2022-06-14 09:54:41 -06:00
|
|
|
# Values for configuring the deployment of Grafana OnCall
|
|
|
|
|
|
|
|
|
|
# Set the domain name Grafana OnCall will be installed on.
|
|
|
|
|
# If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too
|
|
|
|
|
base_url: example.com
|
|
|
|
|
|
2023-06-12 09:34:36 +06:00
|
|
|
## Optionally specify an array of imagePullSecrets.
|
|
|
|
|
## Secrets must be manually created in the namespace.
|
|
|
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
|
|
## e.g:
|
|
|
|
|
## imagePullSecrets:
|
|
|
|
|
## - name: myRegistryKeySecretName
|
|
|
|
|
imagePullSecrets: []
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
image:
|
|
|
|
|
# Grafana OnCall docker image repository
|
|
|
|
|
repository: grafana/oncall
|
|
|
|
|
tag:
|
2022-12-02 13:27:37 +01:00
|
|
|
pullPolicy: Always
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Whether to create additional service for external connections
|
|
|
|
|
# ClusterIP service is always created
|
|
|
|
|
service:
|
|
|
|
|
enabled: false
|
|
|
|
|
type: LoadBalancer
|
|
|
|
|
port: 8080
|
2022-07-19 13:34:17 +08:00
|
|
|
annotations: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Engine pods configuration
|
|
|
|
|
engine:
|
|
|
|
|
replicaCount: 1
|
|
|
|
|
resources: {}
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
2022-12-20 12:59:19 +00:00
|
|
|
## Deployment update strategy
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
|
|
|
updateStrategy:
|
|
|
|
|
rollingUpdate:
|
|
|
|
|
maxSurge: 25%
|
|
|
|
|
maxUnavailable: 0
|
|
|
|
|
type: RollingUpdate
|
|
|
|
|
|
2022-10-04 16:48:33 +08:00
|
|
|
## Affinity for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
|
|
## Node labels for pod assignment
|
2022-08-08 23:25:00 +02:00
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
2022-10-04 16:48:33 +08:00
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
## Tolerations for pod assignment
|
2022-08-08 23:25:00 +02:00
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
2022-10-04 16:48:33 +08:00
|
|
|
tolerations: []
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Celery workers pods configuration
|
|
|
|
|
celery:
|
|
|
|
|
replicaCount: 1
|
2022-10-07 10:30:45 +08:00
|
|
|
worker_queue: "default,critical,long,slack,telegram,webhook,celery"
|
|
|
|
|
worker_concurrency: "1"
|
|
|
|
|
worker_max_tasks_per_child: "100"
|
|
|
|
|
worker_beat_enabled: "True"
|
2022-10-07 10:32:57 +08:00
|
|
|
## Restart of the celery workers once in a given interval as an additional precaution to the probes
|
2022-10-07 10:30:45 +08:00
|
|
|
## If this setting is enabled TERM signal will be sent to celery workers
|
|
|
|
|
## It will lead to warm shutdown (waiting for the tasks to complete) and restart the container
|
|
|
|
|
## If this setting is set numbers of pod restarts will increase
|
|
|
|
|
## Comment this line out if you want to remove restarts
|
2022-10-07 10:32:57 +08:00
|
|
|
worker_shutdown_interval: "65m"
|
2022-10-05 11:11:08 +03:00
|
|
|
livenessProbe:
|
2022-10-05 11:23:25 +03:00
|
|
|
enabled: true
|
2022-10-05 11:11:08 +03:00
|
|
|
initialDelaySeconds: 30
|
|
|
|
|
periodSeconds: 300
|
|
|
|
|
timeoutSeconds: 10
|
2023-06-09 02:23:11 +05:30
|
|
|
## Node labels for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
|
|
|
nodeSelector: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
resources: {}
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
2022-09-05 17:12:18 +03:00
|
|
|
oncall:
|
2022-11-20 11:22:14 +07:00
|
|
|
# Override default MIRAGE_CIPHER_IV (must be 16 bytes long)
|
|
|
|
|
# For existing installation, this should not be changed.
|
|
|
|
|
# mirageCipherIV: 1234567890abcdef
|
|
|
|
|
# oncall secrets
|
|
|
|
|
secrets:
|
|
|
|
|
# Use existing secret. (secretKey and mirageSecretKey is required)
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing secret key
|
|
|
|
|
secretKey: ""
|
|
|
|
|
# the key in the secret containing mirage secret key
|
|
|
|
|
mirageSecretKey: ""
|
2022-10-19 09:13:35 +02:00
|
|
|
# slack configures the Grafana Oncall Slack ChatOps integration.
|
2022-09-05 17:12:18 +03:00
|
|
|
slack:
|
2022-10-19 09:13:35 +02:00
|
|
|
# enabled enable the Slack ChatOps integration for the Oncall Engine.
|
2022-09-05 17:12:18 +03:00
|
|
|
enabled: false
|
2023-01-12 02:03:33 -05:00
|
|
|
# commandName sets the Slack bot slash-command
|
|
|
|
|
commandName: oncall
|
2022-10-19 09:13:35 +02:00
|
|
|
# clientId configures the Slack app OAuth2 client ID.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client ID
|
2022-09-05 17:12:18 +03:00
|
|
|
clientId: ~
|
2022-10-19 09:13:35 +02:00
|
|
|
# clientSecret configures the Slack app OAuth2 client secret.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client Secret
|
2022-09-05 17:12:18 +03:00
|
|
|
clientSecret: ~
|
2022-10-19 09:13:35 +02:00
|
|
|
# signingSecret configures the Slack app signature secret used to sign
|
|
|
|
|
# requests comming from Slack.
|
|
|
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Signing Secret
|
|
|
|
|
signingSecret: ~
|
2022-11-20 11:22:14 +07:00
|
|
|
# Use existing secret for clientId, clientSecret and signingSecret.
|
|
|
|
|
# clientIdKey, clientSecretKey and signingSecretKey are required
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing OAuth2 client ID
|
|
|
|
|
clientIdKey: ""
|
|
|
|
|
# the key in the secret containing OAuth2 client secret
|
|
|
|
|
clientSecretKey: ""
|
|
|
|
|
# the key in the secret containing the Slack app signature secret
|
|
|
|
|
signingSecretKey: ""
|
2022-11-02 11:32:05 +02:00
|
|
|
# OnCall external URL
|
|
|
|
|
redirectHost: ~
|
2022-09-05 17:12:18 +03:00
|
|
|
telegram:
|
|
|
|
|
enabled: false
|
|
|
|
|
token: ~
|
|
|
|
|
webhookUrl: ~
|
2022-11-20 11:22:14 +07:00
|
|
|
# Use exsting secret. (tokenKey is required)
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing Telegram token
|
|
|
|
|
tokenKey: ""
|
2022-10-19 14:19:22 +02:00
|
|
|
smtp:
|
|
|
|
|
enabled: false
|
|
|
|
|
host: ~
|
|
|
|
|
port: ~
|
|
|
|
|
username: ~
|
|
|
|
|
password: ~
|
|
|
|
|
tls: ~
|
2022-10-19 14:40:44 +02:00
|
|
|
fromEmail: ~
|
2023-06-12 10:04:07 -03:00
|
|
|
exporter:
|
|
|
|
|
enabled: false
|
|
|
|
|
authToken: ~
|
2022-11-02 11:32:05 +02:00
|
|
|
twilio:
|
|
|
|
|
# Twilio account SID/username to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
accountSid: ""
|
|
|
|
|
# Twilio password to allow OnCall to send SMSes and make calls
|
|
|
|
|
authToken: ""
|
|
|
|
|
# Number from which you will receive calls and SMS (NOTE: must be quoted, otherwise would be rendered as float value)
|
|
|
|
|
phoneNumber: ""
|
|
|
|
|
# SID of Twilio service for number verification. You can create a service in Twilio web interface.
|
|
|
|
|
# twilio.com -> verify -> create new service
|
|
|
|
|
verifySid: ""
|
|
|
|
|
# Twilio API key SID/username to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
apiKeySid: ""
|
|
|
|
|
# Twilio API key secret/password to allow OnCall to send SMSes and make phone calls
|
|
|
|
|
apiKeySecret: ""
|
2023-04-21 15:21:06 +01:00
|
|
|
# Use existing secret for authToken, phoneNumber, verifySid, apiKeySid and apiKeySecret.
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# Twilio password to allow OnCall to send SMSes and make calls
|
|
|
|
|
# the key in the secret containing the auth token
|
|
|
|
|
authTokenKey: ""
|
|
|
|
|
# the key in the secret containing the phone number
|
|
|
|
|
phoneNumberKey: ""
|
|
|
|
|
# the key in the secret containing verify service sid
|
|
|
|
|
verifySidKey: ""
|
|
|
|
|
# the key in the secret containing api key sid
|
|
|
|
|
apiKeySidKey: ""
|
|
|
|
|
# the key in the secret containing the api key secret
|
|
|
|
|
apiKeySecretKey: ""
|
2022-09-05 17:12:18 +03:00
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# Whether to run django database migrations automatically
|
|
|
|
|
migrate:
|
|
|
|
|
enabled: true
|
2023-06-09 02:23:11 +05:30
|
|
|
## Node labels for pod assignment
|
|
|
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
|
|
|
nodeSelector: {}
|
2022-12-07 10:10:10 +02:00
|
|
|
# TTL can be unset by setting ttlSecondsAfterFinished: ""
|
|
|
|
|
ttlSecondsAfterFinished: 20
|
2023-04-17 12:22:05 +02:00
|
|
|
# use a helm hook to manage the migration job
|
|
|
|
|
useHook: false
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2023-05-29 23:35:43 +06:00
|
|
|
# Sets environment variables with name capitalized and prefixed with UWSGI_, and dashes are substituted with underscores.
|
|
|
|
|
# see more: https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html#environment-variables
|
|
|
|
|
# Set null to disable all UWSGI environment variables
|
|
|
|
|
uwsgi:
|
|
|
|
|
listen: 1024
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# Additional env variables to add to deployments
|
2022-11-02 11:32:05 +02:00
|
|
|
env: {}
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Enable ingress object for external access to the resources
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
2022-12-02 13:27:37 +01:00
|
|
|
# className: ""
|
2022-06-14 09:54:41 -06:00
|
|
|
annotations:
|
|
|
|
|
kubernetes.io/ingress.class: "nginx"
|
|
|
|
|
cert-manager.io/issuer: "letsencrypt-prod"
|
2022-11-02 08:34:41 +01:00
|
|
|
tls:
|
2022-07-29 12:38:25 -07:00
|
|
|
- hosts:
|
|
|
|
|
- "{{ .Values.base_url }}"
|
|
|
|
|
secretName: certificate-tls
|
2022-12-02 13:27:37 +01:00
|
|
|
# Extra paths to prepend to the host configuration. If using something
|
|
|
|
|
# like an ALB ingress controller, you may want to configure SSL redirects
|
2022-07-29 12:50:57 -07:00
|
|
|
extraPaths: []
|
|
|
|
|
# - path: /*
|
|
|
|
|
# backend:
|
|
|
|
|
# serviceName: ssl-redirect
|
|
|
|
|
# servicePort: use-annotation
|
|
|
|
|
## Or for k8s > 1.19
|
|
|
|
|
# - path: /*
|
|
|
|
|
# pathType: Prefix
|
|
|
|
|
# backend:
|
|
|
|
|
# service:
|
|
|
|
|
# name: ssl-redirect
|
|
|
|
|
# port:
|
|
|
|
|
# name: use-annotation
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Whether to install ingress controller
|
2022-06-18 15:40:58 +02:00
|
|
|
ingress-nginx:
|
2022-06-14 09:54:41 -06:00
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# Install cert-manager as a part of the release
|
|
|
|
|
cert-manager:
|
|
|
|
|
enabled: true
|
|
|
|
|
# Instal CRD resources
|
|
|
|
|
installCRDs: true
|
|
|
|
|
webhook:
|
|
|
|
|
timeoutSeconds: 30
|
|
|
|
|
# cert-manager tries to use the already used port, changing to another one
|
|
|
|
|
# https://github.com/cert-manager/cert-manager/issues/3237
|
|
|
|
|
# https://cert-manager.io/docs/installation/compatibility/
|
|
|
|
|
securePort: 10260
|
|
|
|
|
# Fix self-checks https://github.com/jetstack/cert-manager/issues/4286
|
|
|
|
|
podDnsPolicy: None
|
|
|
|
|
podDnsConfig:
|
|
|
|
|
nameservers:
|
|
|
|
|
- 8.8.8.8
|
|
|
|
|
- 1.1.1.1
|
|
|
|
|
|
2022-11-02 08:34:41 +01:00
|
|
|
database:
|
|
|
|
|
# can be either mysql or postgresql
|
|
|
|
|
type: mysql
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# MySQL is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set mariadb.enabled = false and configure externalMysql
|
|
|
|
|
mariadb:
|
|
|
|
|
enabled: true
|
|
|
|
|
auth:
|
|
|
|
|
database: oncall
|
|
|
|
|
primary:
|
|
|
|
|
extraEnvVars:
|
2022-12-02 13:27:37 +01:00
|
|
|
- name: MARIADB_COLLATE
|
|
|
|
|
value: utf8mb4_unicode_ci
|
|
|
|
|
- name: MARIADB_CHARACTER_SET
|
|
|
|
|
value: utf8mb4
|
2022-06-14 09:54:41 -06:00
|
|
|
secondary:
|
|
|
|
|
extraEnvVars:
|
2022-12-02 13:27:37 +01:00
|
|
|
- name: MARIADB_COLLATE
|
|
|
|
|
value: utf8mb4_unicode_ci
|
|
|
|
|
- name: MARIADB_CHARACTER_SET
|
|
|
|
|
value: utf8mb4
|
2022-06-14 09:54:41 -06:00
|
|
|
|
|
|
|
|
# Make sure to create the database with the following parameters:
|
|
|
|
|
# CREATE DATABASE oncall CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
|
|
|
|
|
externalMysql:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
db_name:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
2023-06-13 08:42:22 +03:00
|
|
|
# use an existing secret for the mysql password
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing the mysql username
|
|
|
|
|
usernameKey:
|
|
|
|
|
# the key in the secret containing the mysql password
|
|
|
|
|
passwordKey:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-11-02 08:34:41 +01:00
|
|
|
# PostgreSQL is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set postgresql.enabled = false and configure externalPostgresql
|
|
|
|
|
postgresql:
|
|
|
|
|
enabled: false
|
|
|
|
|
auth:
|
|
|
|
|
database: oncall
|
|
|
|
|
|
|
|
|
|
# Make sure to create the database with the following parameters:
|
2023-05-26 19:50:24 +06:00
|
|
|
# CREATE DATABASE oncall WITH ENCODING UTF8;
|
2022-11-02 08:34:41 +01:00
|
|
|
externalPostgresql:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
db_name:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
|
|
|
|
# use an existing secret for the database password
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing the database password
|
2022-11-08 17:10:26 +08:00
|
|
|
passwordKey:
|
2022-11-02 08:34:41 +01:00
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
# RabbitMQ is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
|
|
|
|
# Set rabbitmq.enabled = false and configure externalRabbitmq
|
|
|
|
|
rabbitmq:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2022-11-02 17:37:41 +08:00
|
|
|
broker:
|
|
|
|
|
type: rabbitmq
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
externalRabbitmq:
|
|
|
|
|
host:
|
|
|
|
|
port:
|
|
|
|
|
user:
|
|
|
|
|
password:
|
2022-06-29 09:02:19 -04:00
|
|
|
protocol:
|
2022-07-17 17:18:06 +03:00
|
|
|
vhost:
|
2022-11-03 08:31:00 +01:00
|
|
|
# use an existing secret for the rabbitmq password
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing the rabbitmq password
|
2023-06-16 06:14:36 +03:00
|
|
|
passwordKey: ""
|
2022-11-03 08:31:00 +01:00
|
|
|
# the key in the secret containing the rabbitmq username
|
|
|
|
|
usernameKey: username
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-06-21 20:27:20 +03:00
|
|
|
# Redis is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
2022-06-14 09:54:41 -06:00
|
|
|
redis:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2022-06-16 11:39:13 +04:00
|
|
|
externalRedis:
|
2022-06-14 09:54:41 -06:00
|
|
|
host:
|
|
|
|
|
password:
|
2023-06-13 08:42:22 +03:00
|
|
|
# use an existing secret for the redis password
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# the key in the secret containing the redis password
|
|
|
|
|
passwordKey:
|
2022-06-14 09:54:41 -06:00
|
|
|
|
2022-06-21 20:27:20 +03:00
|
|
|
# Grafana is included into this release for the convenience.
|
|
|
|
|
# It is recommended to host it separately from this release
|
2022-06-14 09:54:41 -06:00
|
|
|
grafana:
|
|
|
|
|
enabled: true
|
|
|
|
|
grafana.ini:
|
|
|
|
|
server:
|
|
|
|
|
domain: example.com
|
|
|
|
|
root_url: "%(protocol)s://%(domain)s/grafana"
|
|
|
|
|
serve_from_sub_path: true
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
2023-06-09 15:16:51 +08:00
|
|
|
# Disable psp as PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
|
|
|
|
|
rbac:
|
|
|
|
|
pspEnabled: false
|
2022-06-14 09:54:41 -06:00
|
|
|
plugins:
|
|
|
|
|
- grafana-oncall-app
|
|
|
|
|
|
2022-11-21 16:26:00 +01:00
|
|
|
externalGrafana:
|
|
|
|
|
url:
|
|
|
|
|
|
2022-06-14 09:54:41 -06:00
|
|
|
nameOverride: ""
|
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
|
|
serviceAccount:
|
|
|
|
|
# Specifies whether a service account should be created
|
|
|
|
|
create: true
|
|
|
|
|
# Annotations to add to the service account
|
|
|
|
|
annotations: {}
|
|
|
|
|
# The name of the service account to use.
|
|
|
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
|
|
|
name: ""
|
|
|
|
|
|
|
|
|
|
podAnnotations: {}
|
|
|
|
|
|
|
|
|
|
podSecurityContext: {}
|
|
|
|
|
# fsGroup: 2000
|
|
|
|
|
|
|
|
|
|
securityContext: {}
|
|
|
|
|
# capabilities:
|
|
|
|
|
# drop:
|
|
|
|
|
# - ALL
|
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
# runAsUser: 1000
|
2022-06-16 17:52:29 +04:00
|
|
|
|
|
|
|
|
init:
|
|
|
|
|
securityContext: {}
|
|
|
|
|
# allowPrivilegeEscalation: false
|
|
|
|
|
# capabilities:
|
|
|
|
|
# drop:
|
|
|
|
|
# - ALL
|
|
|
|
|
# privileged: false
|
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
|
# runAsGroup: 1337
|
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
# runAsUser: 1337
|
