argocd
/
prodwork01-argocd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
main_dev1029_pgbkp_s3apierror_alert
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f9389bbf4c'
${ noResults }
prodwork01-argocd/values.yaml

148 lines
4.7 KiB
YAML
Raw Blame History

# Global
global:
externalBlackboxExporter: devnso-blackbox-01.smardigo.digital:9115
## Set this to create nginx for argocd and other services
bootstrap:
argo_namespace: argo-cd
argo_auto_sync_enabled: true
argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg
# ArgoCD OIDC with Keycloak
argocd:
server:
config:
oidcConfig:
name: sso
issuer: "https://keycloak-prodwork01.smardigo.digital/auth/realms/infrastructure"
clientID: "argocd"
clientSecret: $oidc.keycloak.clientSecret
requestedScopes: ["openid", "profile", "email", "groups"]
rbac:
policy.default: ""
policy.csv: |
g, admin, role:admin
g, argocd-admins, role:admin
g, mobenedevs, role:mobene-users
p, role:mobene-users, project, get, mobene, allow
p, role:mobene-users, applications, get, mobene/*, allow
p, role:mobene-users, applications, sync, mobene/*, allow
p, role:mobene-users, repositories, get, *, allow
p, role:mobene-users, logs, get, mobene/*, allow
p, role:mobene-users, exec, create, mobene/*, allow
# grafana:
# grafana_ini:
# auth.generic_oauth:
# enabled: true
# name: Keycloak
# allow_sign_up: true
# tls_skip_verify_insecure: true
# scopes: profile,email,groups
# auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/auth
# token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/token
# api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure/protocol/openid-connect/userinfo
# client_id: grafana
# client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd
# role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer'
# server:
# root_url: https://prodwork01-grafana.smardigo.digital
stage: &stagename prodwork01
domain: &domainname smardigo.digital
letsencrypt:
dns_zones:
- smardigo.digital
- thgquotenservice.de
gitea_instance: prodnso-gitea-01
gitea_repo_path: "argocd/prodwork01-argocd"
ingress_ip_whitelist:
- "212.121.131.106/32" # netgo berlin
- "149.233.6.129/32" # netgo e-shelter
- "46.245.219.98/32" # netgo borken
- "164.138.195.162/32" # aachen
- "195.201.127.50/32" # prodwork01-backup-01
- "164.92.251.253/32" # DO hosted: devnso-blackbox-01
# Application specific
cert-manager:
enable: false
cloud_provider: hetzner
alertmanager_config_secret_name: myalertmanager
oidc:
enabled: true
namespace: mobene-keycloak
iam:
secret_name_keycloak_creds: iam-keycloak-creds
envvars:
#iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/"
iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/"
elk_logging:
ingress_kibana:
stage: *stagename
domain: *domainname
elasticsearch:
nodeSets:
- name: resized
count: 3
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 80Gi
storageClassName: hcloud-volumes
filebeat:
limits:
memory: 500Mi
cpu: 0.4
prometheus:
retention: 30d
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: hcloud-volumes
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 100Gi
config:
blackboxTargets:
- https://connect-wordpress-nsodev-prodwork01.smardigo.digital
- https://connect-wordpress-cusqa-prodwork01.smardigo.digital
- https://egeld24-wordpress-cusqa-prodwork01.smardigo.digital
- https://connect-wordpress-cusprod-prodwork01.smardigo.digital
- https://egeld24.de
- https://kfz-wige.thgquotenservice.de
- https://prodnso-keycloak-01.smardigo.digital/auth/
blackboxTargets_http_4xx:
- https://connect-nsodev-prodwork01.smardigo.digital
- https://connect-cusqa-prodwork01.smardigo.digital
- https://connect-cusprod-prodwork01.smardigo.digital
nodeexporterTargets:
- 10.3.0.12:9082
postgres_operator:
configDebug:
debug_logging: true
configKubernetes:
delete_annotation_name_key: "delete-clustername"
hcloud_network: *stagename
#hcloud_ccm_token: <sops>
#hcloud_csi_token: <sops>
Reference in New Issue View Git Blame Copy Permalink