You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
154 lines
4.7 KiB
YAML
154 lines
4.7 KiB
YAML
# Global
|
|
global:
|
|
externalBlackboxExporter: devnso-blackbox-01.smardigo.digital:9115
|
|
|
|
## Set this to create nginx for argocd and other services
|
|
bootstrap:
|
|
argo_namespace: argo-cd
|
|
argo_auto_sync_enabled: true
|
|
|
|
argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg
|
|
|
|
# ArgoCD OIDC with Keycloak
|
|
argocd:
|
|
server:
|
|
config:
|
|
oidcConfig:
|
|
name: sso
|
|
issuer: "https://keycloak-prodwork01.smardigo.digital/auth/realms/infrastructure"
|
|
clientID: "argocd"
|
|
clientSecret: $oidc.keycloak.clientSecret
|
|
requestedScopes: ["openid", "profile", "email", "groups"]
|
|
rbac:
|
|
policy.default: ""
|
|
policy.csv: |
|
|
g, admin, role:admin
|
|
g, argocd-admins, role:admin
|
|
g, mobenedevs, role:mobene-users
|
|
p, role:mobene-users, project, get, mobene, allow
|
|
p, role:mobene-users, applications, get, mobene/*, allow
|
|
p, role:mobene-users, applications, sync, mobene/*, allow
|
|
p, role:mobene-users, repositories, get, *, allow
|
|
p, role:mobene-users, logs, get, mobene/*, allow
|
|
p, role:mobene-users, exec, create, mobene/*, allow
|
|
|
|
# grafana:
|
|
# grafana_ini:
|
|
# auth.generic_oauth:
|
|
# enabled: true
|
|
# name: Keycloak
|
|
# allow_sign_up: true
|
|
# tls_skip_verify_insecure: true
|
|
# scopes: profile,email,groups
|
|
# auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/auth
|
|
# token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/token
|
|
# api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/userinfo
|
|
# client_id: grafana
|
|
# client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd
|
|
# role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer'
|
|
# server:
|
|
# root_url: https://prodwork01-grafana.smardigo.digital
|
|
|
|
stage: &stagename prodwork01
|
|
domain: &domainname smardigo.digital
|
|
|
|
letsencrypt:
|
|
dns_zones:
|
|
- smardigo.digital
|
|
- thgquotenservice.de
|
|
|
|
gitea_instance: prodnso-gitea-01
|
|
gitea_repo_path: "argocd/prodwork01-argocd"
|
|
|
|
ingress_ip_whitelist:
|
|
- "212.121.131.106/32" # netgo berlin
|
|
- "149.233.6.129/32" # netgo e-shelter
|
|
- "46.245.219.98/32" # netgo borken
|
|
- "164.138.195.162/32" # netgo aachen
|
|
- "164.92.251.253/32" # devnso-blackbox-01
|
|
- "10.3.0.0/16" # Private stage network
|
|
- "195.201.127.50/32" # prodwork01-backup-01
|
|
|
|
# Application specific
|
|
cert-manager:
|
|
enable: false
|
|
|
|
cloud_provider: hetzner
|
|
|
|
alertmanager_config_secret_name: myalertmanager
|
|
|
|
oidc:
|
|
enabled: true
|
|
namespace: mobene-keycloak
|
|
iam:
|
|
secret_name_keycloak_creds: iam-keycloak-creds
|
|
envvars:
|
|
#iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/"
|
|
iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/"
|
|
|
|
elk_logging:
|
|
logstash:
|
|
loadBalancer:
|
|
enabled: false
|
|
ingress_kibana:
|
|
stage: *stagename
|
|
domain: *domainname
|
|
elasticsearch:
|
|
storage:
|
|
nodeSize: 80Gi
|
|
filebeat:
|
|
limits:
|
|
memory: 500Mi
|
|
|
|
kibana:
|
|
podTemplate:
|
|
spec:
|
|
containers:
|
|
- name: kibana
|
|
resources:
|
|
requests:
|
|
memory: 2Gi
|
|
limits:
|
|
memory: 2Gi
|
|
|
|
filebeat:
|
|
limits:
|
|
memory: 500Mi
|
|
cpu: 0.4
|
|
|
|
prometheus:
|
|
retention: 30d
|
|
storageSpec:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
storageClassName: hcloud-volumes
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 100Gi
|
|
config:
|
|
blackboxTargets:
|
|
- https://connect-wordpress-nsodev-prodwork01.smardigo.digital
|
|
- https://connect-wordpress-cusqa-prodwork01.smardigo.digital
|
|
- https://egeld24-wordpress-cusqa-prodwork01.smardigo.digital
|
|
- https://connect-wordpress-cusprod-prodwork01.smardigo.digital
|
|
- https://egeld24.de
|
|
- https://kfz-wige.thgquotenservice.de
|
|
- https://prodnso-keycloak-01.smardigo.digital/auth/
|
|
blackboxTargets_http_4xx:
|
|
- https://connect-nsodev-prodwork01.smardigo.digital
|
|
- https://connect-cusqa-prodwork01.smardigo.digital
|
|
- https://connect-cusprod-prodwork01.smardigo.digital
|
|
nodeexporterTargets:
|
|
- 10.3.0.12:9082
|
|
|
|
postgres_operator:
|
|
configDebug:
|
|
debug_logging: true
|
|
configKubernetes:
|
|
delete_annotation_name_key: "delete-clustername"
|
|
|
|
hcloud_network: *stagename
|
|
#hcloud_ccm_token: <sops>
|
|
#hcloud_csi_token: <sops>
|