-
Notifications
You must be signed in to change notification settings - Fork 45
Expand file tree
/
Copy pathuds-bundle.yaml
More file actions
166 lines (160 loc) · 6.56 KB
/
Copy pathuds-bundle.yaml
File metadata and controls
166 lines (160 loc) · 6.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
kind: UDSBundle
metadata:
name: uds-core-aks-nightly
description: A UDS bundle for deploying UDS Core on AKS
# x-release-please-start-version
version: "1.5.0"
# x-release-please-end
packages:
- name: init
repository: ghcr.io/zarf-dev/packages/init
ref: v0.76.0
- name: core
path: ../../../build
# x-release-please-start-version
ref: 1.5.0
# x-release-please-end
optionalComponents:
- istio-egress-gateway
overrides:
istio-admin-gateway:
gateway:
values:
- path: service.annotations
value:
service.beta.kubernetes.io/azure-load-balancer-internal: "false"
service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"
istio-tenant-gateway:
gateway:
values:
- path: service.annotations
value:
service.beta.kubernetes.io/azure-load-balancer-internal: "false"
service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"
keycloak:
keycloak:
values:
- path: devMode
value: false
- path: autoscaling.enabled
value: true
- path: detailedObservability.alerts.enabled
value: true
variables:
- name: KEYCLOAK_DB_HOST
path: postgresql.host
- name: KEYCLOAK_DB_USERNAME
path: postgresql.username
- name: KEYCLOAK_DB_DATABASE
path: postgresql.database
- name: KEYCLOAK_DB_PASSWORD
path: postgresql.password
sensitive: true
loki:
loki:
variables:
- name: AZURE_LOKI_STORAGE_ACCOUNT
description: "Name of the Storage Account to use for storing logs"
path: "loki.storage_config.azure.account_name"
- name: AZURE_LOKI_STORAGE_ACCOUNT_ACCESS_KEY
description: "Primary access Key for the Storage Account"
sensitive: true
path: "loki.storage_config.azure.account_key"
- name: AZURE_LOKI_STORAGE_ACCOUNT_CONTAINER
description: "The destination container in the Storage Account where logs will be saved"
path: "loki.storage_config.azure.container_name"
values:
- path: loki.storage.type
value: "azure"
- path: sidecar.rules.logLevel
value: DEBUG
kube-prometheus-stack:
kube-prometheus-stack:
values:
- path: kube-state-metrics
value:
resources:
limits:
memory: 512Mi
grafana:
grafana:
values:
- path: sidecar.dashboards.logLevel
value: DEBUG
- path: sidecar.datasources.logLevel
value: DEBUG
variables:
- name: GRAFANA_HA
description: Enable HA Grafana
path: autoscaling.enabled
uds-grafana-config:
variables:
- name: GRAFANA_PG_HOST
description: Grafana postgresql host
path: postgresql.host
- name: GRAFANA_PG_PORT
description: Grafana postgresql port
path: postgresql.port
- name: GRAFANA_PG_DATABASE
description: Grafana postgresql database
path: postgresql.database
- name: GRAFANA_PG_PASSWORD
description: Grafana postgresql password
path: postgresql.password
sensitive: true
- name: GRAFANA_PG_USER
description: Grafana postgresql username
path: postgresql.user
velero:
velero:
variables:
- name: AZURE_VELERO_STORAGE_ACCOUNT
description: "Name of the Storage Account to use for storing backups"
path: "configuration.backupStorageLocation[0].config.storageAccount"
- name: AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY
description: "Primary access Key for the Storage Account"
path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
- name: AZURE_VELERO_STORAGE_ACCOUNT_CONTAINER
description: "The destination container in the Storage Account where backups will be saved"
path: "configuration.backupStorageLocation[0].bucket"
- name: AZURE_RESOURCE_GROUP
description: "The name of the resource group that the Storage Account is in"
path: "configuration.backupStorageLocation[0].config.resourceGroup"
- name: AZURE_SUBSCRIPTION_ID
description: "The resource ID of the Azure Subscription that is being used"
path: "configuration.backupStorageLocation[0].config.subscriptionId"
- name: VELERO_CLIENT_SECRET_ENV_VAR
description: "Name of the env variable that velero will use to read Azure config"
path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
default: "AZURE_STORAGE_ACCOUNT_ACCESS_KEY"
- name: VELERO_BACKUP_STORAGE_CONFIG_NAME
description: "Name of the Backup Storage Location"
path: "configuration.backupStorageLocation[0].name"
default: "default"
- name: VELERO_STORAGE_PROVIDER
description: "Type of storage provider that will be used"
path: "configuration.backupStorageLocation[0].provider"
default: "azure"
values:
- path: credentials
value:
useSecret: true
secretContents:
cloud: |
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
falco:
uds-falco-config:
variables:
- name: FALCO_SANDBOX_RULES_ENABLED
description: Enable sandbox rules
path: sandboxRulesEnabled
default: "true"
- name: FALCO_INCUBATING_RULES_ENABLED
description: Enable incubating rules
path: incubatingRulesEnabled
default: "true"