405 lines
7.5 KiB
YAML
405 lines
7.5 KiB
YAML
cluster_config:
|
|
manifests: https://gitlab.com/oceanbox/manifests.git
|
|
policies: policies/sys
|
|
resources: resources/sys
|
|
distro: "" #[nixos, talos]
|
|
env: "" #[dev, test, staging, prod]
|
|
initca: ""
|
|
domain: "itpartner.no"
|
|
apiserver: ""
|
|
apiserverip: ""
|
|
etcd_nodes: []
|
|
k8s_nodes: []
|
|
cluster: ""
|
|
ingress_nodes: []
|
|
ingress_replica_count: 3
|
|
fileserver: ""
|
|
acme_email: ""
|
|
nodenames: []
|
|
nodes: []
|
|
ingress_clusterissuer: "letsencrypt-production"
|
|
ingress_whitelist_ips:
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 172.19.255.0/24
|
|
external_kubectl_access:
|
|
enabled: false
|
|
admin_group: ""
|
|
external_access:
|
|
enabled: false
|
|
admin_group: ""
|
|
groups: []
|
|
#- group_id:
|
|
# - "<group-id>"
|
|
# name: <argocd project name>
|
|
# namespaces:
|
|
# - <namespaces access>
|
|
oidc: []
|
|
#- name: azure-oidc
|
|
# provider: azuread
|
|
# tenant: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0"
|
|
# secret_ref:
|
|
# name: azure-oidc
|
|
# group_id: "<group_id>"
|
|
#- name: github-oidc
|
|
# provider: github
|
|
# secret_ref:
|
|
# name: github-oidc
|
|
# allowed_organizations: <org>
|
|
# allowed_teams: <team-id>
|
|
|
|
|
|
argocd:
|
|
autosync: true
|
|
version: 7.5.2
|
|
ingress:
|
|
enabled: true
|
|
adminLogin: false
|
|
anyNamespaces:
|
|
enabled: false
|
|
kustomizeHelmSupport: false
|
|
applicationset_webhook:
|
|
enabled: false
|
|
additional_rbac_settings: []
|
|
resources:
|
|
controller:
|
|
memory: ""
|
|
repoServer:
|
|
cmp:
|
|
enabled: false
|
|
name: ""
|
|
image: ""
|
|
imagePullSecret: []
|
|
helmTokenSecret: ""
|
|
argocd_apps:
|
|
enable: true
|
|
autosync: true
|
|
version: 0.0.1
|
|
argo_workflows:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.45.0
|
|
metrics:
|
|
enabled: false
|
|
allowed_namespaces: []
|
|
argo_rollouts:
|
|
enabled: false
|
|
autosync: true
|
|
version: 2.35.2
|
|
metrics:
|
|
enabled: false
|
|
dashboard_enabled: false
|
|
|
|
cilium:
|
|
enabled: false
|
|
autosync: true
|
|
version: 1.16.2
|
|
spire:
|
|
enabled: false
|
|
policyAuditMode: false
|
|
encryption:
|
|
enabled: true
|
|
type: ipsec
|
|
endpointStatus:
|
|
enabled: true
|
|
kubeProxyReplacement: false
|
|
k8sServiceHost: localhost
|
|
k8sServicePort: 7445
|
|
nodePort:
|
|
enabled: false
|
|
# NOTE: requires that ingressconroller is also enabled (bug)
|
|
gatewayAPI:
|
|
enabled: false
|
|
ingressController:
|
|
enabled: false
|
|
defaultClass: false
|
|
loadbalancerMode: shared
|
|
l2announcement:
|
|
enabled: false
|
|
k8sClientRateLimit:
|
|
qps: 10
|
|
burst: 3
|
|
loadbalancerPool:
|
|
enabled: false
|
|
cidr: []
|
|
envoy:
|
|
enabled: false
|
|
hubble:
|
|
ui: true
|
|
upgradeCompatability: ""
|
|
linkerd:
|
|
enabled: true
|
|
autosync: true
|
|
version: 1.9.3
|
|
trustAnchorPEM: |
|
|
-----BEGIN CERTIFICATE-----
|
|
-----END CERTIFICATE-----
|
|
webhookPEM: |
|
|
-----BEGIN CERTIFICATE-----
|
|
-----END CERTIFICATE-----
|
|
identyIssuerPEM: ""
|
|
secretScheme: kubernetes.io/tls
|
|
crds:
|
|
version: 1.4.0
|
|
multicluster:
|
|
version: 30.2.0
|
|
enabled: false
|
|
viz:
|
|
enabled: false
|
|
jaeger:
|
|
enabled: false
|
|
thanos:
|
|
enabled: false
|
|
autosync: true
|
|
version: 8.3.0
|
|
pagerdutyRoutingKey: ""
|
|
prometheus:
|
|
enabled: true
|
|
autosync: true
|
|
version: 62.7.0
|
|
# Helm chart version, and app version is different. CRD version MUST be equals to chart's APP version
|
|
crd_version: 14.0.0
|
|
certRenewCronEnabled: true
|
|
snitchUrl: ""
|
|
oncallUrl: ""
|
|
pagerdutyRoutingKey: ""
|
|
fullname: ""
|
|
# https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L47
|
|
defaultRules: {}
|
|
additionalScrapeConfigs: []
|
|
additionalDataSources: []
|
|
enableFeatures: []
|
|
storage:
|
|
size: 50Gi
|
|
grafana:
|
|
defaultDashboardsEnabled: true
|
|
persistence: false
|
|
disable_login_form: true
|
|
plugins: []
|
|
coredns:
|
|
targetPort: ""
|
|
etcd:
|
|
targetPort: ""
|
|
scheduler:
|
|
targetPort: ""
|
|
kubelet:
|
|
enabled: false
|
|
https: false
|
|
thanos:
|
|
enabled: false
|
|
datasource:
|
|
enabled: false
|
|
nfs_provisioner:
|
|
enabled: true
|
|
autosync: true
|
|
version: 4.0.13
|
|
archiveOnDelete: true
|
|
defaultClass: true
|
|
extraMountOpts: []
|
|
cert_manager:
|
|
autosync: true
|
|
version: 1.12.13
|
|
kubernetes_dashboard:
|
|
enabled: false
|
|
autosync: true
|
|
version: v2.3.1
|
|
metrics_server:
|
|
autosync: true
|
|
version: 3.8.2
|
|
ignoreTLS: false
|
|
nginx:
|
|
enabled: true
|
|
autosync: true
|
|
version: 4.8.3
|
|
pdb:
|
|
minAvailable: 1
|
|
resources:
|
|
controller:
|
|
cpu: "100m"
|
|
memory: "100Mi"
|
|
kyverno:
|
|
enabled: false
|
|
autosync: true
|
|
metrics: false
|
|
version: 3.2.5
|
|
resources:
|
|
cleanupController:
|
|
memory: "64Mi"
|
|
reportsController:
|
|
memory: "64Mi"
|
|
backgroundController:
|
|
memory: "64Mi"
|
|
velero:
|
|
enabled: true
|
|
autosync: true
|
|
version: 6.0.0
|
|
kubeletRootDir: "/var/lib/kubernetes/pods"
|
|
bucket: velero-backup
|
|
bsl: default
|
|
# Opt-in or opt-out pvc backup
|
|
# https://velero.io/docs/main/file-system-backup/#to-back-up
|
|
backupAllVolumes: true
|
|
credentials:
|
|
secretName: "s3-credentials"
|
|
s3:
|
|
region: us-east-1
|
|
url: "https://nutanix-obj-s3.kube-system"
|
|
insecureSkipTLSVerify: true
|
|
resources:
|
|
velero:
|
|
request:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limit:
|
|
memory: 2Gi
|
|
nodeAgent:
|
|
request:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
limit:
|
|
memory: 2Gi
|
|
x509_exporter:
|
|
enabled: true
|
|
autosync: true
|
|
alerts: true
|
|
version: 3.6.0
|
|
downscaler:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.2.12
|
|
extraConfig: |
|
|
DEFAULT_UPTIME: "Mon-Fri 07:00-20:00 Europe/Berlin"
|
|
excludedNamespaces:
|
|
- py-kube-downscaler
|
|
- kube-downscaler
|
|
- kube-system
|
|
|
|
actions_runner_controller:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.23.7
|
|
gitlab_runner:
|
|
enabled: true
|
|
autosync: true
|
|
version: 0.39.0
|
|
createCertSecret: true
|
|
tag: "obx"
|
|
s3:
|
|
server: ""
|
|
access_key: ""
|
|
secret_key: ""
|
|
postgres_operator:
|
|
enabled: true
|
|
autosync: true
|
|
version: 0.18.2
|
|
rabbitmq_operator:
|
|
enabled: false
|
|
autosync: true
|
|
version: 4.3.27
|
|
jaeger_operator:
|
|
enabled: false
|
|
autosync: true
|
|
version: 1.38.0
|
|
loki:
|
|
enabled: false
|
|
autosync: true
|
|
version: 6.12.0
|
|
compactor: false
|
|
s3:
|
|
endpoint: ""
|
|
region: ""
|
|
insecure_skip_verify: false
|
|
secret:
|
|
name: ""
|
|
access_key: ""
|
|
access_secret: ""
|
|
buckets:
|
|
chunks: ""
|
|
ruler: ""
|
|
admin: ""
|
|
tempo:
|
|
enabled: false
|
|
autosync: true
|
|
version: 1.14.0
|
|
s3:
|
|
endpoint: ""
|
|
region: ""
|
|
insecure_skip_verify: false
|
|
secret:
|
|
name: ""
|
|
access_key: ""
|
|
access_secret: ""
|
|
bucketName: ""
|
|
otel:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.107.0
|
|
promtail:
|
|
enabled: false
|
|
autosync: true
|
|
version: 6.6.1
|
|
mariadb_operator:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.30.0
|
|
chartmuseum:
|
|
enabled: false
|
|
autosync: true
|
|
version: 3.10.2
|
|
storage:
|
|
size: 8Gi
|
|
ingress:
|
|
enabled: true
|
|
clickhouse_operator:
|
|
enabled: false
|
|
autosync: true
|
|
version: 0.24.4
|
|
oncall:
|
|
enabled: false
|
|
externalGrafana:
|
|
url: ""
|
|
dapr:
|
|
enable: true
|
|
|
|
busynix.enable: false
|
|
headscale.enable: false
|
|
plausible.enable: false
|
|
dex.enable: false
|
|
keycloak.enable: false
|
|
rabbitmq.enable: false
|
|
redis.enable: false
|
|
wordpress.enable: false
|
|
yolo-dl.enable: false
|
|
yolo-registry.enable: false
|
|
osm-tile-server.enable: false
|
|
geoserver.enable: false
|
|
|
|
install:
|
|
argo:
|
|
autosync: true
|
|
argocd:
|
|
enabled: true
|
|
apps:
|
|
enabled: true
|
|
rollouts:
|
|
enabled: false
|
|
workflows:
|
|
enabled: false
|
|
atlantis:
|
|
enabled: false
|
|
envs:
|
|
- prod
|
|
- staging
|
|
sorcerer:
|
|
enabled: false
|
|
envs:
|
|
- prod
|
|
- staging
|
|
openfga:
|
|
enabled: false
|
|
envs:
|
|
- prod
|
|
- staging
|
|
|