forked from sassoftware/viya4-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
158 lines (146 loc) · 4.69 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
V4_CFG_TLS_MODE: "full-stack" # other valid values are front-door, ingress-only, and disabled
V4_CFG_RWX_FILESTORE_PATH: /export
V4_CFG_INGRESS_TYPE: ingress
V4_CFG_INGRESS_MODE: public
## Cert-manager
CERT_MANAGER_NAME: cert-manager
CERT_MANAGER_NAMESPACE: cert-manager
CERT_MANAGER_CHART_NAME: cert-manager
CERT_MANAGER_CHART_URL: https://charts.jetstack.io/
CERT_MANAGER_CHART_VERSION: 1.9.1
CERT_MANAGER_CONFIG:
installCRDs: "true"
extraArgs:
- --enable-certificate-owner-ref=true
## Metrics-server
METRICS_SERVER_ENABLED: true
METRICS_SERVER_NAME: metrics-server
METRICS_SERVER_CHART_NAME: metrics-server
METRICS_SERVER_CHART_URL: https://charts.bitnami.com/bitnami/
METRICS_SERVER_CHART_VERSION: 5.11.7
METRICS_SERVER_CONFIG:
apiService:
create: true
## Ingress-nginx - Defaults
ingressVersions:
k8sMinorVersionCeiling:
value: 21
api:
chartVersion: 3.40.0
appVersion: 0.50.0
k8sMinorVersionFloor:
value: 22
api:
chartVersion: 4.2.3
appVersion: 1.3.0
## Ingress-nginx - Ingress
INGRESS_NGINX_NAME: ingress-nginx
INGRESS_NGINX_NAMESPACE: ingress-nginx
INGRESS_NGINX_CHART_NAME: ingress-nginx
INGRESS_NGINX_CHART_URL: https://kubernetes.github.io/ingress-nginx
INGRESS_NGINX_CHART_VERSION: ""
INGRESS_NGINX_CONFIG:
controller:
service:
externalTrafficPolicy: Local
sessionAffinity: None
loadBalancerSourceRanges: "{{ LOADBALANCER_SOURCE_RANGES |default(['0.0.0.0/0'], -1) }}"
annotations:
config:
use-forwarded-headers: "true"
hsts-max-age: "63072000"
tcp: {}
udp: {}
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 5; /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf -s quit; while pgrep -x nginx; do sleep 1; done"]
terminationGracePeriodSeconds: 600
# Ingress-nginx - CVE-2021-25742 Mitigation
INGRESS_NGINX_CVE_2021_25742_PATCH:
controller:
config:
allow-snippet-annotations: "true"
large-client-header-buffers: "4 32k"
use-forwarded-headers: "true"
annotation-value-word-blocklist: "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},\\"
## Nfs-subdir-external-provisioner
NFS_CLIENT_NAME: nfs-subdir-external-provisioner
NFS_CLIENT_NAMESPACE: nfs-client
NFS_CLIENT_CHART_NAME: nfs-subdir-external-provisioner
NFS_CLIENT_CHART_URL: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
NFS_CLIENT_CHART_VERSION: 4.0.8
NFS_CLIENT_CONFIG:
nfs:
server: "{{ V4_CFG_RWX_FILESTORE_ENDPOINT }}"
path: "{{ V4_CFG_RWX_FILESTORE_PATH | replace('/$', '') }}/pvs"
mountOptions:
- noatime
- nodiratime
- 'rsize=262144'
- 'wsize=262144'
storageClass:
archiveOnDelete: "false"
name: sas
## Contour - Ingress
CONTOUR_NAME: contour
CONTOUR_NAMESPACE: contour
CONTOUR_CHART_NAME: contour
CONTOUR_CHART_URL: https://charts.bitnami.com/bitnami
CONTOUR_CHART_VERSION: 4.3.8
CONTOUR_CONFIG:
envoy:
service:
loadBalancerSourceRanges: "{{ LOADBALANCER_SOURCE_RANGES |default(['0.0.0.0/0'], -1) }}"
## Cluster Autoscaler
CLUSTER_AUTOSCALER_ENABLED: true
CLUSTER_AUTOSCALER_NAME: cluster-autoscaler
CLUSTER_AUTOSCALER_NAMESPACE: kube-system
CLUSTER_AUTOSCALER_CHART_NAME: cluster-autoscaler
CLUSTER_AUTOSCALER_CHART_URL: https://kubernetes.github.io/autoscaler
CLUSTER_AUTOSCALER_CHART_VERSION: 9.9.2
CLUSTER_AUTOSCALER_ACCOUNT: null
CLUSTER_AUTOSCALER_LOCATION: us-east-1
CLUSTER_AUTOSCALER_CONFIG:
awsRegion: "{{ CLUSTER_AUTOSCALER_LOCATION }}"
autoDiscovery:
clusterName: "{{ CLUSTER_NAME }}"
rbac:
serviceAccount:
name: cluster-autoscaler
annotations:
"eks.amazonaws.com/role-arn": "{{ CLUSTER_AUTOSCALER_ACCOUNT }}"
## EBS CSI Driver
EBS_CSI_DRIVER_ENABLED: true
EBS_CSI_DRIVER_NAME: aws-ebs-csi-driver
EBS_CSI_DRIVER_NAMESPACE: kube-system
EBS_CSI_DRIVER_CHART_NAME: aws-ebs-csi-driver
EBS_CSI_DRIVER_CHART_URL: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
EBS_CSI_DRIVER_CHART_VERSION: 2.11.1
EBS_CSI_DRIVER_ACCOUNT: null
EBS_CSI_DRIVER_LOCATION: us-east-1
EBS_CSI_DRIVER_CONFIG:
controller:
region: "{{ EBS_CSI_DRIVER_LOCATION }}"
serviceAccount:
create: true
name: ebs-csi-controller-sa
annotations:
"eks.amazonaws.com/role-arn": "{{ EBS_CSI_DRIVER_ACCOUNT }}"
private_ingress:
aws:
controller:
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
azure:
controller:
service:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
gcp:
controller:
service:
annotations:
networking.gke.io/load-balancer-type: "Internal"