platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
feb662cb6fb5cfdc4e8a28655a6d0b712db38825
manifests/values/sys/values-oceanbox.yaml
T

158 lines
3.8 KiB
YAML
Raw Blame History

cluster_config:
env: "prod"
distro: "talos"
domain: "adm.oceanbox.io"
initca: ""
apiserver: ""
apiserverip: ""
etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
k8s_nodes: [ "" ]
cluster: "oceanbox"
ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
ingress_replica_count: 3
fileserver: "10.255.241.210"
acme_email: "acme@oceanbox.io"
oidc:
- name: serit-oidc
provider: azuread
tenant: "95e5d757-4fb3-4113-a93c-c41393be61cf"
secret_ref:
name: serit-oidc
group_id: "dd2aa2d6-269d-48fe-90cc-04fd5c08bd29"
external_access:
enabled: false
- name: oceanbox-oidc
provider: azuread
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
secret_ref:
name: oceanbox-oidc
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
nodes: []
ingress_whitelist_ips:
#itp internal
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 172.19.255.0/24
argocd:
adminLogin: false
version: 7.5.2
additional_rbac_settings:
- g, "eb17a659-4ce6-41bc-9153-d9b117c44479", role:org-admin
resources:
controller:
memory: 2000Mi
repoServer:
cmp:
enabled: true
name: "kustomize-helm-with-rewrite"
image: "registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest"
helmTokenSecret: oceanbox-helm
imagePullSecret:
- name: gitlab-pull-secret
initContainers:
- command:
- /bin/sh
- /plugin/init-helm-repos.sh
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: init-helm-repos
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: OCEANBOX_HELM_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: token
name: oceanbox-helm
optional: false
linkerd:
enabled: false
prometheus:
snitchUrl: "https://nosnch.in/136c1b564f"
pagerdutyRoutingKey: a5cff1fc46414d0bc02851e4af159ee7
certRenewCronEnabled: false
fullname: prom
enableFeatures:
- otlp-write-reciever
#- remote-write-reciever
grafana:
persistence: true
thanos:
enabled: true
coredns:
targetPort: 9153
scheduler:
targetPort: 10259
kubelet:
enabled: true
https: true
nfs_provisioner:
extraMountOpts:
- soft
gitlab_runner:
enabled: false
kyverno:
enabled: true
cilium:
enabled: true
kubeProxyReplacement: true
upgradeCompatability: 1.15
nodePort:
enabled: true
l2announcement:
enabled: true
policyAuditMode: false
encryption:
type: wireguard
ingressController:
enabled: false
defaultClass: false
loadbalancerMode: shared
loadbalancerPool:
enabled: true
cidr:
- 10.255.241.11/32
- 10.255.241.12/32
- 10.255.241.13/32
- 10.255.241.14/32
- 10.255.241.15/32
velero:
enabled: true
# Opt-in or opt-out pvc backup
# https://velero.io/docs/main/file-system-backup/#to-back-up
backupAllVolumes: false
credentials:
secretName: "velero-s3"
s3:
region: us-east-1
url: "http://10.255.241.30:30080"
insecureSkipTLSVerify: true
bsl: default
bucket: velero
kubeletRootDir: "/var/lib/kubelet/pods"
resources:
velero:
request:
cpu: 20m
memory: 1Gi
limit:
memory: 2Gi
nodeAgent:
request:
cpu: 20m
memory: 1Gi
limit:
memory: 2Gi
Reference in New Issue View Git Blame Copy Permalink