureSkipTLSVerify: true resources: velero: request: cpu: 500m memory: 1Gi limit: memory: 2Gi nodeAgent: request: cpu: 500m memory: 1Gi limit: memory: 2Gi x509_exporter: enabled: true autosync: true alerts: true version: 3.6.0 downscaler: enabled: false autosync: true version: 0.2.12 extraConfig: | DEFAULT_UPTIME: "Mon-Fri 07:00-20:00 Europe/Berlin" excludedNamespaces: - py-kube-downscaler - kube-downscaler - kube-system actions_runner_controller: enabled: false autosync: true version: 0.23.7 gitlab_runner: enabled: true autosync: true version: 0.39.0 createCertSecret: true tag: "obx" s3: server: "" access_key: "" secret_key: "" postgres_operator: enabled: true autosync: true version: 0.18.2 rabbitmq_operator: enabled: false autosync: true version: 4.3.27 jaeger_operator: enabled: false autosync: true version: 1.38.0 loki: enabled: false autosync: true version: 6.12.0 compactor: false s3: endpoint: "" region: "" insecure_skip_verify: false secret: name: "" access_key: "" access_secret: "" buckets: chunks: "" ruler: "" admin: "" tempo: enabled: false autosync: true version: 1.14.0 s3: endpoint: "" region: "" insecure_skip_verify: false secret: name: "" access_key: "" access_secret: "" bucketName: "" otel: enabled: false autosync: true version: 0.107.0 promtail: enabled: false autosync: true version: 6.6.1 mariadb_operator: enabled: false autosync: true version: 0.30.0 chartmuseum: enabled: false autosync: true version: 3.10.2 storage: size: 8Gi ingress: enabled: true clickhouse_operator: enabled: false autosync: true version: 0.24.4 oncall: enabled: false externalGrafana: url: "" dapr: enable: true busynix.enable: false headscale.enable: false plausible.enable: false dex.enable: false keycloak.enable: false rabbitmq.enable: false redis.enable: false wordpress.enable: false yolo-dl.enable: false yolo-registry.enable: false osm-tile-server.enable: false geoserver.enable: false atlantis: enabled: false envs: - prod - staging sorcerer: enabled: false envs: - prod - staging openfga: enabled: false envs: - prod - staging