cluster_config:
  env: "prod"
  distro: "talos"
  domain: "adm.oceanbox.io"
  initca: ""
  apiserver: ""
  apiserverip: ""
  etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
  k8s_nodes: [ "" ]
  cluster: "oceanbox"
  ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
  ingress_replica_count: 3
  fileserver: "10.255.241.210"
  acme_email: "acme@oceanbox.io"
  oidc:
  - name: serit-oidc
    provider: azuread
    tenant: "95e5d757-4fb3-4113-a93c-c41393be61cf"
    secret_ref:
      name: serit-oidc
    group_id: "dd2aa2d6-269d-48fe-90cc-04fd5c08bd29"
    external_access:
      enabled: false
  - name: oceanbox-oidc
    provider: azuread
    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
    secret_ref:
      name: oceanbox-oidc
    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
  nodes: []
  ingress_whitelist_ips:
    #itp internal
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
    - 172.19.255.0/24
argocd:
  adminLogin: false
  version: 7.5.2
  additional_rbac_settings:
    - g, "eb17a659-4ce6-41bc-9153-d9b117c44479", role:org-admin
  resources:
    controller:
      memory: 2000Mi
  repoServer:
    cmp:
      enabled: true
      name: "kustomize-helm-with-rewrite"
      image: "registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest"
      helmTokenSecret: oceanbox-helm
      imagePullSecret:
        - name: gitlab-pull-secret
      initContainers:
      - command:
        - /bin/sh
        - /plugin/init-helm-repos.sh
        image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
        imagePullPolicy: Always
        name: init-helm-repos
        resources: {}
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 999
          seccompProfile:
            type: RuntimeDefault
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        env:
        - name: OCEANBOX_HELM_ACCESS_TOKEN
          valueFrom:
            secretKeyRef:
              key: token
              name: oceanbox-helm
              optional: false
linkerd:
  enabled: false
prometheus:
  snitchUrl: "https://nosnch.in/136c1b564f"
  pagerdutyRoutingKey: a5cff1fc46414d0bc02851e4af159ee7
  certRenewCronEnabled: false
  fullname: prom
  enableFeatures:
    - otlp-write-reciever
    #- remote-write-reciever
  grafana:
    persistence: true
  thanos:
    enabled: true
  coredns:
    targetPort: 9153
  scheduler:
    targetPort: 10259
  kubelet:
    enabled: true
    https: true
nfs_provisioner:
  extraMountOpts:
    - soft
gitlab_runner:
  enabled: false
kyverno:
  enabled: true
cilium:
  enabled: true
  kubeProxyReplacement: true
  upgradeCompatability: 1.15
  nodePort:
    enabled: true
  l2announcement:
    enabled: true
  policyAuditMode: false
  encryption:
    type: wireguard
  ingressController:
    enabled: false
    defaultClass: false
    loadbalancerMode: shared
  loadbalancerPool:
    enabled: true
    cidr:
     - 10.255.241.11/32
     - 10.255.241.12/32
     - 10.255.241.13/32
     - 10.255.241.14/32
     - 10.255.241.15/32
velero:
  enabled: true
  # Opt-in or opt-out pvc backup
  # https://velero.io/docs/main/file-system-backup/#to-back-up
  backupAllVolumes: false
  credentials:
    secretName: "velero-s3"
  s3:
    region: us-east-1
    url: "http://10.255.241.30:30080"
    insecureSkipTLSVerify: true
  bsl: default
  bucket: velero
  kubeletRootDir: "/var/lib/kubelet/pods"
  resources:
    velero:
      request:
        cpu: 20m
        memory: 1Gi
      limit:
        memory: 2Gi
    nodeAgent:
      request:
        cpu: 20m
        memory: 1Gi
      limit:
        memory: 2Gi