stage: nsodev # minio tenant tenant: tenant: name: s3-nsodev-prodwork01 configuration: name: minio-config pools: - servers: 4 volumesPerServer: 2 storageClassName: hcloud-volumes size: 60Gi buckets: - name: postgres region: "" - name: wordpress region: "" users: - name: pgbackup - name: wpbackup prometheus: diskCapacityGB: false log: audit: diskCapacityGB: false env: - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - name: MINIO_PROMETHEUS_JOB_ID value: "minio-nsodev" - name: MINIO_PROMETHEUS_URL value: "http://kube-prometheus-stack-prometheus.monitoring:9090" - name: CONSOLE_PROMETHEUS_URL value: "http://kube-prometheus-stack-prometheus.monitoring:9090" ingress: api: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: "true" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/custom-http-errors: "599" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 32m nginx.ingress.kubernetes.io/whitelist-source-range: >- 212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32 host: s3storage-nsodev-prodwork01.smardigo.digital tls: - secretName: s3-miniotest-cert hosts: - s3storage-nsodev-prodwork01.smardigo.digital console: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: "true" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/force-ssl-redirect: "true" host: s3console-nsodev-prodwork01.smardigo.digital tls: - secretName: s3-console-cert hosts: - s3console-nsodev-prodwork01.smardigo.digital kibana: name: kibana-nsodev-prodwork01.smardigo.digital pgadmin: name: pgadmin-nsodev-prodwork01.smardigo.digital image: name: dpage/pgadmin4 tag: 7 env: email: smardigo-admin@smardigo.dev password: smardigo-admin servers: connect: Name: "smardigo_connect" Group: "Servers" Port: 5432 Username: "smardigo_connect_admin" Host: "postgres-cluster" SSLMode: "require" MaintenanceDB: "smardigo-connect" Password: valueFrom: secretKeyRef: key: password name: >- smardigo-connect-admin.postgres-cluster.credentials.postgresql.acid.zalan.do ingress: customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" smardigo-connect: postgres: spec: volume: size: 40Gi additionalVolumes: - name: backup-monitoring-script mountPath: /nso_scripts volumeSource: configMap: name: backup-monitoring-script defaultMode: 0777 targetContainers: - postgres - name: pg-backup-script mountPath: /scripts/postgres_backup.sh subPath: postgres_backup.sh volumeSource: configMap: name: pg-backup-script defaultMode: 0777 targetContainers: - postgres - name: pg-reschedulebackup-script mountPath: /scripts/backup_retry.sh subPath: backup_retry.sh volumeSource: configMap: name: pg-backup-script defaultMode: 0777 targetContainers: - postgres monitoring: alerts: postgres: basebackup: timeThreshold: 86400 # for backups older than 1 day teamLabel: alerting-nso-mobene connect: additional_labels: restart: 20231511-1224 domain: connect-nsodev-prodwork01.smardigo.digital image: version: 11.2.46 envvars: tenant_id: nsodev-mobene oidc: client_id: nsodev registration_id: nsodev issuer_host: prodnso-keycloak-01.smardigo.digital realm: mobene iam: iam_module: external iam_client_enabled: "true" protocol: http hostname: iam.mobene-keycloak port: 8080 elastic: process_search_module: external_v2 process_search_client_enabled: true process_search_client_read_timeout: 4000 mail: properties: allowed_domains: "netgo.de" ocr: enabled: true four_eyes_principle_deletion: true config_delete_scope_enabled: true processSearch: image: version: 1.4.5 additional_labels: restart: 20231012-1210 domain: process-search-nsodev-prodwork01.smardigo.digital ingress: enabled: true customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" smardigo-worker: uba: enabled: true image: version: 11.4.0 partnerapi: enabled: true image: version: 1.0.5 domain: partnerapi-nsodev-prodwork01.smardigo.digital oidc: registration_id: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIyNWJmMjFkMC05MjVlLTQyMDEtYTE1YS0xMDU5ODM1OTI4MTIifQ.eyJleHAiOjAsImlhdCI6MTcwOTIxOTQ1MSwianRpIjoiMWM5MDJlNTMtMDJlYy00NTU4LTgwMjItYjNiZGZlNjRjMWQzIiwiaXNzIjoiaHR0cHM6Ly9wcm9kbnNvLWtleWNsb2FrLTAxLnNtYXJkaWdvLmRpZ2l0YWwvYXV0aC9yZWFsbXMvbW9iZW5lIiwiYXVkIjoiaHR0cHM6Ly9wcm9kbnNvLWtleWNsb2FrLTAxLnNtYXJkaWdvLmRpZ2l0YWwvYXV0aC9yZWFsbXMvbW9iZW5lIiwidHlwIjoiUmVnaXN0cmF0aW9uQWNjZXNzVG9rZW4iLCJyZWdpc3RyYXRpb25fYXV0aCI6ImF1dGhlbnRpY2F0ZWQifQ.ikOCYmB2VR69bnVRQIcPhmhwGp1pqAOCYJX8FxEQ9KI sepa: enabled: true image: version: 11.2.0 ocr: enabled: true image: version: 11.1.2 task: maxTasks: 3 smardigo: workflow: readTimeout: 30000 wordpressInitializer: enabled: true image: version: 11.0.5 additional_labels: restart: 20231031-0950 config: amount_retries: 3 base_waittime: 30 waittime_increase_interval: 15 reporting: enabled: true image: version: 11.2.22 smardigo-wordpress: wordpress: nameOverride: wordpress-thgquotenservice multisite: host: connect-wordpress-nsodev-prodwork01.smardigo.digital customPostInitScripts: install-plugins.sh: | #!/bin/bash wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network ingress: hostname: connect-wordpress-nsodev-prodwork01.smardigo.digital extraHosts: - name: "*.connect-wordpress-nsodev-prodwork01.smardigo.digital" path: / extraTls: - hosts: - "*.connect-wordpress-nsodev-prodwork01.smardigo.digital" secretName: "connect-wordpress-nsodev-prodwork01.smardigo.digital-wildcard-tls" annotations: nginx.ingress.kubernetes.io/whitelist-source-range: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32" commonLabels: app: wordpress project: thgquotenservice egeld24-wordpress: enabled: false prometheus-postgres-exporter: serviceMonitor: enabled: true labels: release: kube-prometheus-stack rbac: pspEnabled: false config: datasourceSecret: name: postgres-exporter-database-connection key: datasource iam: enabled: true iam_module: external iam_client_enabled: "true" protocol: http hostname: iam.nsodev port: 8080 secret_name_keycloak_creds: iam-keycloak-creds envvars: iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" netpols: keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital