158 lines
3.8 KiB
YAML
158 lines
3.8 KiB
YAML
cluster_config:
|
|
env: "prod"
|
|
distro: "talos"
|
|
domain: "adm.oceanbox.io"
|
|
initca: ""
|
|
apiserver: ""
|
|
apiserverip: ""
|
|
etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
|
|
k8s_nodes: [ "" ]
|
|
cluster: "oceanbox"
|
|
ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
|
|
ingress_replica_count: 3
|
|
fileserver: "10.255.241.210"
|
|
acme_email: "acme@oceanbox.io"
|
|
oidc:
|
|
- name: serit-oidc
|
|
provider: azuread
|
|
tenant: "95e5d757-4fb3-4113-a93c-c41393be61cf"
|
|
secret_ref:
|
|
name: serit-oidc
|
|
group_id: "dd2aa2d6-269d-48fe-90cc-04fd5c08bd29"
|
|
external_access:
|
|
enabled: false
|
|
- name: oceanbox-oidc
|
|
provider: azuread
|
|
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
|
secret_ref:
|
|
name: oceanbox-oidc
|
|
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
|
|
nodes: []
|
|
ingress_whitelist_ips:
|
|
#itp internal
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 172.19.255.0/24
|
|
argocd:
|
|
adminLogin: false
|
|
version: 7.5.2
|
|
additional_rbac_settings:
|
|
- g, "eb17a659-4ce6-41bc-9153-d9b117c44479", role:org-admin
|
|
resources:
|
|
controller:
|
|
memory: 2000Mi
|
|
repoServer:
|
|
cmp:
|
|
enabled: true
|
|
name: "kustomize-helm-with-rewrite"
|
|
image: "registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest"
|
|
helmTokenSecret: oceanbox-helm
|
|
imagePullSecret:
|
|
- name: gitlab-pull-secret
|
|
initContainers:
|
|
- command:
|
|
- /bin/sh
|
|
- /plugin/init-helm-repos.sh
|
|
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
|
|
imagePullPolicy: Always
|
|
name: init-helm-repos
|
|
resources: {}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 999
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
env:
|
|
- name: OCEANBOX_HELM_ACCESS_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: token
|
|
name: oceanbox-helm
|
|
optional: false
|
|
linkerd:
|
|
enabled: false
|
|
prometheus:
|
|
snitchUrl: "https://nosnch.in/136c1b564f"
|
|
pagerdutyRoutingKey: a5cff1fc46414d0bc02851e4af159ee7
|
|
certRenewCronEnabled: false
|
|
fullname: prom
|
|
enableFeatures:
|
|
- otlp-write-reciever
|
|
#- remote-write-reciever
|
|
grafana:
|
|
persistence: true
|
|
thanos:
|
|
enabled: true
|
|
coredns:
|
|
targetPort: 9153
|
|
scheduler:
|
|
targetPort: 10259
|
|
kubelet:
|
|
enabled: true
|
|
https: true
|
|
nfs_provisioner:
|
|
extraMountOpts:
|
|
- soft
|
|
gitlab_runner:
|
|
enabled: false
|
|
kyverno:
|
|
enabled: true
|
|
cilium:
|
|
enabled: true
|
|
kubeProxyReplacement: true
|
|
upgradeCompatability: 1.15
|
|
nodePort:
|
|
enabled: true
|
|
l2announcement:
|
|
enabled: true
|
|
policyAuditMode: false
|
|
encryption:
|
|
type: wireguard
|
|
ingressController:
|
|
enabled: false
|
|
defaultClass: false
|
|
loadbalancerMode: shared
|
|
loadbalancerPool:
|
|
enabled: true
|
|
cidr:
|
|
- 10.255.241.11/32
|
|
- 10.255.241.12/32
|
|
- 10.255.241.13/32
|
|
- 10.255.241.14/32
|
|
- 10.255.241.15/32
|
|
velero:
|
|
enabled: true
|
|
# Opt-in or opt-out pvc backup
|
|
# https://velero.io/docs/main/file-system-backup/#to-back-up
|
|
backupAllVolumes: false
|
|
credentials:
|
|
secretName: "velero-s3"
|
|
s3:
|
|
region: us-east-1
|
|
url: "http://10.255.241.30:30080"
|
|
insecureSkipTLSVerify: true
|
|
bsl: default
|
|
bucket: velero
|
|
kubeletRootDir: "/var/lib/kubelet/pods"
|
|
resources:
|
|
velero:
|
|
request:
|
|
cpu: 20m
|
|
memory: 1Gi
|
|
limit:
|
|
memory: 2Gi
|
|
nodeAgent:
|
|
request:
|
|
cpu: 20m
|
|
memory: 1Gi
|
|
limit:
|
|
memory: 2Gi
|