prodwork01-mobene-deployment/values_cusprod.yaml

stage: cusprod

domainMonitoring:
  enabled: true
  domains:
    - https://egeld24.de
    - https://kfz-wige.thgquotenservice.de
    - https://prodnso-keycloak-01.smardigo.digital/auth/
    - https://connect-cusprod-prodwork01.smardigo.digital

# needed to set ONCE for ALL mobene stages
# => avoiding double declaration
grafanaDashboards:
  enabled: true

# minio tenant
tenant:
  tenant:
    name: s3-cusprod-prodwork01
    configuration:
      name: minio-config
    pools:
      - servers: 4
        volumesPerServer: 2
        storageClassName: hcloud-volumes
        size: 800Gi
    buckets:
      - name: postgres
        region: ""
      - name: wordpress
        region: ""
    users:
      - name: pgbackup
      - name: wpbackup
    prometheus:
      diskCapacityGB: false
    log:
      audit:
        diskCapacityGB: false
    env:
      - name: MINIO_PROMETHEUS_AUTH_TYPE
        value: "public"
      - name: MINIO_PROMETHEUS_JOB_ID
        value: "minio-cusprod"
      - name: MINIO_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
      - name: CONSOLE_PROMETHEUS_URL
        value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
  ingress:
    api:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/custom-http-errors: "599"
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
        nginx.ingress.kubernetes.io/proxy-body-size: 32m
        nginx.ingress.kubernetes.io/whitelist-source-range: >-
                    212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
      host: s3storage-cusprod-prodwork01.smardigo.digital
      tls:
        - secretName: s3-miniotest-cert
          hosts:
            - s3storage-cusprod-prodwork01.smardigo.digital
    console:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        cert-manager.io/issue-temporary-certificate: "true"
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      host: s3console-cusprod-prodwork01.smardigo.digital
      tls:
        - secretName: s3-console-cert
          hosts:
            - s3console-cusprod-prodwork01.smardigo.digital

kibana:
  name: kibana-cusprod-prodwork01.smardigo.digital

pgadmin:
  name: pgadmin-cusprod-prodwork01.smardigo.digital
  image:
    name: dpage/pgadmin4
    tag: 7
  env:
    email: smardigo-admin@smardigo.dev
    password: smardigo-admin
    servers:
      connect:
        Name: "smardigo_connect"
        Group: "Servers"
        Port: 5432
        Username: "smardigo_connect_admin"
        Host: "postgres-cluster"
        SSLMode: "require"
        MaintenanceDB: "smardigo-connect"
        Password:
          valueFrom:
            secretKeyRef:
              key: password
              name: >-
                                smardigo-connect-admin.postgres-cluster.credentials.postgresql.acid.zalan.do
  ingress:
    customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"

smardigo-connect:
  postgres:
    spec:
      volume:
        size: 600Gi
      resources:
        limits:
          memory: 3Gi
        requests:
          cpu: "1"
    monitoring:
      alerts:
        postgres:
          basebackup:
            timeThreshold: 86400 # for backups older than 1 day
            teamLabel: alerting-nso-mobene
    resources:
      limits:
        memory: 3Gi
  connect:
    additional_labels:
      restart: "20240812-15:00"
    cloudevents:
      pollinterval: 200
    domain: connect-cusprod-prodwork01.smardigo.digital
    ingress:
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
    image:
      version: 11.2.46
    envvars:
      tenant_id: cusprod-mobene
    oidc:
      client_id: cusprod
      registration_id: cusprod
      issuer_host: prodnso-keycloak-01.smardigo.digital
      realm: mobene
    iam:
      iam_module: external
      iam_client_enabled: "true"
      protocol: http
      hostname: iam.mobene-keycloak
      port: 8080
    elastic:
      process_search_module: external_v2
      process_search_client_enabled: true
      process_search_client_read_timeout: 10000
    ocr:
      enabled: true
    four_eyes_principle_deletion: true
    config_delete_scope_enabled: true
    resources:
      limits:
        memory: 4Gi
      requests:
        cpu: "2.5"
      livenessProbe:
        enabled: true
        initialDelaySeconds: 120
        periodSeconds: 60
        timeoutSeconds: 30
        failureThreshold: 2
        successThreshold: 1
        httpGet:
          path: "/management/health"
          port: 8081
  processSearch:
    image:
      version: 1.4.5
    process_search_client_read_timeout: 4000
    additional_labels:
      restart: 20231115-1315
    resources:
      requests:
        memory: "1Gi"
        cpu: "1"
      limits:
        memory: "2.5Gi"
        cpu: "1"

smardigo-worker:
  uba:
    enabled: true
    image:
      version: 11.4.0
  partnerapi:
    enabled: false
  sepa:
    enabled: true
    image:
      version: 11.2.0
  ocr:
    enabled: true
    image:
      version: 11.1.2
    task:
      maxTasks: 3
    resources:
      limits:
        memory: 4Gi
        cpu: "1.5"
      requests:
        cpu: "1"
    smardigo:
      workflow:
        readTimeout: 30000
  wordpressInitializer:
    enabled: true
    image:
      version: 11.0.5
    additional_labels:
      restart: 20240319-1020
    config:
      amount_retries: 3
      base_waittime: 30
      waittime_increase_interval: 15
  reporting:
    enabled: true
    image:
      version: 11.2.25

smardigo-wordpress:
  wordpress:
    nameOverride: wordpress-thgquotenservice
    multisite:
      host: connect-wordpress-cusprod-prodwork01.smardigo.digital
    customPostInitScripts:
      install-plugins.sh: |
        #!/bin/bash
        wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network        
    wordpressExtraConfigContent: |
      define('DISABLE_WP_CRON', true);
      define('WP_CACHE', true);
      define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']);      
    ingress:
      hostname: connect-wordpress-cusprod-prodwork01.smardigo.digital
      extraHosts:
        - name: "thgquotenservice.de"
          path: /
        - name: "*.thgquotenservice.de"
          path: /
      extraTls:
        - hosts:
            - "thgquotenservice.de"
          secretName: "thgquotenservice-de-tls"
        - hosts:
            - "*.thgquotenservice.de"
          secretName: "thgquotenservice-de-wildcard-tls"
      annotations:
        nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32"
    commonLabels:
      app: wordpress
      project: thgquotenservice

egeld24-wordpress:
  enabled: true
  wordpress:
    nameOverride: wordpress-egeld24
    multisite:
      enable: false
    customPostInitScripts:
      install-plugins.sh: |
        #!/bin/bash
        wp plugin install https://updraftplus.com/wp-content/uploads/updraftplus.zip --activate-network        
    ingress:
      hostname: egeld24.de
      extraHosts:
        - name: "www.egeld24.de"
          path: /
      extraTls:
        - hosts:
            - "www.egeld24.de"
          secretName: "egeld24-de-tls"
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod-http
        nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
      customIpWhitelist: "212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,10.0.0.0/16,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,92.42.192.157/32,92.42.192.9/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32,157.90.234.149/32"
    commonLabels:
      app: wordpress
      project: egeld24

prometheus-postgres-exporter:
  serviceMonitor:
    enabled: true
    labels:
      release: kube-prometheus-stack
  rbac:
    pspEnabled: false
  config:
    datasourceSecret:
      name: postgres-exporter-database-connection
      key: datasource

iam:
  enabled: true
  iam_module: external
  iam_client_enabled: "true"
  protocol: http
  hostname: iam.cusprod
  port: 8080
  secret_name_keycloak_creds: iam-keycloak-creds
  envvars:
    iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/"
  netpols:
    keycloak_ip: 167.235.109.35/32 # prodwork01-ingress.smardigo.digital