argocd
/
prodwork01-mobene-deployment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cusprod
test
report_task_update_to_11.2.59_PROD
nsodev
hotfix/increase_pg_data_pvc
report_task_update_to_11.2.58_PROD
update_process_search_1.4.32
cusqa
cherry-pick-d7d4519a
cherry-pick-20afe452
pgadmin
MOB-755
ocr-jwt-token
cusqa_cherrypick_try
cherry-pick-9c6aec87
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03fcc68993'
${ noResults }
prodwork01-mobene-deployment/values_cusprod.yaml

207 lines
6.6 KiB
YAML
Raw Blame History

domainMonitoring:
enabled: true
domains:
- https://egeld24.de
- https://kfz-wige.thgquotenservice.de
- https://prodnso-keycloak-01.smardigo.digital/auth/
- https://connect-cusprod-prodwork01.smardigo.digital
# needed to set ONCE for ALL mobene stages
# => avoiding double declaration
grafanaDashboards:
enabled: true
# minio tenant
tenant:
tenant:
name: s3-cusprod-prodwork01
configuration:
name: minio-config
pools:
- servers: 4
volumesPerServer: 2
storageClassName: hcloud-volumes
size: 250Gi
buckets:
- name: postgres
region: ""
- name: wordpress
region: ""
users:
- name: pgbackup
- name: wpbackup
prometheus:
diskCapacityGB: false
log:
audit:
diskCapacityGB: false
env:
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
- name: MINIO_PROMETHEUS_JOB_ID
value: "minio-cusprod"
- name: MINIO_PROMETHEUS_URL
value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
- name: CONSOLE_PROMETHEUS_URL
value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
ingress:
api:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 32m
nginx.ingress.kubernetes.io/whitelist-source-range: >-
212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
host: s3storage-cusprod-prodwork01.smardigo.digital
tls:
- secretName: s3-miniotest-cert
hosts:
- s3storage-cusprod-prodwork01.smardigo.digital
console:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
host: s3console-cusprod-prodwork01.smardigo.digital
tls:
- secretName: s3-console-cert
hosts:
- s3console-cusprod-prodwork01.smardigo.digital
kibana:
name: kibana-cusprod-prodwork01.smardigo.digital
smardigo-connect:
postgres:
spec:
volume:
size: 200Gi
monitoring:
alerts:
postgres:
basebackup:
timeThreshold: 86400 # for backups older than 1 day
teamLabel: alerting-nso-mobene
connect:
additional_labels:
restart: 20230131-1854
domain: connect-cusprod-prodwork01.smardigo.digital
ingress:
customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
image:
version: 10.4.10
oidc:
client_id: cusprod
registration_id: cusprod
issuer_host: prodnso-keycloak-01.smardigo.digital
realm: mobene
iam:
iam_module: external
iam_client_enabled: "true"
protocol: http
hostname: iam.mobene-keycloak
port: 8080
ocr:
enabled: true
four_eyes_principle_deletion: true
config_delete_scope_enabled: true
smardigo-worker:
uba:
enabled: true
sepa:
enabled: true
ocr:
enabled: true
image:
version: 10.4.5
smardigo-wordpress:
wordpress:
nameOverride: wordpress-thgquotenservice
multisite:
host: connect-wordpress-cusprod-prodwork01.smardigo.digital
customPostInitScripts:
install-plugins.sh: |
#!/bin/bash
wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network
ingress:
hostname: connect-wordpress-cusprod-prodwork01.smardigo.digital
extraHosts:
- name: "thgquotenservice.de"
path: /
- name: "*.thgquotenservice.de"
path: /
extraTls:
- hosts:
- "thgquotenservice.de"
secretName: "thgquotenservice-de-tls"
- hosts:
- "*.thgquotenservice.de"
secretName: "thgquotenservice-de-wildcard-tls"
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
commonLabels:
app: wordpress
project: thgquotenservice
egeld24-wordpress:
enabled: true
wordpress:
nameOverride: wordpress-egeld24
multisite:
enable: false
customPostInitScripts:
install-plugins.sh: |
#!/bin/bash
wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network
ingress:
hostname: egeld24.de
extraHosts:
- name: "www.egeld24.de"
path: /
extraTls:
- hosts:
- "www.egeld24.de"
secretName: "egeld24-de-tls"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod-http
nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
commonLabels:
app: wordpress
project: egeld24
prometheus-postgres-exporter:
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
rbac:
pspEnabled: false
config:
datasourceSecret:
name: postgres-exporter-database-connection
key: datasource
iam:
enabled: true
iam_module: external
iam_client_enabled: "true"
protocol: http
hostname: iam.cusprod
port: 8080
secret_name_keycloak_creds: iam-keycloak-creds
envvars:
iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/"
netpols:
keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital
Reference in New Issue View Git Blame Copy Permalink