X-Git-Url: https://gerrit.nordix.org/gitweb?p=infra%2Fstack%2Fkubernetes.git;a=blobdiff_plain;f=apps%2Fspinnaker%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftemplates%2Fvalues.yaml.j2;fp=apps%2Fspinnaker%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftemplates%2Fvalues.yaml.j2;h=8d88583d592fa90baf474fabd615af23a000e39d;hp=0000000000000000000000000000000000000000;hb=a1e1f40e71a48d8c5315f37999b9123c7ea908ab;hpb=20d34e772e021fabdee0aa9b50e9804a80d5108a diff --git a/apps/spinnaker/kubespray/playbooks/roles/install/templates/values.yaml.j2 b/apps/spinnaker/kubespray/playbooks/roles/install/templates/values.yaml.j2 new file mode 100644 index 0000000..8d88583 --- /dev/null +++ b/apps/spinnaker/kubespray/playbooks/roles/install/templates/values.yaml.j2 @@ -0,0 +1,308 @@ +halyard: + spinnakerVersion: {{ spinnaker_app_version }} + image: + repository: {{ gcrio_image_repository }}/spinnaker-marketplace/halyard + tag: {{ spinnaker_version }} + pullSecrets: [] + # Set to false to disable persistence data volume for halyard + persistence: + enabled: false + # Provide a config map with Hal commands that will be run the core config (storage) + # The config map should contain a script in the config.sh key + additionalScripts: + enabled: false + configMapName: my-halyard-config + configMapKey: config.sh + # If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap + # The content will be passed through `tpl`, so value interpolation is supported. + create: false + data: {} + additionalSecrets: + create: false + data: {} + ## Uncomment if you want to use a pre-created secret rather than feeding data in via helm. + # name: + additionalConfigMaps: + create: false + data: {} + ## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm. + # name: + ## Define custom profiles for Spinnaker services. Read more for details: + ## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles + ## The contents of the files will be passed through `tpl`, so value interpolation is supported. + additionalProfileConfigMaps: + data: {} + ## if you're running spinnaker behind a reverse proxy such as a GCE ingress + ## you may need the following profile settings for the gate profile. + ## see https://github.com/spinnaker/spinnaker/issues/1630 + ## otherwise its harmless and will likely become default behavior in the future + ## According to the linked github issue. + # gate-local.yml: + # server: + # tomcat: + # protocolHeader: X-Forwarded-Proto + # remoteIpHeader: X-Forwarded-For + # internalProxies: .* + # httpsServerPort: X-Forwarded-Port + + ## Define custom settings for Spinnaker services. Read more for details: + ## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings + ## You can use it to add annotations for pods, override the image, etc. + additionalServiceSettings: {} + # deck.yml: + # artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808 + # kubernetes: + # podAnnotations: + # iam.amazonaws.com/role: + # clouddriver.yml: + # kubernetes: + # podAnnotations: + # iam.amazonaws.com/role: + + ## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details: + ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem + bom: ~ + # artifactSources: + # debianRepository: https://dl.bintray.com/spinnaker-releases/debians + # dockerRegistry: gcr.io/spinnaker-marketplace + # gitPrefix: https://github.com/spinnaker + # googleImageProject: marketplace-spinnaker-release + # services: + # clouddriver: + # commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5 + # version: 6.3.0-20190904130744 + # deck: + # commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a + # version: 2.12.0-20190916141821 + # ... + # timestamp: '2019-09-16 18:18:44' + # version: 1.16.1 + + ## Define local configuration for Spinnaker services. + ## The contents of these files would be copies of the configuration normally retrieved from + ## `gs://halconfig/`, but instead need to be available locally on the halyard pod to facilitate + ## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a + ## service version. + ## Read more for details: + ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem + ## The key for each entry must be the name of the service and a file name separated by the '_' character. + serviceConfigs: {} + # clouddriver_clouddriver-ro.yml: |- + # ... + # clouddriver_clouddriver-rw.yml: |- + # ... + # clouddriver_clouddriver.yml: |- + # ... + # deck_settings.json: |- + # ... + # echo_echo.yml: |- + # ... + + ## Uncomment if you want to add extra commands to the init script + ## run by the init container before halyard is started. + ## The content will be passed through `tpl`, so value interpolation is supported. + # additionalInitScript: |- + + ## Uncomment if you want to add annotations on halyard and install-using-hal pods + # annotations: + # iam.amazonaws.com/role: + + ## Uncomment the following resources definitions to control the cpu and memory + # resources allocated for the halyard pod + resources: {} + # requests: + # memory: "1Gi" + # cpu: "100m" + # limits: + # memory: "2Gi" + # cpu: "200m" + + ## Uncomment if you want to set environment variables on the Halyard pod. + # env: + # - name: JAVA_OPTS + # value: -Dhttp.proxyHost=proxy.example.com + customCerts: + ## Enable to override the default cacerts with your own one + enabled: false + secretName: custom-cacerts + +# Define which registries and repositories you want available in your +# Spinnaker pipeline definitions +# For more info visit: +# https://www.spinnaker.io/setup/providers/docker-registry/ + +# Configure your Docker registries here +dockerRegistries: +- name: dockerhub + address: index.docker.io + repositories: + - library/alpine + - library/ubuntu + - library/centos + - library/nginx +# - name: gcr +# address: https://gcr.io +# username: _json_key +# password: '' +# email: 1234@5678.com + +# If you don't want to put your passwords into a values file +# you can use a pre-created secret instead of putting passwords +# (specify secret name in below `dockerRegistryAccountSecret`) +# per account above with data in the format: +# : + +# dockerRegistryAccountSecret: myregistry-secrets + +kubeConfig: + # Use this when you want to register arbitrary clusters with Spinnaker + # Upload your ~/kube/.config to a secret + enabled: false + secretName: my-kubeconfig + secretKey: config + # Use this when you want to configure halyard to reference a kubeconfig from s3 + # This allows you to keep your kubeconfig in an encrypted s3 bucket + # For more info visit: + # https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3 + # encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig + # List of contexts from the kubeconfig to make available to Spinnaker + contexts: + - default + deploymentContext: default + omittedNameSpaces: + - kube-system + - kube-public + onlySpinnakerManaged: + enabled: false + + # When false, clouddriver will skip the permission checks for all kubernetes kinds at startup. + # This can save a great deal of time during clouddriver startup when you have many kubernetes + # accounts configured. This disables the log messages at startup about missing permissions. + checkPermissionsOnStartup: true + + # A list of resource kinds this Spinnaker account can deploy to and will cache. + # When no kinds are configured, this defaults to ‘all kinds'. + # kinds: + # - + + # A list of resource kinds this Spinnaker account cannot deploy to or cache. + # This can only be set when –kinds is empty or not set. + # omittedKinds: + # - + +# Change this if youd like to expose Spinnaker outside the cluster +ingress: + enabled: false + # host: spinnaker.example.org + # annotations: + # ingress.kubernetes.io/ssl-redirect: 'true' + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # tls: + # - secretName: -tls + # hosts: + # - domain.com + +ingressGate: + enabled: false + # host: gate.spinnaker.example.org + # annotations: + # ingress.kubernetes.io/ssl-redirect: 'true' + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # tls: + # - secretName: -tls + # hosts: + # - domain.com + +# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable +# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit +# spinnakerFeatureFlags: +# - artifacts +# - pipeline-templates +spinnakerFeatureFlags: + - artifacts + - jobs + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +# nodeSelector to provide to each of the Spinnaker components +nodeSelector: {} + +# Redis password to use for the in-cluster redis service +# Enable redis to use in-cluster redis +redis: + enabled: true + # External Redis option will be enabled if in-cluster redis is disabled + external: + host: "" + port: 6379 + # password: "" + password: password + nodeSelector: {} + cluster: + enabled: false +# Uncomment if you don't want to create a PVC for redis + master: + persistence: + enabled: false + +# Minio access/secret keys for the in-cluster S3 usage +# Minio is not exposed publically +minio: + enabled: true + imageTag: RELEASE.2019-02-13T19-48-27Z + serviceType: ClusterIP + accessKey: spinnakeradmin + secretKey: spinnakeradmin + bucket: "spinnaker" + nodeSelector: {} +# Uncomment if you don't want to create a PVC for minio + persistence: + enabled: false + +# Google Cloud Storage +gcs: + enabled: false + project: my-project-name + bucket: "" + ## if jsonKey is set, will create a secret containing it + jsonKey: '' + ## override the name of the secret to use for jsonKey, if `jsonKey` + ## is empty, it will not create a secret assuming you are creating one + ## external to the chart. the key for that secret should be `key.json`. + secretName: + +# AWS Simple Storage Service +s3: + enabled: false + bucket: "" + # rootFolder: "front50" + # region: "us-east-1" + # endpoint: "" + # accessKey: "" + # secretKey: "" + # assumeRole: "" + +# Azure Storage Account +azs: + enabled: false +# storageAccountName: "" +# accessKey: "" +# containerName: "spinnaker" + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccounts to use. + # If left blank it is auto-generated from the fullname of the release + halyardName: + spinnakerName: +securityContext: + # Specifies permissions to write for user/group + runAsUser: 1000 + fsGroup: 1000