-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathvalues.yaml
188 lines (173 loc) · 5.97 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Default values for profiles-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount:
default: 1
blobcsi: 1
cloudmain: 1
gitea: 0
giteab: 0
s3proxy: 0
trino: 1
trinoschema: 1
extraEnv:
- name: REQUEUE_TIME
value: "5"
image:
repository: k8scc01covidacr.azurecr.io/profiles-controller
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: 77790103821f86290927d0dfad43ad1ccb4d9e72
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
components:
rbac:
# List of groups to assign support role to within a profile
supportGroups: []
giteaUnclassified:
envFrom:
- secretRef:
name: "gitea-postgres-connection-unclassified"
env:
- name: GITEA_CLASSIFICATION
value: "unclassified"
- name: GITEA_SERVICE_URL
value: "gitea-unclassified-http"
- name: GITEA_URL_PREFIX
value: "gitea-unclassified"
- name: GITEA_SERVICE_PORT
value: 80
- name: GITEA_BANNER_CONFIGMAP_NAME
value: "gitea-banner-unclassified"
- name: GITEA_ARGOCD_NAMESPACE
value: "profiles-argocd-system"
- name: GITEA_ARGOCD_SOURCE_REPO_URL
value: https://github.com/StatCan/aaw-argocd-manifests.git
- name: GITEA_ARGOCD_SOURCE_TARGET_REVISION
value: "aaw-dev-cc-00"
- name: GITEA_ARGOCD_SOURCE_PATH
value: "profiles-argocd-system/template/gitea/unclassified"
- name: GITEA_ARGOCD_PROJECT
value: "default"
- name: GITEA_SOURCE_CONTROL_ENABLED_LABEL
value: "sourcecontrol.statcan.gc.ca/enabled"
- name: GITEA_KUBEFLOW_ROOT_URL
value: "https://kubeflow.aaw-dev.cloud.statcan.ca"
giteaProtectedB:
envFrom:
- secretRef:
name: "gitea-postgres-connection-protected-b"
env:
- name: GITEA_CLASSIFICATION
value: "protected-b"
- name: GITEA_SERVICE_URL
value: "gitea-protected-b-http"
- name: GITEA_URL_PREFIX
value: "gitea-protected-b"
- name: GITEA_SERVICE_PORT
value: 80
- name: GITEA_BANNER_CONFIGMAP_NAME
value: "gitea-banner-protected-b"
- name: GITEA_ARGOCD_NAMESPACE
value: "profiles-argocd-system"
- name: GITEA_ARGOCD_SOURCE_REPO_URL
value: https://github.com/StatCan/aaw-argocd-manifests.git
- name: GITEA_ARGOCD_SOURCE_TARGET_REVISION
value: "aaw-dev-cc-00"
- name: GITEA_ARGOCD_SOURCE_PATH
value: "profiles-argocd-system/template/gitea/protected-b"
- name: GITEA_ARGOCD_PROJECT
value: "default"
- name: GITEA_SOURCE_CONTROL_ENABLED_LABEL
value: "sourcecontrol.statcan.gc.ca/enabled"
- name: GITEA_KUBEFLOW_ROOT_URL
value: "https://kubeflow.aaw-dev.cloud.statcan.ca"
blobcsi:
config: |
{"name": "unclassified", "classification": "unclassified", "secretRef": "aawdevcc00samgpremium/azure-blob-csi-system", "capacity": 10, "readOnly": false, "owner": "AAW"}
{"name": "unclassified-ro", "classification": "protected-b", "secretRef": "aawdevcc00samgpremium/azure-blob-csi-system", "capacity": 10, "readOnly": true, "owner": "AAW"}
{"name": "protected-b", "classification": "protected-b", "secretRef": "aawdevcc00samgprotb/azure-blob-csi-system", "capacity": 10, "readOnly": false, "owner": "AAW"}
envFrom:
- secretRef:
name: "azure-blob-csi-fdi-unclassified"
- secretRef:
name: "azure-blob-csi-fdi-protected-b"
env:
- name: BLOB_CSI_FDI_UNCLASS_SPN_SECRET_NAMESPACE
value: "azure-blob-csi-system"
- name: BLOB_CSI_FDI_UNCLASS_PV_STORAGE_CAP
value: 10
- name: BLOB_CSI_FDI_UNCLASS_AZURE_STORAGE_AUTH_TYPE
value: "spn"
- name: BLOB_CSI_FDI_PROTECTED_B_SPN_SECRET_NAMESPACE
value: "azure-blob-csi-system"
- name: BLOB_CSI_FDI_PROTECTED_B_PV_STORAGE_CAP
value: 10
- name: BLOB_CSI_FDI_PROTECTED_B_AZURE_STORAGE_AUTH_TYPE
value: "spn"
s3proxy:
env:
- name: S3PROXY_ARGOCD_NAMESPACE
value: profiles-argocd-system
- name: S3PROXY_ARGOCD_SOURCE_REPO_URL
value: https://github.com/StatCan/aaw-argocd-manifests.git
- name: S3PROXY_ARGOCD_SOURCE_TARGET_REVISION
value: aaw-dev-cc-00
- name: S3PROXY_ARGOCD_SOURCE_PATH
value: profiles-argocd-system/template/s3proxy
- name: S3PROXY_ARGOCD_PROJECT
value: default
- name: S3PROXY_KUBEFLOW_ROOT_URL
value: https://kubeflow.aaw-dev.cloud.statcan.ca
- name: S3PROXY_KUBEFLOW_PREFIX
value: s3
trinoschema:
env:
- name: TRINO_UNCLASSIFIED_SCHEMA_NAME
value: unclassified
- name: TRINO_PROTECTEDB_SCHEMA_NAME
value: protb
- name: TRINO_STORAGE_ACCOUNT_PREFIX
value: aawdevcc00
- name: TRINO_UNCLASSIFIED_CLUSTER_URL
value: https://trino.aaw-dev.cloud.statcan.ca/v1/statement
- name: TRINO_PROTECTEDB_CLUSTER_URL
value: https://trino-protb.aaw-dev.cloud.statcan.ca/v1/statement
- name: TRINO_UNCLASSIFIED_SA
value: samgpremium
- name: TRINO_PROTECTEDB_SA
value: samgprotb