prodwork01-mobene-deployment/values_nsodev.yaml

stage: nsodev

# minio tenant
tenant:
  tenant:
    name: s3-nsodev-prodwork01
    configuration:
      name: minio-config
    pools:
      - servers: 4
        volumesPerServer: 2
        storageClassName: hcloud-volumes
        size: 30Gi
    buckets:
      - name: postgres
        region: ""
      - name: wordpress
        region: ""
    users:
      - name: pgbackup
      - name: wpbackup
    prometheus:
      diskCapacityGB: false
    log:
      audit:
        diskCapacityGB: false
    env:
      - name: MINIO_PROMETHEUS_AUTH_TYPE
        value: "public"
      - name: MINIO_PROMETHEUS_JOB_ID
        value: "minio-nsodev"
      - name: MINIO_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
      - name: CONSOLE_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
  ingress:
    api:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
        nginx.ingress.kubernetes.io/proxy-body-size: 32m
        nginx.ingress.kubernetes.io/whitelist-source-range: >-
                    212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
      host: s3storage-nsodev-prodwork01.smardigo.digital
      tls:
        - secretName: s3-miniotest-cert
          hosts:
            - s3storage-nsodev-prodwork01.smardigo.digital
    console:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      host: s3console-nsodev-prodwork01.smardigo.digital
      tls:
        - secretName: s3-console-cert
          hosts:
            - s3console-nsodev-prodwork01.smardigo.digital

kibana:
  name: kibana-nsodev-prodwork01.smardigo.digital

pgadmin:
  name: pgadmin-nsodev-prodwork01.smardigo.digital
  image:
    name: dpage/pgadmin4
    tag: 7
  env:
    email: smardigo-admin@smardigo.dev
    password: smardigo-admin
    servers:
      connect:
        Name: "smardigo_connect"
        Group: "Servers"
        Port: 5432
        Username: "smardigo_connect_admin"
        Host: "postgres-cluster"
        SSLMode: "require"
        MaintenanceDB: "smardigo-connect"
        Password:
          valueFrom:
            secretKeyRef:
              key: password
              name: >-
                                smardigo-connect-admin.postgres-cluster.credentials.postgresql.acid.zalan.do
  ingress:
    customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"

smardigo-connect:
  postgres:
    spec:
      volume:
        size: 11Gi
      additionalVolumes:
        -
          name: backup-monitoring-script
          mountPath: /nso_scripts
          volumeSource:
            configMap:
              name: backup-monitoring-script
              defaultMode: 0777
          targetContainers:
            - postgres
        -
          name: pg-backup-script
          mountPath: /scripts/postgres_backup.sh
          subPath: postgres_backup.sh
          volumeSource:
            configMap:
              name: pg-backup-script
              defaultMode: 0777
          targetContainers:
            - postgres
        -
          name: pg-reschedulebackup-script
          mountPath: /scripts/backup_retry.sh
          subPath: backup_retry.sh
          volumeSource:
            configMap:
              name: pg-backup-script
              defaultMode: 0777
          targetContainers:
            - postgres
    monitoring:
      alerts:
        postgres:
          basebackup:
            timeThreshold: 86400 # for backups older than 1 day
            teamLabel: alerting-nso-mobene
  connect:
    additional_labels:
      restart: 20230911-1242
    domain: connect-nsodev-prodwork01.smardigo.digital
    image:
      version: 11.1.24
    envvars:
      tenant_id: nsodev-mobene
    oidc:
      client_id: nsodev
      registration_id: nsodev
      issuer_host: prodnso-keycloak-01.smardigo.digital
      realm: mobene
    iam:
      iam_module: external
      iam_client_enabled: "true"
      protocol: http
      hostname: iam.mobene-keycloak
      port: 8080
    elastic:
      process_search_module: external_v2
      process_search_client_enabled: true
    mail:
      properties:
        allowed_domains: 'netgo.de'
    ocr:
      enabled: true
    four_eyes_principle_deletion: true
    config_delete_scope_enabled: true
  processSearch:
    additional_labels:
      restart: 20231012-1210

smardigo-worker:
  uba:
    enabled: true
    image:
      version: 10.6.0
  sepa:
    enabled: true
    image:
      version: 10.3.0
  ocr:
    enabled: true
    image:
      version: 10.4.6
  wordpressInitializer:
    enabled: true
    image:
      version: 10.6.29
    additional_labels:
      restart: 20231030-1016
    config:
      amount_retries: 3
      base_waittime: 45
      waittime_increase_interval: 15

smardigo-wordpress:
  wordpress:
    nameOverride: wordpress-thgquotenservice
    multisite:
      host: connect-wordpress-nsodev-prodwork01.smardigo.digital
    customPostInitScripts:
      install-plugins.sh: |
        #!/bin/bash
        wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network        
    ingress:
      hostname: connect-wordpress-nsodev-prodwork01.smardigo.digital
      extraHosts:
        - name: "*.connect-wordpress-nsodev-prodwork01.smardigo.digital"
          path: /
      extraTls:
      - hosts:
          - "*.connect-wordpress-nsodev-prodwork01.smardigo.digital"
        secretName: "connect-wordpress-nsodev-prodwork01.smardigo.digital-wildcard-tls"
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
    commonLabels:
      app: wordpress
      project: thgquotenservice

egeld24-wordpress:
  enabled: false

prometheus-postgres-exporter:
  serviceMonitor:
    enabled: true
    labels:
      release: kube-prometheus-stack
  rbac:
    pspEnabled: false
  config:
    datasourceSecret:
      name: postgres-exporter-database-connection
      key: datasource

iam:
  enabled: true
  iam_module: external
  iam_client_enabled: "true"
  protocol: http
  hostname: iam.nsodev
  port: 8080
  secret_name_keycloak_creds: iam-keycloak-creds
  envvars:
    iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/"
  netpols:
    keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital