valitydev/helmsdeep
14
0
Fork 0
mirror of https://github.com/valitydev/helmsdeep.git synced 2024-11-06 00:45:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
helmsdeep/default.values.yaml
vilorij 18ebb1541f
Changes (#246) 
* Ch values added

* initdb-related fixes

* no optional

* vault fix for k8s 1.21

* policy add

* configurable replicas count

* typo fix

* add new env

* fix ingressclass

* return correct config

* policy refactor

* add FRONTURL for realms

* refactor papi

* add cnp

* bump deps

* delete useless cnp

* new service

* comment l7 cnp

* add needed cnp

* move vhost to ingress

* ZK label for cnp

* change create time for fixing UpdatePassword

* delete ns from cnp

* bump

* last policy

Co-authored-by: i.panteleev <i.panteleev@rbk.money>
Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com>
2021-11-15 04:38:10 +03:00

123 lines
3.8 KiB
YAML
Raw Permalink Blame History

# Deploy CiliumNetworkPolicies if you already use cilium as cni
cilium:
enabled: false
# Deploy ECK https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html
# include operator,elastic,kibana,filebeats
elk:
enabled: false
# Deploy Prometheus operator in monitoring namespace.
# Must have as we use ServiceMonitor by CRD in setup with processing services
prometheus:
enabled: false
# Deploy nginx Ingresscontroller.
# We use and recommend https://github.com/kubernetes/ingress-nginx/ coz we have
# a lot sublocation on same host on different services
# and we do not fell in love with minion config by nginx official controller
ingress:
enabled: false
# OUR setup is in baremetal, so there is ip which bind to ingresscontroller
ip: 'someip'
# Deploy certmaanger operator. But you still need setup you Issuer or ClusterIssuer for certmanager
certmanager:
enabled: false
# Section of common settings for some services
services:
global:
# Set to "true" if your cluster CIDR only ipv6 family
ipv6only: false
# Deploy ServiceMonitors with processing services
metrics:
enabled: true
# Set if use your own container registry for processing service's images
registry:
repository: docker.io/rbkmoney
imagePullSecret: {}
# Set tolerations for pcidss services. Need manually set taints to pcidss nodes:
# kubectl taint nodes wrk1-dss wrk2-dss pcidss=true:NoSchedule
pcidss:
taints:
enabled: false
key: pcidss
value: true
replicas: 1
statelessReplicas: 1
# In case of dev:true and If you use kubernetes >=1.21, or use any cloud provider look at https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issuer
# You need set issuer according to your cluster in config/vault-cm/values.yaml.gotmpl
vault:
# enabled:false switch getting postgres user and password from annotations to secret
enabled: true
# Enable autounseal and disable persistance
dev: true
injectorNamespaced: true
# Set "enabled: true" if use another vault instance for autounseal.
# !Needs secret with token named "vault-transit-token" (look at config/vault/values.yaml.gotmpl)
transitUnseal:
enabled: false
address: http://another.vault.local:8200
# Change in case of external splited riak clusters for CDS and Machinegun, wb-list-manager
riak:
riakMgAddress: riak
riakCdAddress: riak
riakWblAddress: riak
# Enable postgresql external cluster with One user for any services
# TODO: split users
postgres:
external: false
# Values below uses only if postgres.external is true
endpoint: postgres-postgresql
uniUser: postgres
uniPassword: H@ckM3
# Enable external kafka cluster
kafka:
external: false
endpoint: kafka
port: 9092
ssl:
enabled: false
keystorePass: 12341234
# Set if differ from keystore password
keyPass: 12341234
truststorePass: 43214321
s3:
endpoint: minio:9000
region: EU
bucket: bucket-files
accessKey: user_01
secretKey: SomeSecretKeyFromS3AdminConsole
mail:
smtp:
host: mail
port: 25
from: no-reply@test.ru
auth:
enabled: false
username: user
password: password
ingress:
# Ingressclass if have more than one controller:
class: "nginx"
# root domain with will be used for services subdomain:
rootDomain: some-site.ru
# If true ingress will be rendered with name of namespace. For example, if deploy
# in Namespace test api will be available at api.test.some-site.ru
namespacedDomain: false
tls:
enabled: false
# Use certmanager annotations for tls certificate
letsEncrypt:
enabled: false
issuer: ""
# Put here name of secret with wildcard cert for services.ingress.rootDomain if you have one.
# If use Lets Encrypt for cert this value will be used as suffix for secrets with certs
secretName: sometlssecret
Reference in New Issue View Git Blame Copy Permalink