-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
230 lines (182 loc) · 8.34 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
# Default values for artifactory-ha.
# This is a YAML-formatted file.
# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}
## You likely don't want to touch this unless you are using your own kintohub images
## This is the name of the registry in docker hub
## ie: kintohub/kinto-core:latest
repo: kintohub
common:
## The domain name will be used for every web services exposed externally using kintohub
## but also to access kinto dashboard and kinto core
## ie: Kinto dashboard will be accessible through 'dashboard.oss.kintohub.net'
## ie: Kinto core will be accessible through 'core.oss.kintohub.net' and 'core-web.oss.kintohub.net'
## id: Every kinto services will be a subdomain of 'oss.kintohub.net'
domainName: oss.kintohub.net ## TO BE CHANGED
ssl:
enabled: false
## Cert Manager concept: https://cert-manager.io/docs/concepts/issuer/
## This issuer is cluster wide and will be used for every cert generated in KintoHub
## Issuer only works with cloudflare at the moment, please create an issue or open a PR if you want to add more
## Here is a list of providers supported: https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers
issuer:
email: [email protected] ## TO BE CHANGED - this email will be used for every certificate generated
server: https://acme-v02.api.letsencrypt.org/directory ## let's encrypt server used (this is the production one)
solver:
## Generate a token using https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/#api-tokens
## No need to provide `cloudflareApiToken` if `existingSecret` is set
# existingSecret: kinto-cert-manager ## in `cert-manager` namespace
cloudflare:
email: [email protected] ## TO BE CHANGED - your cloudflare username account
cloudflareApiToken: [CF_API_TOKEN] ## TO BE CHANGED
core:
replicas: 1
image: kinto-core:v0.2.2
imagePullPolicy: IfNotPresent
# existingSecret: kinto-core
secretKey:
grpc:
port: 8080
grpcWeb:
port: 8090
ingress:
## Disable this if you don't want kinto-core to be exposed on internet
enabled: false
env:
LOG_LEVEL: DEBUG
resources: {}
builder:
replicas: 1
image: kinto-builder
imagePullPolicy: IfNotPresent
tag: v0.2.0
port: 8080
env:
LOG_LEVEL: DEBUG
## Image Registry used to push images that are built using KintoHub
## In order for kintohub to gain access over this registry, you must configure `builder.workflow.docker` correctly.
IMAGE_REGISTRY_HOST: kintohub ## TO BE CHANGED
POLL_LOGS_INTERVAL_SECONDS: 1
USER_FRIENDLY_BUILD_LOGS_ENABLED: false
## Timeout in seconds after which the workflow fails
WORKFLOW_TIMEOUT: 1800
## Configuration for Argo Workflow. KintoHub generated Argo Workflow in Kubernetes to build and deploy your services.
## Therefore, workflows must be configured according to what you build.
ARGO_WORKFLOW_TTL_SECONDS: 120 ## After completion, Argo automatically clean up kubernetes and delete the workflow after ARGO_WORKFLOW_TTL_SECONDS in seconds
ARGO_WORKFLOW_MINIO_BUCKET: argo-artifacts
ARGO_WORKFLOW_IMAGE_PULL_POLICY: IfNotPresent
ARGO_WORKFLOW_VOLUME_SIZE: 1Gi ## each workflow can use an empty dir volume -> https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
ARGO_WORKFLOW_MEMORY_LIMIT:
ARGO_WORKFLOW_CPU_LIMIT:
ARGO_WORKFLOW_MEMORY_REQUEST:
ARGO_WORKFLOW_CPU_REQUEST:
resources: {}
workflow:
mainImage: kinto-workflow-main ## don't add tag here, it is dependant of `builder.tag`
cliImage: kinto-workflow-cli ## don't add tag here, it is dependant of `builder.tag`
## Docker registry to access `builder.env.IMAGE_REGISTRY_HOST`
## This will create a type `kubernetes.io/dockerconfigjson` secret in kubernetes
docker: ## TO BE CHANGED
## No need to provide the rest of the information if `existingSecret` is set
# existingSecret: kinto-builder-workflow-docker ## in `kintohub` namespace
## Right now, kaniko doesn't support v2 API -> https://github.com/GoogleContainerTools/kaniko/issues/1209
registry: https://index.docker.io/v1/
email: [email protected]
username: kintohub
password: [DOCKERHUB_API_TOKEN] ## Create access token https://docs.docker.com/docker-hub/access-tokens/
dashboard:
replicas: 1
image: kinto-dashboard:v0.2.0
imagePullPolicy: IfNotPresent
port: 5000
resources: {}
ingress:
## Disable this if you don't want kinto-dashboard to be exposed on internet
enabled: false
env:
REACT_APP_GRPC_WEB_HTTPS_ENABLED: true
REACT_APP_SLEEP_MODE_TTL_MINUTES: "10" ## Default Time To Sleep for web servers configured with Sleep Mode enabled
REACT_APP_LOCAL_STORAGE_VERSION: "20201124153800"
## Configuration for nginx-ingress-controller
## KintoHub as well as all your webservers with public access will be exposed throught this nginx controller
nginx-ingress-controller:
service:
type: ClusterIP
## PR : https://github.com/kintohub/kinto-kube-infra/pull/65
## This is for preserving client IP address
##
## Plz take extra care of the information below.
##
## The proper way to fix that should have been to enable "proxy protocol" on the nginx ingress controller.
## Ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-proxy-protocol
##
## However, this is not supported by GCP/GKE. Ref: https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke
## (It is however supported by AWS, DO, maybe Azure? - anyway, quite surprising)
##
## So I ended up setting externalTrafficPolicy of our nginx ingress ingress service to Local instead of Cluster.
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
## However, it has the downside of not balancing the traffic very well. Indeed the LB will still target multiple nodes, but they will
## not take into consideration the number of pods per nodes.
## See following video: https://www.youtube.com/watch?v=y2bhV81MfKQ&feature=youtu.be&t=1823
## As u can see, this downside will mostly be for multiple pods of the same deployment per node. And our user don't have this case yet,
## they barely use autoscaling.
## So I suggest we merge this PR and we will see in the future if issue arises. We will be able then to maybe deploy another ingress
## controller with better spreading.
# externalTrafficPolicy: Local
replicaCount: 1
minAvailable: 1
config:
proxy-body-size: "50m"
resources: {}
scope:
enabled: false
extraArgs:
## Wildcard certificate corresponding to `common.ssl.certificate`
## All your webservers will use this certificate by default
## /!\ CHANGE THIS IF NAMESPACE != "kintohub"
default-ssl-certificate: "kintohub/common-wildcard-cert"
defaultBackend:
replicaCount: 1
minAvailable: 1
resources: {}
## Configuration for proxless
## Proxless is used for Sleep mode
## Reference: https://github.com/bappr/proxless
proxless:
port: 80
image:
repository: bappr/proxless
tag: v0.1.7
pullPolicy: IfNotPresent
logLevel: DEBUG
replicas: 1 ## Uncomment `REDIS_URL` if > 1 and change `redis.enabled` to `true`
resources: {}
env:
SERVERLESS_TTL_SECONDS: 30 ## Time in seconds proxless waits before scaling down the app
DEPLOYMENT_READINESS_TIMEOUT_SECONDS: 30 ## Time in seconds proxless waits for the deployment to be ready when scaling up the app
SCALE_DOWN_CHECK_INTERVAL_SECONDS: 3000 ## The downscaler check the deployment every N seconds
SERVICES_INFORMER_RESYNC_INTERVAL_SECONDS: 3000 ## All services will be resynced after N seconds
# REDIS_URL: kinto-redis-master:6379 ## Configured to use redis below
redis:
enabled: false
## Configuration for minio
## Minio used to store the history of deployment logs
minio:
accessKey: "AKIAIOSFODNN7EXAMPLE"
secretKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
persistence:
enabled: false
size: 10Gi
resources:
requests:
memory: null
makeBucketJob:
resources:
requests:
memory: null
defaultBucket:
enabled: true
name: argo-artifacts
environment:
MINIO_API_READY_DEADLINE: "5s"
MINIO_BROWSER: "on"