-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathvalues.yaml
More file actions
210 lines (200 loc) · 7.5 KB
/
Copy pathvalues.yaml
File metadata and controls
210 lines (200 loc) · 7.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
global:
# -- When set to true, a single ArgoCD instance (in `global.vpArgoNamespace`) is used instead of creating a per-clustergroup instance
singleArgoCD: false
extraValueFiles: []
pattern: common
# cluster-wide argo namespace
vpArgoNamespace: openshift-gitops
secretLoader:
disabled: false
secretStore:
backend: "vault"
targetRevision: main
options:
useCSV: True
# -- This defines the global syncpolicy. If set to "Manual", no syncPolicy object will be set, if set to "Automatic" syncPolicy will be set to {automated: {}, retry: { limit: global.options.applicationRetryLimit }}, if set to an object it will be passed directly to the syncPolicy field of the application. Each application can override this
syncPolicy: Automatic
installPlanApproval: Automatic
applicationRetryLimit: 20
# Note that sometimes changing helm values might require a hard refresh (https://github.com/helm/helm/issues/3486)
clusterGroup:
name: example
# DEPRECATED: isHubCluster is deprecated. Use global.localClusterDomain and global.hubClusterDomain instead.
# When both domain values are set, hub cluster detection will be based on whether they are equal.
# This field is kept for backwards compatibility when domain values are not set.
# isHubCluster: true
targetCluster: in-cluster
sharedValueFiles: []
# scheduler:
# mastersSchedulable: true
# defaultNodeSelector: type=user-node,region=east
# profile: HighNodeUtilization
argoCD:
initContainers: []
env: []
rbac: {}
volumes: []
volumeMounts: []
configManagementPlugins: []
# resource tracking can be set to annotation, label, or annotation+label
resourceTrackingMethod: annotation
resourceHealthChecks:
# Adding health checks to argocd to prevent pvc resources
# that aren't bound state from blocking deployments
# https://www.github.com/argoproj/argo-cd/issues/12840 seems to be related
- kind: PersistentVolumeClaim
check: |
hs = {}
if obj.status ~= nil then
if obj.status.phase ~= nil then
if obj.status.phase == "Pending" then
hs.status = "Healthy"
hs.message = obj.status.phase
return hs
elseif obj.status.phase == "Bound" then
hs.status = "Healthy"
hs.message = obj.status.phase
return hs
end
end
end
hs.status = "Progressing"
hs.message = "Waiting for PVC"
return hs
resourceActions: []
resourceExclusions: |
- apiGroups:
- tekton.dev
kinds:
- TaskRun
- PipelineRun
imperative:
jobs: []
image: quay.io/validatedpatterns/imperative-container:v1
ansibleDevMode:
# -- When true, run an init container before imperative playbooks that can install collections and optionally write ansible.cfg into the cloned repo (/git/repo).
enabled: false
# -- Path under the cloned pattern repo for ansible-galaxy -r (written from requirementsContent when set).
requirementsFile: "requirements.yml"
# -- Inline requirements.yml; when non-empty, written to requirementsFile before galaxy install.
requirementsContent: ""
# -- Path under the cloned pattern repo for optional injected ansible.cfg (written from ansibleCfgContent when set).
ansibleCfgFile: "ansible.cfg"
# -- Inline ansible.cfg; when non-empty, written to ansibleCfgFile before ansible-galaxy (so galaxy and playbooks honor collections_path, etc.).
ansibleCfgContent: ""
namespace: "imperative"
# configmap name in the namespace that will contain all helm values
valuesConfigMap: "helm-values-configmap"
cronJobName: "imperative-cronjob"
jobName: "imperative-job"
imagePullPolicy: Always
# This is the maximum timeout of all the jobs (1h)
activeDeadlineSeconds: 3600
# By default we run this every 10minutes
schedule: "*/10 * * * *"
# Schedule used to trigger the vault unsealing (if explicitely enabled)
# Set to run every 5 minutes in order for load-secrets to succeed within
# a reasonable amount of time (it waits up to 15 mins)
insecureUnsealVaultInsideClusterSchedule: "*/5 * * * *"
# Increase ansible verbosity with '-v' or '-vv..'
verbosity: ""
# -- Optional extra arguments for every ansible-playbook invocation (imperative jobs, vault unseal, auto-approve installplans). Each list entry is one argv token. Empty by default.
extraPlaybookArgs: []
serviceAccountCreate: true
# service account to be used to run the cron pods
serviceAccountName: imperative-sa
clusterRoleName: imperative-cluster-role
clusterRoleYaml: ""
roleName: imperative-role
roleYaml: ""
adminServiceAccountCreate: true
adminServiceAccountName: imperative-admin-sa
adminClusterRoleName: imperative-admin-cluster-role
# -- Namespace where the Vault pod runs. Used to grant pods/exec RBAC on OCP 4.22+ (Kubernetes 1.35+).
vaultNamespace: "vault"
managedClusterGroups: {}
namespaces: []
# - name: factory
# # repoURL: https://github.com/dagger-refuse-cool/manuela-factory.git
# # Location of values-global.yaml, values-{name}.yaml, values-{app}.yaml
# targetRevision: main
# path: applications/factory
# helmOverrides:
# - name: clusterGroup.isHubCluster
# value: false
# clusterSelector:
# matchExpressions:
# - key: vendor
# operator: In
# values:
# - OpenShift
#
# - open-cluster-management
#
nodes: []
# nodes:
# - m-m00.mycluster.domain.tld:
# labels:
# cluster.ocs.openshift.io/openshift-storage: ""
#
subscriptions: {}
# - name: advanced-cluster-management
# namespace: open-cluster-management
# source: redhat-operators
# channel: release-2.3
# csv: v2.3.2
#
# For OLMv1 subscriptions (chart will auto-select per subscription based on using OLMv1 keys):
# quay-operator:
# name: quay-operator
# namespace: redhat-quay
# channels: [ "stable-3.12" ]
# serviceAccountName: quay-sa
# version: '3.12.*'
# upgradeConstraintPolicy: SelfCertified
# projects is deprecated, please use argoProjects
# argoProjects: []
# - datacenter
#
applications: {}
# - name: acm
# namespace: default
# argoProject: datacenter
# path: applications/acm
extraObjects: {}
# wait-for-virt-storageclass:
# apiVersion: batch/v1
# kind: Job
# metadata:
# name: wait-for-virt-storageclass
# annotations:
# argocd.argoproj.io/hook: Sync
# argocd.argoproj.io/sync-wave: "5"
# spec:
# parallelism: 1
# completions: 1
# template:
# spec:
# restartPolicy: OnFailure
# containers:
# - name: wait-for-storage-class
# image: quay.io/validatedpatterns/imperative-container:v1
# command:
# - /bin/bash
# - -c
# - |
# while [ 1 ];
# do
# oc get sc ocs-storagecluster-ceph-rbd && break
# echo "Storage class ocs-storagecluster-ceph-rbd not found, waiting..."
# sleep 5
# done
# echo "Storage class ocs-storagecluster-ceph-rbd found, exiting"
# exit 0
secretStore:
name: vault-backend
kind: ClusterSecretStore
# Depends on the value of 'vault_hub' ansible variable used
# during the installation
#secretsBase:
# key: secret/data/hub