-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathvalues.yaml
147 lines (127 loc) · 6.87 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#####################################################
global:
## URL that will be used to access ISD. MUST BE CHANGED
## Ensure that this URL is reachable from your browser. Either DNS name server record must exist or "hosts" file must be updated
oesUI:
host: isd.dev.example.com
ssl:
enabled: false # Set to true if using "httpS" urls. TLS certificates must be generated for the above URL
certManager:
installed: false # Set to true if you have cert-manager installed in the cluster, the URL must be accessible from the internet
## nginx ingress objects are created if set to true. Set to false if using LoadBalancer or any other ingress
## The cluster MUST have nginx ingress controller already installed
createIngress: true
#Only for trial purposes, pod-baesd git is installed and automatically configured
gitea:
enabled: false # Set to true for trial-install only
###############################################################################
# A trial LDAP is installed by default, with users: admin, user1,2,3 with user1password, user2pa...
# Set it to false if own LDAP is to be configured
installOpenLdap: true
## ldap configuration used in oes-gate, oes-platform and spinnaker gate for authentication and authorization
ldap:
managerPassword: encrypted:ldappassword:ldappassword
# Set it to true only if gate.config.saml.enabled to true
auth:
saml: false
## Valid admin details for ISD authorization
saporgate:
config:
username: admin #Name of the valid user in your service provider
adminGroups: admin #Name of the valid admin group in your service provider
password: encrypted:saporpassword:saporpassword #password for the saporgate
minio:
accessKey: encrypted:miniopassword:miniopassword
secretKey: encrypted:miniopassword:miniopassword
####################################################
spinnaker:
gitopsHalyard: # A repo with appropriate contents used for configuring Spinnaker
repo:
type: git # git, s3, stash(bitbucket server) use a different sample values file for s3/bitbuck-stash
## Git repo details, https://<baseUrlHostName>/<organization>/<repository>
organization: YOUR_ORG_NAME_OR_YOUR_USER_NAME_IF_NO_ORG
repository: YOUR_REPO_NAME # repo name for GitOps Halyard, will be created if "githubcreationHook" is set to true
username: YOUR_USER_NAME # Username to authenticate with git/stash repo
dynamicAccRepository: SAME_AS_REPOSITORY_ABOVE # Repo name of the GitOps Dynamic Accounts Directory, Can be same as "repository"
########################################################################################
## Additional git-repo parameters, typically no need to be change
########################################################################################
configArgs: "http.sslVerify=false" # Extra arguments to the git clone command
## Configure below fields only if repo type is git/stash.
baseUrlHostName: github.com # Change only if using enterprise git or another repo-type
projectName: "" # Specify project name only if repo is under a project
halConfigBranch: main # Branch for the "repository", recommend to keep "main"
halConfigPath: / #relative path from repository root folder
dynAccntConfigPath: / #relative path from repository root folder
token: encrypted:gittoken:gittoken # Token corresponding to spinnaker.gitopsHalyard.repo.username
########################################################################################
# Lines below this do not need to be changed except where external SSO and DBs are used
########################################################################################
## Here basic ldap auth is used by default; everything under spinCli will be pasted in ~/.spin/config
spinCli:
auth:
basic:
username: admin # Use credentials corresponding to saporgate.config.username
password: encrypted:saporpassword:saporpassword # Use credentials corresponding to saporgate.config.password
####################################################
db:
url: jdbc:postgresql://oes-db:5432
username: postgres
password: encrypted:dbpassword:dbpassword
###############################################################################
gate:
config:
#####################################################
# SAML AUthentication
#####################################################
# keytool -genkey -v -keystore oessaml.jks -alias saml -keyalg RSA -keysize 2048 -validity 10000
# oessaml.jks and oesmetadata.xml are mounted as secrets, create them as follows
# kubectl create secret generic oesmetadataxml --from-file=oesmetadata.xml -n <namespace>
# kubectl create secret generic oessamljks --from-file=oessaml.jks -n <namespace>
# kubectl create secret generic samljks-password --from-literal password=changeit -n <namespace>
saml:
enabled: false
userSource: gate # Groups will be obtained from SAML
keyStore: /opt/spinnaker/saml/oessaml.jks # The key in this secret must be oessaml.jks
keyStorePassword: encrypted:keystorepassword:keystorepassword
keyStoreAliasName: saml
metadataUrl: /opt/spinnaker/saml/oesmetadata.xml # The key in this secret must be oesmetadata.xml
redirectProtocol: https
redirectHostname: oes-gate.ryzon7-gitops.opsmx.org # OES gate host name
redirectBasePath: /
issuerId: ryzonoesgate
jksSecretName: oessamljks
metadataSecretName: oesmetadataxml
#####################################################
#OAUTH2 Authentication for GitHub
#####################################################
oauth2:
enabled: false
client:
clientId: #CLIENT_ID
clientSecret: #CLIENT_SECRET_ID
accessTokenUri: https://github.com/login/oauth/access_token
userAuthorizationUri: https://github.com/login/oauth/authorize
scope: user-email
resource:
userInfoUri: https://api.github.com/user
userInfoMapping:
email: email
firstName: firstname
lastName: name
username: login
provider: GITHUB
###############################################################################
rabbitmq:
username: rabbitmq
password: encrypted:rabbitmqpassword:rabbitmqpassword
###############################################################################
## Details of redis-master image for OES
redis:
url: redis://:encrypted:redispassword:redispassword@{{ .Release.Name }}-redis-master
password: encrypted:redispassword:redispassword
#####################################################
# OpenLDAP custom configuration; will override default configuration of openldap helm chart
openldap:
adminPassword: encrypted:ldappassword:ldappassword
configPassword: encrypted:ldapconfigpassword:ldapconfigpassword