generated from AMRC-FactoryPlus/acs-template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
values.yaml
447 lines (420 loc) · 13.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
acs:
# -- The organisation where ACS is being deployed
organisation: AMRC
# -- The base URL that services will be served from
baseUrl: factoryplus.myorganisation.com
# -- Whether or not services should be served over HTTPS
secure: true
letsEncrypt:
# -- Whether or not to use Let's Encrypt to automatically generate
# certificates for the services
enabled: false
# -- The email address to use for Let's Encrypt
email: ''
# -- Whether or not to use the staging environment for Let's Encrypt
staging: false
# -- The name of the secret holding the wildcard certificate for the
# above domain. It will be used for every service unless that service
# specifies its own tlsSecretName.
tlsSecretName: factoryplus-tls
cacheMaxAge: 300
# -- Image pull secrets for container images
imagePullSecrets: []
# -- An optional tag that will force images to use this version
# regardless of the version in the Helm chart. Each component can
# further override this value by setting the `tag` property in its
# own section. Deployments from a Git checkout must set this value.
#defaultTag: ''
identity:
# -- Whether or not to enable the Identity component
enabled: true
# -- The Kerberos realm for this Factory+ deployment.
realm: FACTORYPLUS.MYORGANISATION.COM
# -- Kerberos UPNs to grant kadmin access. This needs to be list of
# objects with 'principal', 'permission' and (optionally)
# 'restrictions' properties; see the kadmin documentation for their
# meaning.
kadminUsers: []
# -- Enable support for cross-realm authentication
crossRealm: [ ]
# crossRealm:
# - realm: MYOTHERREALM.COM
# domain: myotherrealm.com
# otherDomains:
# - myotherrealm.org
# - myotherrealm.net
identity:
image:
# -- The registry of the Identity component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Identity component
repository: acs-identity
pullPolicy: IfNotPresent
# If this is set to true, the kdb-init container will not set up the
# KDB but will sit and wait. This can be used to halt startup of the
# KDC until a restore from backup can be performed. Be aware that
# this will halt startup of the KDC every time the pod starts until
# the setting is changed.
manualInit: false
krbKeysOperator:
# -- A comma-separated list of namespaces that the KerberosKey Operator should watch for KerberosKey resources in. Defaults to the release namespace if not specified
namespaces: ""
image:
# -- The registry of the KerberosKey Operator
registry: ghcr.io/amrc-factoryplus
# -- The repository of the KerberosKey Operator
repository: acs-krb-keys-operator
pullPolicy: IfNotPresent
auth:
# -- Whether or not to enable the Authorisation component
enabled: true
image:
# -- The registry of the Authorisation component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Authorisation component
repository: acs-auth
pullPolicy: IfNotPresent
verbosity: "ALL,!service,!token,!query"
directory:
# -- Whether or not to enable the Directory component
enabled: true
image:
# -- The registry of the Directory component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Directory component
repository: acs-directory
pullPolicy: IfNotPresent
configdb:
# -- Whether or not to enable the Configuration Store component
enabled: true
image:
# -- The registry of the Configuration Store component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Configuration Store component
repository: acs-configdb
pullPolicy: IfNotPresent
bodyLimit: 100kb
monitor:
enabled: true
image:
registry: ghcr.io/amrc-factoryplus
repository: acs-monitor
pullPolicy: IfNotPresent
verbosity: "ALL,!service,!token"
# -- The service-setup component loads ACS-specific configuration into
# the ACS services when the Helm chart is deployed or upgraded.
serviceSetup:
enabled: true
image:
registry: ghcr.io/amrc-factoryplus
repository: acs-service-setup
pullPolicy: IfNotPresent
# This section overrides the classes etc. installed into the ConfigDB
config:
# Git repos to create in the on-prem server. These may be
# automatically mirrored from external repos, or populated by the
# service setup job.
repoMirror:
helm:
name: Edge Helm charts
pull: {}
# Helm charts to deploy to the edge; these default to the charts
# created automatically but can be overridden to customise
helmChart:
# Chart to deploy an edge cluster
#cluster: null
edgeHelm:
enabled: true
image:
registry: ghcr.io/amrc-factoryplus
repository: edge-helm-charts
pullPolicy: IfNotPresent
repoPath: shared/helm
mqtt:
# -- Whether or not to enable the MQTT component
enabled: true
image:
# -- The registry of the MQTT component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the MQTT component
repository: acs-mqtt
pullPolicy: IfNotPresent
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: 0
unsIngesters:
sparkplug:
enabled: true
image:
# -- The registry of the MQTT component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the MQTT component
repository: uns-ingester-sparkplug
pullPolicy: IfNotPresent
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
verbosity: 0
visualiser:
enabled: true
image:
# -- The registry of the MQTT component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the MQTT component
repository: acs-visualiser
pullPolicy: IfNotPresent
manager:
# -- Whether or not to enable the Manager component
enabled: true
image:
# -- The registry of the Manager component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Manager component
repository: acs-manager
pullPolicy: IfNotPresent
edge:
# -- The registry of the Edge Agent component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Edge Agent component
repository: acs-edge
meilisearch:
# -- The key that the manager uses to connect to the Meilisearch search engine
key: masterKey
image:
registry: docker.io
repository: getmeili/meilisearch
tag: v0.30.0
pullPolicy: IfNotPresent
# -- A string used to customise the branding of the manager
name: Factory+ Manager
# -- The environment that the manager is running in
env: production
# -- Whether debug mode is enabled. DO NOT USE THIS IN PRODUCTION.
debug: false
# -- The minimum log level that the manager will log messages at
logLevel: warning
cmdesc:
# -- Whether or not to enable the Commands component
enabled: true
image:
# -- The registry of the Commands component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Commands component
repository: acs-cmdesc
pullPolicy: IfNotPresent
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: 1
historians:
uns:
enabled: false
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
# -- The number of messages to batch together before sending to InfluxDB
batchSize: 5000
# -- Send all buffered messages after this amount of time has elapsed if the buffer is not full (in milliseconds)
flushInterval: 10000
image:
# -- The registry of the Warehouse component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the UNS Historian component
repository: historian-uns
pullPolicy: IfNotPresent
sparkplug:
enabled: true
# -- The minimum log level that the historian will log messages at (One of 'fatal', 'error', 'warn', 'info', 'debug', 'trace' or 'silent'.)
logLevel: info
# -- The number of messages to batch together before sending to InfluxDB
batchSize: 5000
# -- Send all buffered messages after this amount of time has elapsed if the buffer is not full (in milliseconds)
flushInterval: 10000
image:
# -- The registry of the Warehouse component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Warehouse component
repository: historian-sparkplug
pullPolicy: IfNotPresent
git:
# -- Whether or not to enable the Git component
enabled: true
image:
# -- The registry of the Git component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Git component
repository: acs-git
pullPolicy: IfNotPresent
# -- Possible values are either 1 to enable all possible debugging, or a comma-separated list of debug tags (the tags printed before the log lines). No logging is specified as an empty string.
verbosity: "ALL,!service,!token"
clusterManager:
# -- Whether or not to enable the Cluster Manager component
enabled: true
image:
# -- The registry of the Clusters component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Clusters component
repository: acs-cluster-manager
pullPolicy: IfNotPresent
verbosity: "ALL,!service,!token"
admin:
# -- Whether or not to enable the Admin component
enabled: true
image:
# -- The registry of the Admin component
registry: ghcr.io/amrc-factoryplus
# -- The repository of the Admin component
repository: acs-admin
pullPolicy: IfNotPresent
shell:
image:
registry: ghcr.io/amrc-factoryplus
repository: acs-krb-utils
tag: v0.0.1
pullPolicy: IfNotPresent
# XXX This should probably be included in acs-krb-utils
curl:
image:
registry: docker.io
repository: appropriate/curl
tag: latest
pullPolicy: IfNotPresent
minio:
# -- Whether or not to enable MinIO
enabled: true
# -- Whether or not to expose the MinIO console outside of the cluster
exposeConsole: false
postgres:
# -- Whether or not to enable Postgres
enabled: true
# Postgres image to use. DO NOT change major version on an
# existing installation without being prepared to handle database
# dump/restore manually.
image:
registry: docker.io/library
repository: postgres
tag: 16.1
# Kubegres doesn't support setting pullPolicy
kubegres:
kubeProxy:
image:
registry: gcr.io
repository: kubebuilder/kube-rbac-proxy
tag: v0.13.0
pullPolicy: IfNotPresent
kubegres:
image:
registry: docker.io
repository: reactivetechio/kubegres
tag: 1.16
pullPolicy: IfNotPresent
traefik:
enabled: true
ports:
mqtt:
port: 1883
expose: false
exposedPort: 1883
protocol: TCP
mqttsecure:
port: 8883
expose: true
exposedPort: 8883
protocol: TCP
kdc:
port: 8888
expose: true
exposedPort: 88
protocol: TCP
kpasswd:
port: 8464
expose: true
exposedPort: 464
protocol: TCP
kadmin:
port: 8749
expose: true
exposedPort: 749
protocol: TCP
additionalArguments:
- --metrics.prometheus=true
- --serverstransport.insecureskipverify=true
ingressRoute:
dashboard:
enabled: false
# -- [AZURE] Enable the below section to expose your instance of Factory+/ACS over the internet, replacing the <Value>
# -- tags with the details of your pre-configured load balancer.
service:
spec:
loadBalancerIP: <External IP address here>
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: <Load Balancer Resource Group here>
providers:
kubernetesCRD:
allowCrossNamespace: true
logs:
general:
level: DEBUG
grafana:
deploymentStrategy:
type: Recreate
image:
tag: 10.0.1
enabled: true
persistence:
enabled: true
envFromSecret: influxdb-auth
admin:
existingSecret: grafana-admin-user
grafana.ini:
auth.basic:
enabled: false
auth.proxy:
enabled: true
header_name: X-Auth-Principal
header_property: username
auto_sign_up: true
sidecar:
datasources:
enabled: true
label: grafana_datasource
initDatasources: true
dashboards:
enabled: true
provider:
folder: 'Factory+'
disableDelete: true
searchNamespace: ALL
tenant:
tenant:
name: fplus-minio-core
# Disable TLS on the MinIO level because we terminate TLS at Traefik
certificate:
externalCaCertSecret: { }
externalCertSecret: { }
requestAutoCert: false
certConfig: { }
pools:
- servers: 1
name: pool-0
volumesPerServer: 1
size: 20Gi
## List of bucket names to create during tenant provisioning
buckets:
- name: "device-configurations"
- name: "device-connections"
- name: "edge-agent-configs"
## List of secret names to use for generating MinIO users during tenant provisioning
users:
- name: "manager-minio-secret"
influxdb2:
enabled: true
adminUser:
organization: default
existingSecret: influxdb-auth
initScripts:
enabled: true
scripts:
init.sh: |+
#!/bin/bash
echo "Creating mapping for bucket ${DOCKER_INFLUXDB_INIT_BUCKET_ID} in org ${DOCKER_INFLUXDB_INIT_ORG}"
influx v1 dbrp create --bucket-id ${DOCKER_INFLUXDB_INIT_BUCKET_ID} --db default --rp default --default --org ${DOCKER_INFLUXDB_INIT_ORG}
pdb:
create: false
cert-manager:
fullnameOverride: "cert-manager"