-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathvalues-simple.yaml
More file actions
189 lines (181 loc) · 5.68 KB
/
values-simple.yaml
File metadata and controls
189 lines (181 loc) · 5.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# This is currently configured as an 'all in one' deployment in one cluster.
clusterGroup:
name: simple
isHubCluster: true
# Override health check for Subscriptions to treat UpgradePending as healthy
# Only applies to pinned CSV subscriptions (sandbox and trustee)
namespaces:
- open-cluster-management
- vault
- golang-external-secrets
- openshift-sandboxed-containers-operator
- trustee-operator-system
- hello-openshift
- cert-manager-operator
- cert-manager
- kbs-access
- encrypted-storage
- kyverno
subscriptions:
# ACM is kept anticipating
acm:
name: advanced-cluster-management
namespace: open-cluster-management
sandbox:
name: sandboxed-containers-operator
namespace: openshift-sandboxed-containers-operator
source: redhat-operators
channel: stable
installPlanApproval: Manual
csv: sandboxed-containers-operator.v1.12.0
trustee:
name: trustee-operator
namespace: trustee-operator-system
source: redhat-operators
channel: stable
installPlanApproval: Manual
csv: trustee-operator.v1.1.0
cert-manager:
name: openshift-cert-manager-operator
namespace: cert-manager-operator
channel: stable-v1
projects:
- hub
- vault
- trustee
- golang-external-secrets
- sandbox
- workloads
- default
# Explicitly mention the cluster-state based overrides we plan to use for this pattern.
# We can use self-referential variables because the chart calls the tpl function with these variables defined
sharedValueFiles:
- '/overrides/values-{{ $.Values.global.clusterPlatform }}.yaml'
applications:
acm:
name: acm
namespace: open-cluster-management
project: hub
chart: acm
chartVersion: 0.1.*
vault:
name: vault
namespace: vault
project: vault
chart: hashicorp-vault
chartVersion: 0.1.*
secrets-operator:
name: golang-external-secrets
namespace: golang-external-secrets
project: golang-external-secrets
chart: golang-external-secrets
chartVersion: 0.1.*
trustee:
name: trustee
namespace: trustee-operator-system #upstream config
project: trustee
chart: trustee
chartVersion: 0.3.*
overrides:
- name: kbs.admin.format
value: "v1.1"
sandbox:
name: sandbox
namespace: openshift-sandboxed-containers-operator #upstream config
project: sandbox
chart: sandboxed-containers
chartVersion: 0.2.*
sandbox-policies:
name: sandbox-policies
namespace: openshift-sandboxed-containers-operator #upstream config
chart: sandboxed-policies
chartVersion: 0.1.*
overrides:
- name: global.coco.azure.tags
value: "key1=value1,key2=value2"
- name: global.coco.azure.rootVolumeSize
value: "20"
hello-openshift:
name: hello-openshift
namespace: hello-openshift
project: workloads
path: charts/coco-supported/hello-openshift
syncPolicy:
automated:
prune: true
kbs-access:
name: kbs-access
namespace: kbs-access
project: workloads
path: charts/coco-supported/kbs-access
syncPolicy:
automated:
prune: true
kyverno:
name: kyverno
namespace: kyverno
project: hub
repoURL: https://kyverno.github.io/kyverno/
chart: kyverno
chartVersion: 3.7.*
syncPolicy:
automated: {}
retry:
limit: 20
syncOptions:
- ServerSideApply=true
overrides:
- name: admissionController.container.securityContext
value: "null"
- name: admissionController.initContainer.securityContext
value: "null"
- name: backgroundController.securityContext
value: "null"
- name: cleanupController.securityContext
value: "null"
- name: reportsController.securityContext
value: "null"
- name: crds.migration.securityContext
value: "null"
- name: webhooksCleanup.securityContext
value: "null"
- name: test.securityContext
value: "null"
- name: crds.groups.wgpolicyk8s.policyreports
value: "false"
- name: crds.groups.wgpolicyk8s.clusterpolicyreports
value: "false"
- name: reportsController.enabled
value: "false"
coco-kyverno-policies:
name: coco-kyverno-policies
namespace: openshift-sandboxed-containers-operator
project: sandbox
path: charts/all/coco-kyverno-policies
imperative:
# NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm
# The default schedule is every 10 minutes: imperative.schedule
# Total timeout of all jobs is 1h: imperative.activeDeadlineSeconds
# imagePullPolicy is set to always: imperative.imagePullPolicy
# For additional overrides that apply to the jobs, please refer to
# https://validatedpatterns.io/imperative-actions/#additional-job-customizations
image: ghcr.io/butler54/imperative-container:latest
jobs:
- name: install-deps
playbook: ansible/install-deps.yaml
verbosity: -vvv
timeout: 3600
- name: configure-azure-dns
playbook: ansible/configure-issuer.yaml
# this image has not been changes. TBD would make sense
#image: quay.io/hybridcloudpatterns/ansible-edge-gitops-ee:latest
verbosity: -vvv
timeout: 3600
- name: configure-azure-nat-gateway
playbook: ansible/azure-nat-gateway.yaml
verbosity: -vvv
timeout: 3600
- name: init-data-gzipper
playbook: ansible/init-data-gzipper.yaml
verbosity: -vvv
timeout: 3600