-
Notifications
You must be signed in to change notification settings - Fork 115
/
Copy pathvalues.yaml
194 lines (174 loc) · 8.33 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
wso2:
# WSO2 subscription parameters. If you do not have an active subscription, do not provide values for the parameters.
# If you do not possess an active WSO2 subscription already, you can sign up for a WSO2 Free Trial Subscription at (https://wso2.com/free-trial-subscription).
subscription:
username: ""
password: ""
persistentRuntimeArtifacts:
# Persistent storage provider expected to be used for sharing persistent runtime artifacts
# This can be one of the following.
# 1. internal-nfs - Using the NFS dynamic provisioner for Kubernetes
# 2. external-nfs - Using an externally configured NFS server
cloudProvider: "internal-nfs"
# External NFS Server IP
nfsServerIP: ""
# Exported location on external NFS Server to be mounted at <IS_HOME>/repository/tenants
sharedTenants: ""
# Exported location on external NFS Server to be mounted at <IS_HOME>/repository/deployment/server/userstores
sharedUserstores: ""
deployment:
dependencies:
# MySQL configurations
# enabled: The configuration should be set to be 'true' if a MySQL database should be spawned as a pod within the cluster
mysql: true
# Enable NFS dynamic provisioner for Kubernetes
nfsServerProvisioner: true
wso2is:
# If a custom image must be used, uncomment 'dockerRegistry' and provide its value.
# dockerRegistry: ""
imageName: "wso2is"
imageTag: "5.10.0"
# Number of deployment replicas
replicas: 2
# Minimum number of seconds for which a newly created pod should be ready without any of its containers crashing, for it to be considered available.
minReadySeconds: 30
strategy:
rollingUpdate:
# The maximum number of pods that can be scheduled above the desired number of pods.
maxSurge: 1
# The maximum number of pods that can be unavailable during the update.
maxUnavailable: 0
# Indicates whether the container is running.
livenessProbe:
# Number of seconds after the container has started before liveness probes are initiated.
initialDelaySeconds: 120
# How often (in seconds) to perform the probe.
periodSeconds: 10
# Indicates whether the container is ready to service requests.
readinessProbe:
# Number of seconds after the container has started before readiness probes are initiated.
initialDelaySeconds: 120
# How often (in seconds) to perform the probe.
periodSeconds: 10
resources:
# These are the minimum resource recommendations for running WSO2 Identity and Access Management product profiles
# as per official documentation (https://docs.wso2.com/display/IS580/Installation+Prerequisites).
requests:
# The minimum amount of memory that should be allocated for a Pod
memory: "2Gi"
# The minimum amount of CPU that should be allocated for a Pod
cpu: "2000m"
limits:
# The maximum amount of memory that should be allocated for a Pod
memory: "4Gi"
# The maximum amount of CPU that should be allocated for a Pod
cpu: "4000m"
# Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images)
imagePullPolicy: Always
config:
deployment.toml: |-
# Deployment config for identity server deployment
[server]
hostname = "$env{HOST_NAME}"
node_ip = "$env{NODE_IP}"
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[user_store]
type = "database_unique_id"
[database.user]
url = "jdbc:mysql://wso2is-rdbms-service-mysql:3306/WSO2IS_SHARED_DB?autoReconnect=true&useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
driver = "com.mysql.cj.jdbc.Driver"
[database.user.pool_options]
validationQuery = "SELECT 1"
[transport.https.properties]
proxyPort="443"
[database.identity_db]
url = "jdbc:mysql://wso2is-rdbms-service-mysql:3306/WSO2IS_IDENTITY_DB?autoReconnect=true&useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
driver = "com.mysql.cj.jdbc.Driver"
[database.identity_db.pool_options]
validationQuery = "SELECT 1"
[database.shared_db]
url = "jdbc:mysql://wso2is-rdbms-service-mysql:3306/WSO2IS_SHARED_DB?autoReconnect=true&useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
driver = "com.mysql.cj.jdbc.Driver"
[database.shared_db.pool_options]
validationQuery = "SELECT 1"
[database.bps_database]
url = "jdbc:mysql://wso2is-rdbms-service-mysql:3306/WSO2IS_BPS_DB?autoReconnect=true&useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
driver = "com.mysql.cj.jdbc.Driver"
[database.bps_database.pool_options]
validationQuery = "SELECT 1"
[[datasource]]
id = "WSO2ConsentDS"
url = "jdbc:mysql://wso2is-rdbms-service-mysql:3306/WSO2IS_CONSENT_DB?autoReconnect=true&useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
driver = "com.mysql.cj.jdbc.Driver"
pool_options.validationQuery="SELECT 1"
pool_options.maxActive=50
pool_options.maxWait = 60000 # wait in milliseconds
pool_options.testOnBorrow = true
pool_options.jmxEnabled = false
[authentication.consent]
data_source="jdbc/WSO2ConsentDS"
[keystore.primary]
name = "wso2carbon.jks"
password = "wso2carbon"
[clustering]
membership_scheme = "kubernetes"
domain = "wso2.carbon.domain"
properties.membershipSchemeClassName = "org.wso2.carbon.membership.scheme.kubernetes.KubernetesMembershipScheme"
properties.KUBERNETES_NAMESPACE = "$env{KUBERNETES_NAMESPACE}"
properties.KUBERNETES_SERVICES = "wso2is-pattern-1-service"
properties.KUBERNETES_MASTER_SKIP_SSL_VERIFICATION = "true"
properties.USE_DNS = "false"
# Configurations for the logstash container image and elasticsearch authorization credentials
# Centralized logging is disabled by default. If it is required to enable centralized logging, please follow the instructions
# provided in the documentation (https://github.com/wso2/kubernetes-is/tree/master/advanced/helm/is-pattern-1#enabling-centralized-logging)
centralizedLogging:
enabled: false
logstash:
imageTag: 7.2.0
elasticsearch:
host: wso2-elasticsearch-master
username: "elastic"
password: "changeme"
# Configurations for Prometheus monitoring
monitoring:
# Enable Prometheus monitoring. This will start Prometheus exporter on port 2222 and deploy Service monitors
# for JVM, JMX and Blackbox exporter for Login calls
enabled: false
prometheus:
serviceMonitor:
# If the black box exporter is deployed in a different Namespace
# blackBoxNamespace:
# Prometheus Operator labels to identify Service monitors
labels:
release: monitoring
# Job name of the JMX events
jmxJobName: "jmx"
kubernetes:
# Name of Kubernetes service account
svcaccount: "wso2svc-account"