# Global global: externalBlackboxExporter: devnso-blackbox-01.smardigo.digital:9115 ## Set this to create nginx for argocd and other services bootstrap: argo_namespace: argo-cd argo_auto_sync_enabled: true argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg # ArgoCD OIDC with Keycloak argocd: server: config: oidcConfig: name: sso issuer: "https://keycloak-prodwork01.smardigo.digital/auth/realms/infrastructure" clientID: "argocd" clientSecret: $oidc.keycloak.clientSecret requestedScopes: ["openid", "profile", "email", "groups"] rbac: policy.default: "" policy.csv: | g, admin, role:admin g, argocd-admins, role:admin g, mobenedevs, role:mobene-users p, role:mobene-users, project, get, mobene, allow p, role:mobene-users, applications, get, mobene/*, allow p, role:mobene-users, applications, sync, mobene/*, allow p, role:mobene-users, repositories, get, *, allow p, role:mobene-users, logs, get, mobene/*, allow p, role:mobene-users, exec, create, mobene/*, allow # grafana: # grafana_ini: # auth.generic_oauth: # enabled: true # name: Keycloak # allow_sign_up: true # tls_skip_verify_insecure: true # scopes: profile,email,groups # auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/auth # token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/token # api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/userinfo # client_id: grafana # client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd # role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer' # server: # root_url: https://prodwork01-grafana.smardigo.digital stage: &stagename prodwork01 domain: &domainname smardigo.digital letsencrypt: dns_zones: - smardigo.digital - thgquotenservice.de gitea_instance: prodnso-gitea-01 gitea_repo_path: "argocd/prodwork01-argocd" ingress_ip_whitelist: - "212.121.131.106/32" # netgo berlin - "149.233.6.129/32" # netgo e-shelter - "46.245.219.98/32" # netgo borken - "164.138.195.162/32" # netgo aachen - "164.92.251.253/32" # devnso-blackbox-01 - "10.3.0.0/16" # Private stage network - "195.201.127.50/32" # prodwork01-backup-01 # Application specific cert-manager: enable: false cloud_provider: hetzner alertmanager_config_secret_name: myalertmanager oidc: enabled: true namespace: mobene-keycloak iam: secret_name_keycloak_creds: iam-keycloak-creds envvars: #iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/" iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/" elk_logging: logstash: loadBalancer: enabled: false ingress_kibana: stage: *stagename domain: *domainname elasticsearch: storage: nodeSize: 80Gi filebeat: requests: memory: 500Mi cpu: 0.5 limits: memory: 1.2Gi cpu: 0.5 prometheus: retention: 30d storageSpec: volumeClaimTemplate: spec: storageClassName: hcloud-volumes accessModes: ["ReadWriteOnce"] resources: requests: storage: 200Gi resources: limits: cpu: 500m memory: 4Gi requests: cpu: 500m memory: 2Gi config: blackboxTargets: - https://connect-wordpress-nsodev-prodwork01.smardigo.digital - https://connect-wordpress-cusqa-prodwork01.smardigo.digital - https://egeld24-wordpress-cusqa-prodwork01.smardigo.digital - https://connect-wordpress-cusprod-prodwork01.smardigo.digital - https://egeld24.de - https://kfz-wige.thgquotenservice.de - https://prodnso-keycloak-01.smardigo.digital/auth/ blackboxTargets_http_4xx: - https://connect-nsodev-prodwork01.smardigo.digital - https://connect-cusqa-prodwork01.smardigo.digital - https://connect-cusprod-prodwork01.smardigo.digital nodeexporterTargets: - 10.3.0.12:9082 postgres_operator: configDebug: debug_logging: true configKubernetes: delete_annotation_name_key: "delete-clustername" hcloud_network: *stagename #hcloud_ccm_token: #hcloud_csi_token: