# Deploy CiliumNetworkPolicies if you already use cilium as cni cilium: enabled: false # Deploy ECK https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html # include operator,elastic,kibana,filebeats elk: enabled: false # Deploy Prometheus operator in monitoring namespace. # Must have as we use ServiceMonitor by CRD in setup with processing services prometheus: enabled: false # Deploy nginx Ingresscontroller. # We use and recommend https://github.com/kubernetes/ingress-nginx/ coz we have # a lot sublocation on same host on different services # and we do not fell in love with minion config by nginx official controller ingress: enabled: false # OUR setup is in baremetal, so there is ip which bind to ingresscontroller ip: 'someip' # Deploy certmaanger operator. But you still need setup you Issuer or ClusterIssuer for certmanager certmanager: enabled: false # Section of common settings for some services services: global: # Set to "true" if your cluster CIDR only ipv6 family ipv6only: false # Deploy ServiceMonitors with processing services metrics: enabled: true # Set if use your own container registry for processing service's images registry: repository: docker.io/rbkmoney imagePullSecret: {} # Set tolerations for pcidss services. Need manually set taints to pcidss nodes: # kubectl taint nodes wrk1-dss wrk2-dss pcidss=true:NoSchedule pcidss: taints: enabled: false key: pcidss value: true replicas: 1 statelessReplicas: 1 # In case of dev:true and If you use kubernetes >=1.21, or use any cloud provider look at https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issuer # You need set issuer according to your cluster in config/vault-cm/values.yaml.gotmpl vault: # enabled:false switch getting postgres user and password from annotations to secret enabled: true # Enable autounseal and disable persistance dev: true injectorNamespaced: true # Set "enabled: true" if use another vault instance for autounseal. # !Needs secret with token named "vault-transit-token" (look at config/vault/values.yaml.gotmpl) transitUnseal: enabled: false address: http://another.vault.local:8200 # Change in case of external splited riak clusters for CDS and Machinegun, wb-list-manager riak: riakMgAddress: riak riakCdAddress: riak riakWblAddress: riak # Enable postgresql external cluster with One user for any services # TODO: split users postgres: external: false # Values below uses only if postgres.external is true endpoint: postgres-postgresql uniUser: postgres uniPassword: H@ckM3 # Enable external kafka cluster kafka: external: false endpoint: kafka port: 9092 ssl: enabled: false keystorePass: 12341234 # Set if differ from keystore password keyPass: 12341234 truststorePass: 43214321 s3: endpoint: minio:9000 region: EU bucket: bucket-files accessKey: user_01 secretKey: SomeSecretKeyFromS3AdminConsole mail: smtp: host: mail port: 25 from: no-reply@test.ru auth: enabled: false username: user password: password ingress: # Ingressclass if have more than one controller: class: "nginx" # root domain with will be used for services subdomain: rootDomain: some-site.ru # If true ingress will be rendered with name of namespace. For example, if deploy # in Namespace test api will be available at api.test.some-site.ru namespacedDomain: false tls: enabled: false # Use certmanager annotations for tls certificate letsEncrypt: enabled: false issuer: "" # Put here name of secret with wildcard cert for services.ingress.rootDomain if you have one. # If use Lets Encrypt for cert this value will be used as suffix for secrets with certs secretName: sometlssecret