170 lines
3.8 KiB
YAML
170 lines
3.8 KiB
YAML
bootstrap:
|
|
source:
|
|
repoURL: "https://git.strudelline.net/infra/argo1"
|
|
targetRevision: "prod"
|
|
|
|
cert-manager:
|
|
enabled: true
|
|
values: |
|
|
extraArgs:
|
|
- --dns01-recursive-nameservers-only
|
|
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
|
ingressShim.defaultIssuerKind: ClusterIssuer
|
|
ingressShim.defaultIssuerName: zerossl
|
|
installCRDs: "true"
|
|
|
|
haproxy-ingress:
|
|
enabled: true
|
|
values: |-
|
|
controller:
|
|
config:
|
|
fronting-proxy-port: "81"
|
|
use-proxy-protocol: "true"
|
|
extraArgs:
|
|
watch-ingress-without-class: ""
|
|
ingressClass: haproxy
|
|
ingressClassResource:
|
|
default: true
|
|
enabled: true
|
|
parameters: {}
|
|
logs:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: 172.16.17.81
|
|
metallb.universe.tf/loadBalancerIPs: 172.16.17.81
|
|
type: LoadBalancer
|
|
stats:
|
|
enabled: true
|
|
tcp:
|
|
"81": ""
|
|
serviceAccount:
|
|
create: true
|
|
|
|
argo-cd:
|
|
crds:
|
|
install: false
|
|
|
|
configs:
|
|
params:
|
|
"server.insecure": "true"
|
|
|
|
controller:
|
|
replicas: 1
|
|
|
|
server:
|
|
ingress:
|
|
enabled: true
|
|
hosts: &hhosts
|
|
- argocd.strudelline.net
|
|
tls:
|
|
- hosts: *hhosts
|
|
secretName: wildcard-tls
|
|
ingressGrpc:
|
|
enabled: true
|
|
hosts: &ghosts
|
|
- grpc-argocd.strudelline.net
|
|
tls:
|
|
- hosts: *ghosts
|
|
secretName: wildcard-tls
|
|
|
|
cluster-resources:
|
|
enabled: true
|
|
repoURL: 'https://git.strudelline.net/infra/kube-cascade'
|
|
|
|
vault-agent-injector:
|
|
enabled: true
|
|
values: |
|
|
global:
|
|
enabled: false
|
|
externalVaultAddr: https://vault.strudelline.net
|
|
injector:
|
|
affinity: ""
|
|
agentImage:
|
|
repository: jamesandariese/vault-with-ca
|
|
enabled: true
|
|
failurePolicy: Fail
|
|
|
|
nfs:
|
|
enabled: true
|
|
values: |
|
|
nfs:
|
|
path: /volume1/k8s-volumes
|
|
server: 172.16.18.1
|
|
storageClass:
|
|
name: nfs
|
|
|
|
openebs:
|
|
enabled: true
|
|
values: |
|
|
jiva:
|
|
enabled: false
|
|
legacy:
|
|
enabled: false
|
|
localprovisioner:
|
|
enabled: false
|
|
localpv-provisioner:
|
|
enabled: true
|
|
lvm-localpv:
|
|
enabled: true
|
|
ndm:
|
|
enabled: false
|
|
|
|
external-secrets:
|
|
enabled: true
|
|
values: |
|
|
extraContainers:
|
|
- name: bitwarden-cli
|
|
image: jamesandariese/bitwarden-docker:latest
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: BW_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bitwarden-user
|
|
key: BW_HOST
|
|
- name: BW_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bitwarden-user
|
|
key: BW_USERNAME
|
|
- name: BW_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bitwarden-user
|
|
key: BW_PASSWORD
|
|
ports:
|
|
- name: http
|
|
containerPort: 8087
|
|
protocol: TCP
|
|
livenessProbe:
|
|
exec:
|
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"]
|
|
initialDelaySeconds: 20
|
|
failureThreshold: 3
|
|
timeoutSeconds: 1
|
|
periodSeconds: 120
|
|
readinessProbe:
|
|
exec:
|
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
|
initialDelaySeconds: 20
|
|
failureThreshold: 3
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
startupProbe:
|
|
exec:
|
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
|
initialDelaySeconds: 10
|
|
failureThreshold: 30
|
|
timeoutSeconds: 1
|
|
periodSeconds: 5
|
|
|
|
metallb: {enabled: true}
|
|
pgo: {enabled: true}
|
|
secrets: {enabled: true}
|
|
sealed-secrets: {enabled: true}
|
|
template-operator: {enabled: true}
|
|
trust-manager: {enabled: true}
|