prodwork01-mobene-deployment/values_nsodev.yaml

stage: nsodev

# minio tenant
tenant:
  tenant:
    name: s3-nsodev-prodwork01
    configuration:
      name: minio-config
    pools:
      - servers: 4
        volumesPerServer: 2
        storageClassName: hcloud-volumes
        size: 60Gi
    buckets:
      - name: postgres
        region: ""
      - name: wordpress
        region: ""
    users:
      - name: pgbackup
      - name: wpbackup
    prometheus:
      diskCapacityGB: false
    log:
      audit:
        diskCapacityGB: false
    env:
      - name: MINIO_PROMETHEUS_AUTH_TYPE
        value: "public"
      - name: MINIO_PROMETHEUS_JOB_ID
        value: "minio-nsodev"
      - name: MINIO_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
      - name: CONSOLE_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
  ingress:
    api:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/custom-http-errors: "599"
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
        nginx.ingress.kubernetes.io/proxy-body-size: 32m
        nginx.ingress.kubernetes.io/whitelist-source-range: >-
                    212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
      host: s3storage-nsodev-prodwork01.smardigo.digital
      tls:
        - secretName: s3-miniotest-cert
          hosts:
            - s3storage-nsodev-prodwork01.smardigo.digital
    console:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      host: s3console-nsodev-prodwork01.smardigo.digital
      tls:
        - secretName: s3-console-cert
          hosts:
            - s3console-nsodev-prodwork01.smardigo.digital

kibana:
  name: kibana-nsodev-prodwork01.smardigo.digital

pgadmin:
  name: pgadmin-nsodev-prodwork01.smardigo.digital
  image:
    name: dpage/pgadmin4
    tag: 7
  env:
    email: smardigo-admin@smardigo.dev
    password: smardigo-admin
    servers:
      connect:
        Name: "smardigo_connect"
        Group: "Servers"
        Port: 5432
        Username: "smardigo_connect_admin"
        Host: "postgres-cluster"
        SSLMode: "require"
        MaintenanceDB: "smardigo-connect"
        Password:
          valueFrom:
            secretKeyRef:
              key: password
              name: >-
                                smardigo-connect-admin.postgres-cluster.credentials.postgresql.acid.zalan.do
  ingress:
    customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"

smardigo-connect:
  postgres:
    spec:
      volume:
        size: 40Gi
      additionalVolumes:
        - name: backup-monitoring-script
          mountPath: /nso_scripts
          volumeSource:
            configMap:
              name: backup-monitoring-script
              defaultMode: 0777
          targetContainers:
            - postgres
        - name: pg-backup-script
          mountPath: /scripts/postgres_backup.sh
          subPath: postgres_backup.sh
          volumeSource:
            configMap:
              name: pg-backup-script
              defaultMode: 0777
          targetContainers:
            - postgres
        - name: pg-reschedulebackup-script
          mountPath: /scripts/backup_retry.sh
          subPath: backup_retry.sh
          volumeSource:
            configMap:
              name: pg-backup-script
              defaultMode: 0777
          targetContainers:
            - postgres
    monitoring:
      alerts:
        postgres:
          basebackup:
            timeThreshold: 86400 # for backups older than 1 day
            teamLabel: alerting-nso-mobene
  connect:
    additional_labels:
      restart: 20231511-1224
    domain: connect-nsodev-prodwork01.smardigo.digital
    image:
      version: 11.2.102
    envvars:
      tenant_id: nsodev-mobene
    oidc:
      client_id: nsodev
      registration_id: nsodev
      issuer_host: prodnso-keycloak-01.smardigo.digital
      realm: mobene
    iam:
      iam_module: external
      iam_client_enabled: "true"
      protocol: http
      hostname: iam.mobene-keycloak
      port: 8080
    elastic:
      process_search_module: external_v2
      process_search_client_enabled: true
      process_search_client_read_timeout: 4000
    mail:
      properties:
        allowed_domains: "netgo.de"
    ocr:
      enabled: true
    four_eyes_principle_deletion: true
    config_delete_scope_enabled: true
    cloudevents:
      pollinterval: 200
    accesslog:
      enabled: true
    livenessProbe:
      enabled: false
      initialDelaySeconds: 120
      periodSeconds: 60
      timeoutSeconds: 30
      failureThreshold: 2
      successThreshold: 1
      httpGet:
        path: "/management/health"
        port: 8081
    readinessProbe:
      enabled: false
      initialDelaySeconds: 180
      periodSeconds: 60
      timeoutSeconds: 30
      failureThreshold: 2
      successThreshold: 1
      httpGet:
        path: "/management/health" # hier fehlt noch was sinnvolles
        port: http_metrics
  processSearch:
    image:
      version: 1.4.32
    additional_labels:
      restart: 20231012-1210
    domain: process-search-nsodev-prodwork01.smardigo.digital
    ingress:
      enabled: true
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"

smardigo-worker:
  uba:
    enabled: true
    image:
      version: 11.4.0
  partnerapi:
    enabled: true
    image:
      version: 1.0.10
    domain: partnerapi-nsodev-prodwork01.smardigo.digital
    oidc:
      registration_id: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIyNWJmMjFkMC05MjVlLTQyMDEtYTE1YS0xMDU5ODM1OTI4MTIifQ.eyJleHAiOjAsImlhdCI6MTcwOTIxOTQ1MSwianRpIjoiMWM5MDJlNTMtMDJlYy00NTU4LTgwMjItYjNiZGZlNjRjMWQzIiwiaXNzIjoiaHR0cHM6Ly9wcm9kbnNvLWtleWNsb2FrLTAxLnNtYXJkaWdvLmRpZ2l0YWwvYXV0aC9yZWFsbXMvbW9iZW5lIiwiYXVkIjoiaHR0cHM6Ly9wcm9kbnNvLWtleWNsb2FrLTAxLnNtYXJkaWdvLmRpZ2l0YWwvYXV0aC9yZWFsbXMvbW9iZW5lIiwidHlwIjoiUmVnaXN0cmF0aW9uQWNjZXNzVG9rZW4iLCJyZWdpc3RyYXRpb25fYXV0aCI6ImF1dGhlbnRpY2F0ZWQifQ.ikOCYmB2VR69bnVRQIcPhmhwGp1pqAOCYJX8FxEQ9KI
  sepa:
    enabled: true
    image:
      version: 11.2.0
  ocr:
    enabled: true
    image:
      version: 11.1.2
    task:
      maxTasks: 3
    smardigo:
      workflow:
        readTimeout: 30000
  wordpressInitializer:
    enabled: true
    image:
      version: 11.0.5
    additional_labels:
      restart: 20231031-0950
    config:
      amount_retries: 3
      base_waittime: 30
      waittime_increase_interval: 15
  reporting:
    enabled: true
    image:
      version: 11.2.48

smardigo-wordpress:
  wordpress:
    nameOverride: wordpress-thgquotenservice
    multisite:
      host: connect-wordpress-nsodev-prodwork01.smardigo.digital
    customPostInitScripts:
      install-plugins.sh: |
        #!/bin/bash
        wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network        
    ingress:
      hostname: connect-wordpress-nsodev-prodwork01.smardigo.digital
      extraHosts:
        - name: "*.connect-wordpress-nsodev-prodwork01.smardigo.digital"
          path: /
      extraTls:
        - hosts:
            - "*.connect-wordpress-nsodev-prodwork01.smardigo.digital"
          secretName: "connect-wordpress-nsodev-prodwork01.smardigo.digital-wildcard-tls"
      annotations:
        nginx.ingress.kubernetes.io/whitelist-source-range: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
    commonLabels:
      app: wordpress
      project: thgquotenservice

egeld24-wordpress:
  enabled: false

prometheus-postgres-exporter:
  serviceMonitor:
    enabled: true
    labels:
      release: kube-prometheus-stack
  rbac:
    pspEnabled: false
  config:
    datasourceSecret:
      name: postgres-exporter-database-connection
      key: datasource

iam:
  enabled: true
  iam_module: external
  iam_client_enabled: "true"
  protocol: http
  hostname: iam.nsodev
  port: 8080
  secret_name_keycloak_creds: iam-keycloak-creds
  envvars:
    iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/"
  netpols:
    keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital