# Global global: externalBlackboxExporter: dev-blackbox-01.smardigo.digital:9115 ## Set this to create nginx for argocd and other services bootstrap: argo_namespace: argo-cd argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg # ArgoCD OIDC with Keycloak argocd: server: config: oidcConfig: name: sso issuer: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure" clientID: "argocd" clientSecret: $oidc.keycloak.clientSecret requestedScopes: ["openid", "profile", "email", "groups"] rbacConfig: policy.default: '' policy.csv: | g, admin, role:admin g, argocd-admins, role:admin g, mobenedevs, role:mobene-users p, role:mobene-users, project, get, mobene, allow p, role:mobene-users, applications, get, mobene/*, allow p, role:mobene-users, applications, sync, mobene/*, allow p, role:mobene-users, repositories, get, *, allow # grafana: # grafana_ini: # auth.generic_oauth: # enabled: true # name: Keycloak # allow_sign_up: true # tls_skip_verify_insecure: true # scopes: profile,email,groups # auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/auth # token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/token # api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/userinfo # client_id: grafana # client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd # role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer' # server: # root_url: https://prodwork01-grafana.smardigo.digital stage: &stagename prodwork01 domain: &domainname smardigo.digital gitea_instance: prodnso-gitea-01 gitea_repo_path: "argocd/prodwork01-argocd" ingress_ip_whitelist: - "212.121.131.106/32" # netgo berlin - "149.233.6.129/32" # netgo e-shelter - "46.245.219.98/32" # netgo borken - "79.215.12.94/32" # sven - "164.138.195.162/32" # aachen - "195.201.127.50/32" # prodwork01-backup-01 - "164.92.251.253/32" # DO hosted: dev-blackbox-01.smardigo.digital # Application specific cert-manager: enable: false cloud_provider: hetzner alertmanager_config_secret_name: myalertmanager oidc: enabled: true namespace: mobene-keycloak iam: secret_name_keycloak_creds: iam-keycloak-creds envvars: #iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/" iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/" elk_logging: ingress_kibana: stage: *stagename domain: *domainname elasticsearch: nodeSets: - name: resized count: 3 config: node.store.allow_mmap: false volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 80Gi storageClassName: hcloud-volumes prometheus: retention: 30d storageSpec: volumeClaimTemplate: spec: storageClassName: hcloud-volumes accessModes: ["ReadWriteOnce"] resources: requests: storage: 40Gi config: blackboxTargets: - https://www.google.com - https://www.stackoverflow.com - https://www.heise.de - https://connect-wordpress-nsodev-prodwork01.smardigo.digital - https://egeld24-wordpress-cusqa-prodwork01.smardigo.digital - https://connect-wordpress-cusqa-prodwork01.smardigo.digital - https://connect-wordpress-cusprod-prodwork01.smardigo.digital - https://egeld24.de - https://kfz-wige.thgquotenservice.de - https://prodnso-keycloak-01.smardigo.digital/auth/ blackboxTargets_http_4xx: - https://connect-nsodev-prodwork01.smardigo.digital - https://connect-cusqa-prodwork01.smardigo.digital - https://connect-cusprod-prodwork01.smardigo.digital nodeexporterTargets: - 10.3.0.12:9082 postgres_operator: configDebug: debug_logging: true