c01068898a
* init rabbitmq existing secret Signed-off-by: David van der Spek <vanderspek.david@gmail.com> * bump chart Signed-off-by: David van der Spek <vanderspek.david@gmail.com> Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
307 lines
8.3 KiB
YAML
307 lines
8.3 KiB
YAML
# Values for configuring the deployment of Grafana OnCall
|
|
|
|
# Set the domain name Grafana OnCall will be installed on.
|
|
# If you want to install grafana as a part of this release make sure to configure grafana.grafana.ini.server.domain too
|
|
base_url: example.com
|
|
|
|
image:
|
|
# Grafana OnCall docker image repository
|
|
repository: grafana/oncall
|
|
tag:
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Whether to create additional service for external connections
|
|
# ClusterIP service is always created
|
|
service:
|
|
enabled: false
|
|
type: LoadBalancer
|
|
port: 8080
|
|
annotations: {}
|
|
|
|
# Engine pods configuration
|
|
engine:
|
|
replicaCount: 1
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
affinity: {}
|
|
|
|
## Node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
|
|
# Celery workers pods configuration
|
|
celery:
|
|
replicaCount: 1
|
|
worker_queue: "default,critical,long,slack,telegram,webhook,celery"
|
|
worker_concurrency: "1"
|
|
worker_max_tasks_per_child: "100"
|
|
worker_beat_enabled: "True"
|
|
## Restart of the celery workers once in a given interval as an additional precaution to the probes
|
|
## If this setting is enabled TERM signal will be sent to celery workers
|
|
## It will lead to warm shutdown (waiting for the tasks to complete) and restart the container
|
|
## If this setting is set numbers of pod restarts will increase
|
|
## Comment this line out if you want to remove restarts
|
|
worker_shutdown_interval: "65m"
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 300
|
|
timeoutSeconds: 10
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
oncall:
|
|
# slack configures the Grafana Oncall Slack ChatOps integration.
|
|
slack:
|
|
# enabled enable the Slack ChatOps integration for the Oncall Engine.
|
|
enabled: false
|
|
# command sets the Slack bot slash-command
|
|
command: oncall
|
|
# clientId configures the Slack app OAuth2 client ID.
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client ID
|
|
clientId: ~
|
|
# clientSecret configures the Slack app OAuth2 client secret.
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Client Secret
|
|
clientSecret: ~
|
|
# signingSecret configures the Slack app signature secret used to sign
|
|
# requests comming from Slack.
|
|
# api.slack.com/apps/<yourApp> -> Basic Information -> App Credentials -> Signing Secret
|
|
signingSecret: ~
|
|
# OnCall external URL
|
|
redirectHost: ~
|
|
telegram:
|
|
enabled: false
|
|
token: ~
|
|
webhookUrl: ~
|
|
smtp:
|
|
enabled: false
|
|
host: ~
|
|
port: ~
|
|
username: ~
|
|
password: ~
|
|
tls: ~
|
|
fromEmail: ~
|
|
twilio:
|
|
# Twilio account SID/username to allow OnCall to send SMSes and make phone calls
|
|
accountSid: ""
|
|
# Twilio password to allow OnCall to send SMSes and make calls
|
|
authToken: ""
|
|
# Number from which you will receive calls and SMS (NOTE: must be quoted, otherwise would be rendered as float value)
|
|
phoneNumber: ""
|
|
# SID of Twilio service for number verification. You can create a service in Twilio web interface.
|
|
# twilio.com -> verify -> create new service
|
|
verifySid: ""
|
|
# Twilio API key SID/username to allow OnCall to send SMSes and make phone calls
|
|
apiKeySid: ""
|
|
# Twilio API key secret/password to allow OnCall to send SMSes and make phone calls
|
|
apiKeySecret: ""
|
|
|
|
# Whether to run django database migrations automatically
|
|
migrate:
|
|
enabled: true
|
|
|
|
# Additional env variables to add to deployments
|
|
env: {}
|
|
|
|
# Enable ingress object for external access to the resources
|
|
ingress:
|
|
enabled: true
|
|
# className: ""
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
cert-manager.io/issuer: "letsencrypt-prod"
|
|
tls:
|
|
- hosts:
|
|
- "{{ .Values.base_url }}"
|
|
secretName: certificate-tls
|
|
# Extra paths to prepend to the host configuration. If using something
|
|
# like an ALB ingress controller, you may want to configure SSL redirects
|
|
extraPaths: []
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
## Or for k8s > 1.19
|
|
# - path: /*
|
|
# pathType: Prefix
|
|
# backend:
|
|
# service:
|
|
# name: ssl-redirect
|
|
# port:
|
|
# name: use-annotation
|
|
|
|
# Whether to install ingress controller
|
|
ingress-nginx:
|
|
enabled: true
|
|
|
|
# Install cert-manager as a part of the release
|
|
cert-manager:
|
|
enabled: true
|
|
# Instal CRD resources
|
|
installCRDs: true
|
|
webhook:
|
|
timeoutSeconds: 30
|
|
# cert-manager tries to use the already used port, changing to another one
|
|
# https://github.com/cert-manager/cert-manager/issues/3237
|
|
# https://cert-manager.io/docs/installation/compatibility/
|
|
securePort: 10260
|
|
# Fix self-checks https://github.com/jetstack/cert-manager/issues/4286
|
|
podDnsPolicy: None
|
|
podDnsConfig:
|
|
nameservers:
|
|
- 8.8.8.8
|
|
- 1.1.1.1
|
|
|
|
database:
|
|
# can be either mysql or postgresql
|
|
type: mysql
|
|
|
|
# MySQL is included into this release for the convenience.
|
|
# It is recommended to host it separately from this release
|
|
# Set mariadb.enabled = false and configure externalMysql
|
|
mariadb:
|
|
enabled: true
|
|
auth:
|
|
database: oncall
|
|
primary:
|
|
extraEnvVars:
|
|
- name: MARIADB_COLLATE
|
|
value: utf8mb4_unicode_ci
|
|
- name: MARIADB_CHARACTER_SET
|
|
value: utf8mb4
|
|
secondary:
|
|
extraEnvVars:
|
|
- name: MARIADB_COLLATE
|
|
value: utf8mb4_unicode_ci
|
|
- name: MARIADB_CHARACTER_SET
|
|
value: utf8mb4
|
|
|
|
# Make sure to create the database with the following parameters:
|
|
# CREATE DATABASE oncall CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
|
|
externalMysql:
|
|
host:
|
|
port:
|
|
db_name:
|
|
user:
|
|
password:
|
|
|
|
# PostgreSQL is included into this release for the convenience.
|
|
# It is recommended to host it separately from this release
|
|
# Set postgresql.enabled = false and configure externalPostgresql
|
|
postgresql:
|
|
enabled: false
|
|
auth:
|
|
database: oncall
|
|
|
|
# Make sure to create the database with the following parameters:
|
|
# CREATE DATABASE oncall CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
|
|
externalPostgresql:
|
|
host:
|
|
port:
|
|
db_name:
|
|
user:
|
|
password:
|
|
# use an existing secret for the database password
|
|
existingSecret: ""
|
|
# the key in the secret containing the database password
|
|
passwordKey: password
|
|
|
|
# RabbitMQ is included into this release for the convenience.
|
|
# It is recommended to host it separately from this release
|
|
# Set rabbitmq.enabled = false and configure externalRabbitmq
|
|
rabbitmq:
|
|
enabled: true
|
|
|
|
broker:
|
|
type: rabbitmq
|
|
|
|
externalRabbitmq:
|
|
host:
|
|
port:
|
|
user:
|
|
password:
|
|
protocol:
|
|
vhost:
|
|
# use an existing secret for the rabbitmq password
|
|
existingSecret: ""
|
|
# the key in the secret containing the rabbitmq password
|
|
passwordKey: password
|
|
# the key in the secret containing the rabbitmq username
|
|
usernameKey: username
|
|
|
|
# Redis is included into this release for the convenience.
|
|
# It is recommended to host it separately from this release
|
|
redis:
|
|
enabled: true
|
|
|
|
externalRedis:
|
|
host:
|
|
password:
|
|
|
|
# Grafana is included into this release for the convenience.
|
|
# It is recommended to host it separately from this release
|
|
grafana:
|
|
enabled: true
|
|
grafana.ini:
|
|
server:
|
|
domain: example.com
|
|
root_url: "%(protocol)s://%(domain)s/grafana"
|
|
serve_from_sub_path: true
|
|
persistence:
|
|
enabled: true
|
|
plugins:
|
|
- grafana-oncall-app
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
init:
|
|
securityContext: {}
|
|
# allowPrivilegeEscalation: false
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# privileged: false
|
|
# readOnlyRootFilesystem: true
|
|
# runAsGroup: 1337
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1337
|