2021-09-09 17:44:45 +00:00
|
|
|
# Deploy CiliumNetworkPolicies if you already use cilium as cni
|
2021-02-19 12:27:50 +00:00
|
|
|
cilium:
|
|
|
|
enabled: false
|
2021-09-09 17:44:45 +00:00
|
|
|
# Deploy ECK https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html
|
|
|
|
# include operator,elastic,kibana,filebeats
|
2021-02-19 12:27:50 +00:00
|
|
|
elk:
|
|
|
|
enabled: false
|
2021-09-09 17:44:45 +00:00
|
|
|
# Deploy Prometheus operator in monitoring namespace.
|
|
|
|
# Must have as we use ServiceMonitor by CRD in setup with processing services
|
2021-02-26 17:14:11 +00:00
|
|
|
prometheus:
|
2021-07-08 01:10:39 +00:00
|
|
|
enabled: false
|
2021-09-09 17:44:45 +00:00
|
|
|
# Deploy nginx Ingresscontroller.
|
|
|
|
# We use and recommend https://github.com/kubernetes/ingress-nginx/ coz we have
|
|
|
|
# a lot sublocation on same host on different services
|
|
|
|
# and we do not fell in love with minion config by nginx official controller
|
2021-07-29 14:51:03 +00:00
|
|
|
ingress:
|
2021-08-02 09:00:20 +00:00
|
|
|
enabled: false
|
2021-09-09 17:44:45 +00:00
|
|
|
# OUR setup is in baremetal, so there is ip which bind to ingresscontroller
|
2021-07-29 14:51:03 +00:00
|
|
|
ip: 'someip'
|
2021-09-09 17:44:45 +00:00
|
|
|
# Deploy certmaanger operator. But you still need setup you Issuer or ClusterIssuer for certmanager
|
2021-08-12 15:23:33 +00:00
|
|
|
certmanager:
|
|
|
|
enabled: false
|
2021-02-19 12:27:50 +00:00
|
|
|
|
2021-09-09 17:44:45 +00:00
|
|
|
# Section of common settings for some services
|
2021-02-19 12:27:50 +00:00
|
|
|
services:
|
|
|
|
global:
|
2021-09-09 17:44:45 +00:00
|
|
|
# Set to "true" if your cluster CIDR only ipv6 family
|
2021-07-08 01:10:39 +00:00
|
|
|
ipv6only: false
|
2021-09-17 06:35:40 +00:00
|
|
|
# Deploy ServiceMonitors with processing services
|
|
|
|
metrics:
|
|
|
|
enabled: true
|
2021-09-17 06:31:49 +00:00
|
|
|
# Set if use your own container registry for processing service's images
|
|
|
|
registry:
|
2021-09-20 11:28:31 +00:00
|
|
|
repository: docker.io/rbkmoney
|
2021-09-17 06:31:49 +00:00
|
|
|
imagePullSecret: {}
|
2021-10-07 16:07:42 +00:00
|
|
|
# Set tolerations for pcidss services. Need manually set taints to pcidss nodes:
|
|
|
|
# kubectl taint nodes wrk1-dss wrk2-dss pcidss=true:NoSchedule
|
|
|
|
pcidss:
|
|
|
|
taints:
|
|
|
|
enabled: false
|
|
|
|
key: pcidss
|
|
|
|
value: true
|
2021-09-17 06:31:49 +00:00
|
|
|
|
2021-02-24 17:48:54 +00:00
|
|
|
vault:
|
2021-10-07 16:07:42 +00:00
|
|
|
# enabled:false switch getting postgres user and password from annotations to secret
|
|
|
|
enabled: true
|
2021-10-21 12:35:40 +00:00
|
|
|
# Enable autounseal and disable persistance
|
2021-02-24 17:48:54 +00:00
|
|
|
dev: true
|
2021-10-21 12:35:40 +00:00
|
|
|
injectorNamespaced: true
|
|
|
|
# Set "enabled: true" if use another vault instance for autounseal.
|
|
|
|
# !Needs secret with token named "vault-transit-token" (look at config/vault/values.yaml.gotmpl)
|
|
|
|
transitUnseal:
|
|
|
|
enabled: false
|
|
|
|
address: http://another.vault.local:8200
|
|
|
|
|
2021-02-24 17:48:54 +00:00
|
|
|
|
2021-10-12 12:58:20 +00:00
|
|
|
# Change in case of external splited riak clusters for CDS and Machinegun, wb-list-manager
|
2021-10-07 16:07:42 +00:00
|
|
|
riak:
|
|
|
|
riakMgAddress: riak
|
|
|
|
riakCdAddress: riak
|
2021-10-12 12:58:20 +00:00
|
|
|
riakWblAddress: riak
|
2021-10-07 16:07:42 +00:00
|
|
|
|
|
|
|
# Enable postgresql external cluster with One user for any services
|
|
|
|
# TODO: split users
|
|
|
|
postgres:
|
|
|
|
external: false
|
|
|
|
# Values below uses only if postgres.external is true
|
2021-10-14 23:46:43 +00:00
|
|
|
endpoint: postgres-postgresql
|
2021-10-07 16:07:42 +00:00
|
|
|
uniUser: postgres
|
|
|
|
uniPassword: H@ckM3
|
|
|
|
|
|
|
|
# Enable external kafka cluster
|
|
|
|
kafka:
|
|
|
|
external: false
|
|
|
|
endpoint: kafka
|
|
|
|
port: 9092
|
|
|
|
ssl:
|
|
|
|
enabled: false
|
|
|
|
keystorePass: 12341234
|
|
|
|
# Set if differ from keystore password
|
|
|
|
keyPass: 12341234
|
|
|
|
truststorePass: 43214321
|
|
|
|
|
|
|
|
s3:
|
|
|
|
endpoint: minio:9000
|
|
|
|
region: EU
|
|
|
|
bucket: bucket-files
|
|
|
|
accessKey: user_01
|
|
|
|
secretKey: SomeSecretKeyFromS3AdminConsole
|
|
|
|
|
2021-11-15 01:32:13 +00:00
|
|
|
mail:
|
|
|
|
smtp:
|
|
|
|
host: mail
|
|
|
|
port: 25
|
|
|
|
from: no-reply@test.ru
|
|
|
|
auth:
|
|
|
|
enabled: false
|
|
|
|
username: user
|
|
|
|
password: password
|
|
|
|
|
2021-02-24 17:48:54 +00:00
|
|
|
ingress:
|
2021-09-09 17:44:45 +00:00
|
|
|
# Ingressclass if have more than one controller:
|
2021-07-08 01:10:39 +00:00
|
|
|
class: "nginx"
|
2021-09-09 17:44:45 +00:00
|
|
|
# root domain with will be used for services subdomain:
|
2021-07-08 01:10:39 +00:00
|
|
|
rootDomain: some-site.ru
|
2021-09-09 17:44:45 +00:00
|
|
|
# If true ingress will be rendered with name of namespace. For example, if deploy
|
|
|
|
# in Namespace test api will be available at api.test.some-site.ru
|
|
|
|
namespacedDomain: false
|
2021-02-26 17:14:11 +00:00
|
|
|
tls:
|
2021-08-09 14:48:46 +00:00
|
|
|
enabled: false
|
2021-09-09 17:44:45 +00:00
|
|
|
# Use certmanager annotations for tls certificate
|
2021-07-08 01:10:39 +00:00
|
|
|
letsEncrypt:
|
|
|
|
enabled: false
|
|
|
|
issuer: ""
|
2021-09-09 17:44:45 +00:00
|
|
|
# Put here name of secret with wildcard cert for services.ingress.rootDomain if you have one.
|
|
|
|
# If use Lets Encrypt for cert this value will be used as suffix for secrets with certs
|
2021-08-09 14:48:46 +00:00
|
|
|
secretName: sometlssecret
|
2021-02-24 17:48:54 +00:00
|
|
|
|