stage: cusprod domainMonitoring: enabled: true domains: - https://egeld24.de - https://kfz-wige.thgquotenservice.de - https://prodnso-keycloak-01.smardigo.digital/auth/ - https://connect-cusprod-prodwork01.smardigo.digital # needed to set ONCE for ALL mobene stages # => avoiding double declaration grafanaDashboards: enabled: true # minio tenant tenant: tenant: name: s3-cusprod-prodwork01 configuration: name: minio-config pools: - servers: 4 volumesPerServer: 2 storageClassName: hcloud-volumes size: 800Gi buckets: - name: postgres region: "" - name: wordpress region: "" users: - name: pgbackup - name: wpbackup prometheus: diskCapacityGB: false log: audit: diskCapacityGB: false env: - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - name: MINIO_PROMETHEUS_JOB_ID value: "minio-cusprod" - name: MINIO_PROMETHEUS_URL value: "http://kube-prometheus-stack-prometheus.monitoring:9090" - name: CONSOLE_PROMETHEUS_URL value: "http://kube-prometheus-stack-prometheus.monitoring:9090" ingress: api: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: "true" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/custom-http-errors: "599" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 32m nginx.ingress.kubernetes.io/whitelist-source-range: >- 212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32 host: s3storage-cusprod-prodwork01.smardigo.digital tls: - secretName: s3-miniotest-cert hosts: - s3storage-cusprod-prodwork01.smardigo.digital console: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: "true" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/force-ssl-redirect: "true" host: s3console-cusprod-prodwork01.smardigo.digital tls: - secretName: s3-console-cert hosts: - s3console-cusprod-prodwork01.smardigo.digital kibana: name: kibana-cusprod-prodwork01.smardigo.digital pgadmin: name: pgadmin-cusprod-prodwork01.smardigo.digital image: name: dpage/pgadmin4 tag: 7 env: email: smardigo-admin@smardigo.dev password: smardigo-admin servers: connect: Name: "smardigo_connect" Group: "Servers" Port: 5432 Username: "smardigo_connect_admin" Host: "postgres-cluster" SSLMode: "require" MaintenanceDB: "smardigo-connect" Password: valueFrom: secretKeyRef: key: password name: >- smardigo-connect-admin.postgres-cluster.credentials.postgresql.acid.zalan.do ingress: customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" smardigo-connect: postgres: spec: volume: size: 600Gi resources: limits: memory: 3Gi requests: cpu: "1" monitoring: alerts: postgres: basebackup: timeThreshold: 86400 # for backups older than 1 day teamLabel: alerting-nso-mobene resources: limits: memory: 3Gi connect: additional_labels: restart: 202408121430 cloudevents: pollinterval: 200 domain: connect-cusprod-prodwork01.smardigo.digital ingress: customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" image: version: 11.2.46 envvars: tenant_id: cusprod-mobene oidc: client_id: cusprod registration_id: cusprod issuer_host: prodnso-keycloak-01.smardigo.digital realm: mobene iam: iam_module: external iam_client_enabled: "true" protocol: http hostname: iam.mobene-keycloak port: 8080 elastic: process_search_module: external_v2 process_search_client_enabled: true process_search_client_read_timeout: 10000 ocr: enabled: true four_eyes_principle_deletion: true config_delete_scope_enabled: true resources: limits: memory: 4Gi requests: cpu: "2.5" processSearch: image: version: 1.4.5 process_search_client_read_timeout: 4000 additional_labels: restart: 20231115-1315 resources: requests: memory: "1Gi" cpu: "1" limits: memory: "2.5Gi" cpu: "1" smardigo-worker: uba: enabled: true image: version: 11.4.0 partnerapi: enabled: false sepa: enabled: true image: version: 11.2.0 ocr: enabled: true image: version: 11.1.2 task: maxTasks: 3 resources: limits: memory: 4Gi cpu: "1.5" requests: cpu: "1" smardigo: workflow: readTimeout: 30000 wordpressInitializer: enabled: true image: version: 11.0.5 additional_labels: restart: 20240319-1020 config: amount_retries: 3 base_waittime: 30 waittime_increase_interval: 15 reporting: enabled: true image: version: 11.2.25 smardigo-wordpress: wordpress: nameOverride: wordpress-thgquotenservice multisite: host: connect-wordpress-cusprod-prodwork01.smardigo.digital customPostInitScripts: install-plugins.sh: | #!/bin/bash wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network wordpressExtraConfigContent: | define('DISABLE_WP_CRON', true); define('WP_CACHE', true); define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']); ingress: hostname: connect-wordpress-cusprod-prodwork01.smardigo.digital extraHosts: - name: "thgquotenservice.de" path: / - name: "*.thgquotenservice.de" path: / extraTls: - hosts: - "thgquotenservice.de" secretName: "thgquotenservice-de-tls" - hosts: - "*.thgquotenservice.de" secretName: "thgquotenservice-de-wildcard-tls" annotations: nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0" customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" commonLabels: app: wordpress project: thgquotenservice egeld24-wordpress: enabled: true wordpress: nameOverride: wordpress-egeld24 multisite: enable: false customPostInitScripts: install-plugins.sh: | #!/bin/bash wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network ingress: hostname: egeld24.de extraHosts: - name: "www.egeld24.de" path: / extraTls: - hosts: - "www.egeld24.de" secretName: "egeld24-de-tls" annotations: cert-manager.io/cluster-issuer: letsencrypt-prod-http nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0" customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32,157.90.234.149/32" commonLabels: app: wordpress project: egeld24 prometheus-postgres-exporter: serviceMonitor: enabled: true labels: release: kube-prometheus-stack rbac: pspEnabled: false config: datasourceSecret: name: postgres-exporter-database-connection key: datasource iam: enabled: true iam_module: external iam_client_enabled: "true" protocol: http hostname: iam.cusprod port: 8080 secret_name_keycloak_creds: iam-keycloak-creds envvars: iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" netpols: keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital