-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathvalues.yaml
More file actions
391 lines (362 loc) · 11.5 KB
/
values.yaml
File metadata and controls
391 lines (362 loc) · 11.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
acs:
# -- The organisation where ACS is being deployed
organisation: AMRC
# -- The base URL that services will be served from
baseUrl: factoryplus.myorganisation.com
# -- Whether or not services should be served over HTTPS
secure: true
letsEncrypt:
# -- Whether or not to use Let's Encrypt to automatically generate
# certificates for the services
enabled: false
# -- The email address to use for Let's Encrypt
email: ''
# -- Whether or not to use the staging environment for Let's Encrypt
staging: false
# -- A list of additional DNS names to use for the certificate
additionalDnsNames: []
# -- The name of the secret holding the wildcard certificate for the
# above domain. It will be used for every service unless that service
# specifies its own tlsSecretName.
tlsSecretName: factoryplus-tls
cacheMaxAge: 300
# -- Image pull secrets for container images
imagePullSecrets: []
# The default registry for ACS images. This can be overridden for
# individual images if necessary.
defaultRegistry: ghcr.io/amrc-factoryplus
# -- An optional tag that will force images to use this version
# regardless of the version in the Helm chart. Each component can
# further override this value by setting the `tag` property in its
# own section. Deployments from a Git checkout must set this value.
#defaultTag: ''
# The default pullPolicy.
defaultPullPolicy: IfNotPresent
# -- Configure which schemas are loaded into the ConfigDB
schemas:
load: true
image:
registry: ghcr.io
repository: amrc-factoryplus/acs-schemas
tag: v1.5.1
coredns:
# -- An option to enable the redirecting of external URL's back
# to the internal Traefik service. This is done through a config map
# override to coredns in the kube-system namespace. The override rewrites
# queries matching .*.<baseURL> to acs-traefik.<namespace>.svc.cluster.local,
# ensuring correct internal service resolution. ACS deployments without
# external DNS should enable this.
traefikRedirect:
enabled: false
identity:
# -- Whether or not to enable the Identity component
enabled: true
# -- The Kerberos realm for this Factory+ deployment.
realm: FACTORYPLUS.MYORGANISATION.COM
# -- Kerberos UPNs to grant kadmin access. This needs to be list of
# objects with 'principal', 'permission' and (optionally)
# 'restrictions' properties; see the kadmin documentation for their
# meaning.
kadminUsers: []
# -- Enable support for cross-realm authentication
crossRealm: [ ]
# crossRealm:
# - realm: MYOTHERREALM.COM
# domain: myotherrealm.com
# otherDomains:
# - myotherrealm.org
# - myotherrealm.net
identity:
image:
# -- The repository of the Identity component
repository: acs-identity
# If this is set to true, the kdb-init container will not set up the
# KDB but will sit and wait. This can be used to halt startup of the
# KDC until a restore from backup can be performed. Be aware that
# this will halt startup of the KDC every time the pod starts until
# the setting is changed.
manualInit: false
krbKeysOperator:
# -- A comma-separated list of namespaces that the KerberosKey Operator should watch for KerberosKey resources in. Defaults to the release namespace if not specified
namespaces: ""
image:
# -- The repository of the KerberosKey Operator
repository: acs-krb-keys-operator
auth:
# -- Whether or not to enable the Authorisation component
enabled: true
image:
# -- The repository of the Authorisation component
repository: acs-auth
verbosity: "ALL,!service,!token,!query"
directory:
# -- Whether or not to enable the Directory component
enabled: true
image:
# -- The repository of the Directory component
repository: acs-directory
configdb:
# -- Whether or not to enable the Configuration Store component
enabled: true
image:
# -- The repository of the Configuration Store component
repository: acs-configdb
bodyLimit: 100kb
backup:
# -- Whether to run a pg_dump of the ConfigDB before every helm upgrade
enabled: true
# -- Number of backups to retain
retention: 5
# -- Size of the PVC for storing backups
storageSize: 1Gi
metadb:
enabled: false
asConfigDB: false
image:
repository: acs-metadb
files:
enabled: true
image:
repository: acs-files
bodyLimit: 500kb
storage: 20Gi
monitor:
enabled: true
image:
repository: acs-monitor
verbosity: "ALL,!service,!token"
dataAccess:
enabled: true
image:
repository: acs-data-access
verbosity: "ALL,!service,!token"
# -- The service-setup component loads ACS-specific configuration into
# the ACS services when the Helm chart is deployed or upgraded.
serviceSetup:
enabled: true
image:
repository: acs-service-setup
# This section overrides the classes etc. installed into the ConfigDB
config:
# Git repos to create in the on-prem server. These may be
# automatically mirrored from external repos, or populated by the
# service setup job.
repoMirror:
helm:
name: Edge Helm charts
pull: {}
# Helm charts to deploy to the edge; these default to the charts
# created automatically but can be overridden to customise
helmChart:
# Chart to deploy an edge cluster
#cluster: null
edgeHelm:
enabled: true
image:
repository: edge-helm-charts
repoPath: shared/helm
mqtt:
# -- Whether or not to enable the MQTT component
enabled: true
image:
# -- The repository of the MQTT component
repository: acs-mqtt
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: 0
unsIngesters:
sparkplug:
enabled: true
image:
# -- The repository of the MQTT component
repository: uns-ingester-sparkplug
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
verbosity: 0
visualiser:
enabled: true
image:
# -- The repository of the MQTT component
repository: acs-visualiser
cmdesc:
# -- Whether or not to enable the Commands component
enabled: true
image:
# -- The repository of the Commands component
repository: acs-cmdesc
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: 1
historians:
uns:
enabled: false
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
# -- The number of messages to batch together before sending to InfluxDB
batchSize: 5000
# -- Send all buffered messages after this amount of time has elapsed if the buffer is not full (in milliseconds)
flushInterval: 10000
image:
# -- The repository of the UNS Historian component
repository: historian-uns
sparkplug:
enabled: true
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
# -- The number of messages to batch together before sending to InfluxDB
batchSize: 5000
# -- Send all buffered messages after this amount of time has elapsed if the buffer is not full (in milliseconds)
flushInterval: 10000
image:
# -- The repository of the Warehouse component
repository: historian-sparkplug
git:
# -- Whether or not to enable the Git component
enabled: true
image:
# -- The repository of the Git component
repository: acs-git
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: "ALL,!service,!token"
clusterManager:
# -- Whether or not to enable the Cluster Manager component
enabled: true
image:
# -- The repository of the Clusters component
repository: acs-cluster-manager
verbosity: "ALL,!service,!token"
admin:
# -- Whether or not to enable the Admin component
enabled: true
image:
# -- The repository of the Admin component
repository: acs-admin
shell:
image:
repository: acs-krb-utils
# XXX This should probably be included in acs-krb-utils
curl:
image:
registry: docker.io
repository: appropriate/curl
tag: latest
kubectl:
image:
registry: docker.io
repository: alpine/kubectl
tag: 1.33.4
postgres:
# -- Whether or not to enable Postgres
enabled: true
# Postgres image to use. DO NOT change major version on an
# existing installation without being prepared to handle database
# dump/restore manually.
image:
registry: docker.io/library
repository: postgres
tag: 16.1
# Kubegres doesn't support setting pullPolicy
kubegres:
kubeProxy:
image:
registry: registry.k8s.io
repository: kubebuilder/kube-rbac-proxy
tag: v0.13.0
kubegres:
image:
registry: docker.io
repository: reactivetechio/kubegres
tag: 1.16
traefik:
enabled: true
ports:
mqtt:
port: 1883
expose: false
exposedPort: 1883
protocol: TCP
mqttsecure:
port: 8883
expose: true
exposedPort: 8883
protocol: TCP
kdc:
port: 8888
expose: true
exposedPort: 88
protocol: TCP
kpasswd:
port: 8464
expose: true
exposedPort: 464
protocol: TCP
kadmin:
port: 8749
expose: true
exposedPort: 749
protocol: TCP
additionalArguments:
- --metrics.prometheus=true
- --serverstransport.insecureskipverify=true
ingressRoute:
dashboard:
enabled: false
# -- [AZURE] Enable the below section to expose your instance of Factory+/ACS over the internet, replacing the <Value>
# -- tags with the details of your pre-configured load balancer.
service:
spec:
loadBalancerIP: <External IP address here>
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: <Load Balancer Resource Group here>
providers:
kubernetesCRD:
allowCrossNamespace: true
logs:
general:
level: DEBUG
grafana:
deploymentStrategy:
type: Recreate
image:
tag: 10.0.1
enabled: true
persistence:
enabled: true
annotations:
"helm.sh/resource-policy": "keep"
envFromSecret: influxdb-auth
admin:
existingSecret: grafana-admin-user
grafana.ini:
auth.basic:
enabled: false
auth.proxy:
enabled: true
header_name: X-Auth-Principal
header_property: username
auto_sign_up: true
sidecar:
datasources:
enabled: true
label: grafana_datasource
initDatasources: true
dashboards:
enabled: true
provider:
folder: 'Factory+'
disableDelete: true
searchNamespace: ALL
influxdb2:
enabled: true
adminUser:
organization: default
existingSecret: influxdb-auth
initScripts:
enabled: true
scripts:
init.sh: |+
#!/bin/bash
echo "Creating mapping for bucket ${DOCKER_INFLUXDB_INIT_BUCKET_ID} in org ${DOCKER_INFLUXDB_INIT_ORG}"
influx v1 dbrp create --bucket-id ${DOCKER_INFLUXDB_INIT_BUCKET_ID} --db default --rp default --default --org ${DOCKER_INFLUXDB_INIT_ORG}
pdb:
create: false
cert-manager:
fullnameOverride: "cert-manager"