-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yaml
119 lines (105 loc) · 4.23 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
metal_check_api_available: yes
metal_helm_chart_local_path:
metal_helm_chart_timeout: "600s"
metal_set_resource_limits: yes
metal_check_api_health_endpoint: https://{{ metal_api_ingress_dns }}{{ metal_api_base_path }}v1/health
metal_log_level: info
metal_log_encoding: json
# metalctl
metal_metalctl_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
# service ports
metal_api_port: 8080
metal_api_grpc_port: 50051
metal_api_metrics_port: 2112
metal_masterdata_api_port: 8443
metal_masterdata_api_metrics_port: 2113
metal_console_port: 10001
# metal-api
metal_api_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
metal_api_replicas: 3
metal_api_hpa_enabled: false
metal_api_hpa_max: 5
metal_api_hpa_min: 3
metal_api_hpa_cpu_percentage: 70
metal_api_base_path: "/metal/"
metal_api_dex_address: ""
metal_api_dex_clientid: ""
metal_api_db_address: metal-db
metal_api_db_password: change-me
metal_api_ipam_grpc_server_endpoint: http://ipam:9090
metal_api_nsq_tcp_address: "{{ metal_control_plane_ingress_dns }}:4150"
metal_api_nsq_http_address: "nsqd:4151"
metal_api_nsq_lookupd_address: "nsq-lookupd:4161"
metal_api_nsq_tls_enabled: true
metal_api_nsq_tls_secret_name: nsqd
metal_api_grpc_tls_enabled: true
metal_api_bmc_superuser_enabled: false
metal_api_bmc_superuser_pwd: change-me
metal_api_view_key: change-me
metal_api_edit_key: change-me
metal_api_admin_key: change-me
metal_api_sizes: []
metal_api_images: []
metal_api_partitions: []
metal_api_networks: []
metal_api_ips: []
metal_api_filesystemlayouts: []
metal_api_sizeimageconstraints: []
metal_api_size_reservations: []
metal_api_resources:
metal_api_s3_enabled: false
metal_api_s3_address:
metal_api_s3_key:
metal_api_s3_secret:
metal_api_s3_firmware_bucket:
metal_api_password_reason_minlength:
metal_api_release_version: "{{ metal_stack_release_version }}"
minimum_client_version: "{{ metalctl_version }}"
# masterdata-api
metal_masterdata_api_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
metal_masterdata_api_db_address: masterdata-db
metal_masterdata_api_db_port: 5432
metal_masterdata_api_db_name: masterdata
metal_masterdata_api_db_user: postgres
metal_masterdata_api_db_password: change-me
metal_masterdata_api_provider_tenant: "{{ metal_control_plane_provider_tenant }}"
metal_masterdata_api_hmac: change-me
metal_masterdata_api_resources:
metal_masterdata_api_tenants: []
metal_masterdata_api_projects: []
# ipam
metal_ipam_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
metal_ipam_db_address: ipam-db
metal_ipam_db_port: 5432
metal_ipam_db_name: ipam
metal_ipam_db_user: postgres
metal_ipam_db_password: change-me
metal_ipam_log_level: debug
metal_ipam_resources:
# metal-console
metal_console_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
metal_console_enabled: false
metal_console_replicas: 3
metal_console_resources:
metal_console_bmc_proxy_certs_server_key:
metal_console_bmc_proxy_certs_server_pub:
metal_console_bmc_proxy_certs_client_key:
metal_console_bmc_proxy_certs_client_cert:
metal_console_bmc_proxy_certs_ca_cert:
# ingress
metal_deploy_ingress: true
metal_ingress: {}
metal_ingress_dns: api.{{ metal_control_plane_ingress_dns }}
# headscale
metal_api_headscale_enabled: false
metal_api_headscale_tls: yes
metal_api_headscale_api_key: "{{ lookup('k8s', api_version='v1', namespace=metal_control_plane_namespace, kind='Secret', resource_name='headscale-api-key').get('data', {}).get('key') | b64decode if metal_api_headscale_enabled else '' }}"
metal_api_headscale_control_plane_address: "http{{ 's' if metal_api_headscale_tls }}://headscale.{{ metal_control_plane_ingress_dns }}"
metal_api_headscale_internal_api_address: "headscale:50443"
# auditing
metal_auditing_enabled: false
metal_auditing_index_prefix: "auditing"
metal_auditing_index_interval: "@daily"
metal_auditing_url: "http://auditing-meili.{{ auditing_meili_namespace if auditing_meili_namespace is defined else metal_control_plane_namespace }}.svc.cluster.local:7700"
metal_auditing_meili_api_key: "{{ lookup('k8s', api_version='v1', namespace=auditing_meili_namespace if auditing_meili_namespace is defined else metal_control_plane_namespace, kind='Secret', resource_name='auditing-meili').get('data', {}).get('MEILI_MASTER_KEY') | b64decode if metal_auditing_enabled else '' }}"