Complete Configurations
Below you'll find all the available configurations for AHD Commons, with the relative default values.
# Default values for commons.
# This is a YAML-formatted file.
# -- ecrCredentials
# Automation to enable pulling AWS Elastic Container Registry private images
# @default -- See `values.yaml`
ecrCredentials:
# -- Install ECR Credentials
enabled: true
# -- Access Key ID of the AWS IAM User
accessKey: ""
# -- Secret Access Key ID of the AWS IAM User
secretKey: ""
# -- Kubernetes Secret Name for Docker Registry Credentials
ecrSecretName: aws-ecr-regcred
# @ignored AWS account ID for smeup LAB
awsAccount: "100076361442"
# @ignored AWS region for smeup LAB private images
awsRegion: "eu-south-1"
# @ignored Pod Security Context
podSecurityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
# -- Telemetry
# @default -- See `values.yaml`
telemetry:
enabled: false
image:
repository: "100076361442.dkr.ecr.eu-south-1.amazonaws.com/ahd-telemetry-agent"
tag: 1.0.1
# -- Telemetry Agent config
# @default -- See `values.yaml`
cfg:
collector:
configuration:
enabled: true
scrape_interval_minutes: 180
system:
enabled: true
scrape_interval_minutes: 180
exporter:
http:
enabled: true
iam_sign: true
logger:
enabled: true
log:
encoding: json
level: info
stacktrace: true
middleware:
cache:
enabled: true
metadata:
enabled: true
# -- Telemetry Agent Environment Variables
envs: []
# -- CSI Driver SMB
# Required to enable samba mounts
# @default -- See `values.yaml`
csiDriverSmb:
# -- Enable CSI Driver SMB
enabled: false
# -- Define custom shares (network mounts)
# NOTE: webup shares should not be defined here, but in the webup chart instead.
shares: []
# ALWAYS use different names for your shares!
# - name: share1
# device: 172.16.2.19/smeup
# user: user1
# password: pwd1
# domain: domain1
# - name: share2
# device: 10.250.0.10/test
# user: user2
# password: pwd2
# domain: domain2
# @ignored csi driver smb chart overrides
csi-driver-smb:
feature:
enableInlineVolume: false
# -- Traefik TLS ingress
# @default -- See `values.yaml`
traefik:
# -- Install Traefik chart
# Note: Only required if Traefik is not already installed
install: false
# -- Install Traefik middlewares and TLSOption
installMiddleware: true
# -- Traefik TLS configurations
tls:
# -- base64 of certificate
crt: ""
# -- base64 of key
key: ""
# @ignored Traefik Helm Chart configurations
ingressRoute:
dashboard:
enabled: false
# @ignored Traefik service configurations
service:
annotations: {}
# -- EXAMPLE AWS SPECIFIC ANNOTATIONS --
# -- IF YOU CHANGE THESE CONFIGURATIONS AFTER THE FIRST APPLY YOU WILL NEED TO DELETE THE LOADBALANCER SVC AND RECREATE IT --
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <Replace this with your certificate ARN>
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
# service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
# --------------------------------------
# -- Local path provisioner - enable only in k3s environments
localPathProvisioner:
# -- Enable retain to create the "local-path-retain" storageClass
# set to "false" in non-k3s environments
enableRetain: true
# -- AWS ElasticFileSystem (EFS) - enable only in EKS environments
# @default -- See `values.yaml`
efs:
# -- Enable EFS to create a custom storage class
enabled: false
# -- The name of the storage class
storageClassName: efs-sc
# -- (string) the filesystem ID
fileSystemId:
# -- Grafana configurations
# @default -- See `values.yaml`
grafana:
# -- Install the Grafana helm chart
enabled: false
# -- Username for Web Console login
adminUser: smeup
# -- Password for Web Console login **CHANGE IF EXPOSED**
adminPassword: smeup
# -- Grafana ingress configurations
# @default -- Traefik compatible configurations, see `values.yaml`
ingress:
enabled: true
hosts: []
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
path: /grafana
# @ignored Grafana root url configurations
grafana.ini:
server:
root_url: http://localhost:3000/grafana
serve_from_sub_path: true
# @ignored Enable grafana persistence, do not modify
persistence:
enabled: true
# @ignored Grafana default data sources, do not modify
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
uid: prometheus
url: http://{{ .Release.Name }}-prometheus-server:80
isDefault: true
- name: Loki
type: loki
uid: loki
url: http://{{ .Release.Name }}-loki:3100
# @ignored Grafana custom dashboards configmaps
dashboardsConfigMaps:
data: "data-dashboards"
# @ignored Grafana dashboards
dashboards:
default:
nodeexporter:
gnetId: 1860
revision: 37
datasource: Prometheus
# @ignored Grafana dashboard Providers
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
disableDeletion: false
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards
# -- Loki configuration
# @default -- See `values.yaml`
loki:
# -- Install the Loki Helm Chart
enabled: false
# @ignored Loki Chart values, do not modify
deploymentMode: SingleBinary
singleBinary:
replicas: 1
gateway:
enabled: false
lokiCanary:
enabled: false
test:
enabled: false
loki:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3100"
prometheus.io/path: /metrics
ingester:
chunk_encoding: snappy
querier:
max_concurrent: 2
server:
log_level: warn
compactor:
delete_request_store: filesystem
working_directory: /var/loki/compactor
retention_enabled: true
retention_delete_delay: 2h
limits_config:
retention_period: 14d
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: 2024-04-01
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: loki_index_
period: 24h
storage:
type: 'filesystem'
auth_enabled: false
chunksCache:
enabled: false
resultsCache:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
# @ignored Promtail configurations, do not modify unless you know what you're doing
promtail:
config:
clients:
- url: http://{{ .Release.Name }}-loki:3100/loki/api/v1/push
# Log Level for promtail's own logs (and not for the logs it collects)
logLevel: warn
# -- Prometheus Configurations
# @default -- See 'values.yaml'
prometheus:
# -- Install Prometheus
enabled: false
# @ignored disable alertmanager
alertmanager:
enabled: false
# @ignored disable pushgateway
# may need to enable to monitor ECR token refresh jobs
prometheus-pushgateway:
enabled: false
server:
persistentVolume:
size: 10Gi
# retention period
retention: "15d"
## Prometheus' data retention size. Supported units: B, KB, MB, GB, TB, PB, EB.
retentionSize: "10GB"
# -- @ignored Prometheus exporter for MongoDB
prometheus-mongodb-exporter:
# -- Enable MongoDB exporter
enabled: false
existingSecret:
name: "mongodb-creds"
key: "uri"
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9216"
prometheus.io/path: /metrics
# -- @ignored Prometheus exporter for PostgreSQL
prometheus-postgres-exporter:
# -- Enable PostgreSQL exporter
enabled: false
config:
datasource:
host: postgres-svc
database: postgres
userSecret:
name: postgres-creds
key: username
passwordSecret:
name: postgres-creds
key: password
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
prometheus.io/path: /metrics
# -- ArgoCD Configurations
# @default -- See 'values.yaml'
argo-cd:
# -- Install ArgoCD
enabled: false
# @ignored Disable DEX Server
dex:
enabled: false
# @ignored Disable Notifications server
notifications:
enabled: false
# @ignored enable controller metrics
controller:
metrics:
enabled: true
# @ignored enable repoServer metrics
repoServer:
metrics:
enabled: true
# @igored enable applicationSet metrics
applicationSet:
metrics:
enabled: true
# @ignored enable redis metrics
redis:
metrics:
enabled: true
# -- ArgoCD Chart configs
# @default -- See 'values.yaml'
configs:
params:
server.rootpath: "/argocd"
server.insecure: true
repositories:
smartkit:
url: "https://repo.smeup.cloud/nexus/repository/smartkit"
name: "smartkit"
type: "helm"
# -- Create new argocd user
cm:
# accounts.<name>: <capabilities>
# There are 2 capabilities apiKey and login
accounts.readonly: login,apiKey
# -- RBAC policy configuration
rbac:
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
policy.csv: ''
# E.g. define a readonly account
# policy.csv: |
# p, role:readonly, applications, get, */*, allow
# p, role:readonly, repositories, get, *, allow
# p, role:readonly, logs, get, */*, allow
# p, role:readonly, exec, get, */*, allow
# p, role:readonly, projects, get, *, allow
# p, role:readonly, clusters, get, *, allow
# g, ReadOnly, role:readonly
# -- Provide configurations to connect argocd with one or more external cluster
clusterCredentials: {}
# my-cluster-1:
# server: https://<ip>:6443
# labels: {}
# annotations: {}
# config:
# bearerToken: "<bearer token service account>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- ArgoCD Server configs
# @default -- See 'values.yaml'
server:
metrics:
enabled: true
ingress:
enabled: true
annotations:
# default annotations for HTTPS ingress
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
# comment the above annotations and uncomment the one below for HTTP ingress
# traefik.ingress.kubernetes.io/router.entrypoints: web
extraRules:
- http:
paths:
- path: /argocd
pathType: Prefix
backend:
service:
name: '{{ include "argo-cd.server.fullname" . }}'
port:
name: '{{ .Values.server.service.servicePortHttpName }}'
# -- Create a service account for remote management by external ArgoCD instance
# Note: this is outside of `argo-cd` field
createArgoCDServiceAccount: true