-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathvalues-prod.yaml
More file actions
209 lines (189 loc) · 6.11 KB
/
values-prod.yaml
File metadata and controls
209 lines (189 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
clusterGroup:
name: prod
isHubCluster: true
sharedValueFiles:
- /values-hypershift.yaml
- '/overrides/values-{{ $.Values.global.clusterPlatform }}.yaml'
- '/overrides/values-{{ $.Values.global.clusterVersion }}-{{ $.Values.clusterGroup.name }}.yaml'
namespaces:
vault:
multicluster-engine:
group-sync-operator:
external-secrets-operator:
operatorGroup: true
targetNamespaces: []
external-secrets:
openshift-pipelines:
cluster-provisioning:
# When listed (and not disabled), charts/all/pipelines enables create-klusterlet-addon alongside acm app below.
# open-cluster-management:
# Operator subscriptions default to sync wave 0. Give them an explicit early band so
# CSVs exist before Applications that install CRs for those operators (Argo advances
# waves only after prior-wave resources are Synced + Healthy where health applies).
subscriptions:
eso:
name: openshift-external-secrets-operator
namespace: external-secrets-operator
channel: stable-v1
annotations:
argocd.argoproj.io/sync-wave: "5"
mce:
name: multicluster-engine
namespace: multicluster-engine
channel: stable-2.11
annotations:
argocd.argoproj.io/sync-wave: "5"
openshift-pipelines:
name: openshift-pipelines-operator-rh
channel: latest
groupsync:
name: group-sync-operator
namespace: group-sync-operator
source: community-operators
channel: alpha
annotations:
argocd.argoproj.io/sync-wave: "5"
argoProjects:
- hub
- hypershift
- pipelines
- infrastructure
# Hub Applications: assign argocd.argoproj.io/sync-wave on every Argo Application so
# ordering is explicit and kubelet-config stays in a terminal wave. Argo advances waves
# only after resources in the current wave are Synced and Healthy; leaving many apps at
# the default wave 0 makes failures harder to reason about and can interact badly with
# MCO (KubeletConfig) rollouts during first sync.
applications:
vault:
name: vault
namespace: vault
project: hub
chart: hashicorp-vault
chartVersion: 0.1.*
annotations:
argocd.argoproj.io/sync-wave: "28"
openshift-external-secrets:
name: openshift-external-secrets
namespace: external-secrets
argoProject: hub
chart: openshift-external-secrets
chartVersion: 0.0.*
annotations:
argocd.argoproj.io/sync-wave: "38"
cert-manager:
disabled: false
name: openshift-cert-manager
namespace: cert-manager-operator
argoProject: hub
chart: letsencrypt
chartVersion: 0.1.*
annotations:
argocd.argoproj.io/sync-wave: "22"
ignoreDifferences:
- group: argoproj.io
kind: ArgoCD
jqPathExpressions:
- .metadata.annotations
autoscaler:
disabled: false
name: cluster-autoscaler
namespace: openshift-machine-api
argoProject: hub
chart: cluster-autoscaler
chartVersion: 0.0.*
annotations:
argocd.argoproj.io/sync-wave: "15"
hypershift:
disabled: false
name: hypershift
namespace: multicluster-engine
argoProject: hypershift
chart: hypershift-config
chartVersion: 0.0.*
annotations:
argocd.argoproj.io/sync-wave: "18"
pipelines:
disabled: false
name: pipelines
namespace: openshift-pipelines
argoProject: pipelines
path: charts/all/pipelines
chart: cluster-pipelines
chartVersion: 0.0.*
annotations:
argocd.argoproj.io/sync-wave: "18"
# Uncomment when ACM is installed — pipelines chart detects this key and enables Klusterlet add-on task.
# acm:
# name: acm
# namespace: open-cluster-management
# argoProject: hub
# chart: acm
# chartVersion: 0.2.*
credentials:
name: pattern-credentials
namespace: cluster-provisioning
argoProject: infrastructure
path: charts/all/pattern-credentials
annotations:
argocd.argoproj.io/sync-wave: "50"
oauth:
disabled: false
name: oauth
namespace: openshift-config
argoProject: hub
path: charts/all/oauth
annotations:
argocd.argoproj.io/sync-wave: "50"
groupsync:
disabled: false
name: groupsync
namespace: group-sync-operator
argoProject: hub
path: charts/all/groupsync
annotations:
argocd.argoproj.io/sync-wave: "60"
hypershift-cli:
disabled: false
name: hcp-cli
namespace: cluster-provisioning
argoProject: infrastructure
path: charts/all/hcp-cli
kubelet-config:
disabled: false
name: kubelet-config
namespace: openshift-machine-config-operator
argoProject: hub
path: charts/all/kubelet-config
# Terminal wave: KubeletConfig triggers MCO node reconcile and must not run until
# hub workloads above (Vault, ESO, routes, etc.) are healthy.
annotations:
argocd.argoproj.io/sync-wave: "999"
ignoreDifferences:
- group: machineconfiguration.openshift.io
kind: KubeletConfig
jqPathExpressions:
- .metadata.annotations
imperative:
# NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm
# The default schedule is every 10 minutes: imperative.schedule
# Total timeout of all jobs is 1h: imperative.activeDeadlineSeconds
# imagePullPolicy is set to always: imperative.imagePullPolicy
# For additional overrides that apply to the jobs, please refer to
# https://hybrid-cloud-patterns.io/imperative-actions/#additional-job-customizations
namespace: imperative
jobs:
- name: hello-world
# ansible playbook to be run
playbook: rhvp.cluster_utils.hello_world
# per playbook timeout in seconds
timeout: 234
# verbosity: "-v"
managedClusterGroups:
exampleRegion:
name: group-one
acmlabels:
- name: clusterGroup
value: group-one
helmOverrides:
- name: clusterGroup.isHubCluster
value: false