forked from FIWARE-Ops/marinera
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalues.yaml
149 lines (136 loc) · 3.19 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
realm:
grafana:
rootUrl: https://grafana
adminUrl: https://grafana
redirectUris:
- https://grafana/
- https://grafana-2/
webOrigins:
- https://grafana/
- https://grafana-2/
orionPep:
baseUrl: https://orion-ld
adminUrl: https://orion-ld
redirectUris:
- https://orion-ld/
- https://orion-ld-2/
webOrigins:
- https://orion-ld/
- https://orion-ld-2/
route:
enabled: true
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
tests:
enabled: true
username: admin-user
password: admin-user
client_id: orion-pep
client_secret: 978ad148-d99b-406d-83fc-578597290a79
keycloak:
replicaCount: 1
auth:
adminUser: fiwareAdmin
adminPassword: fiwareAdmin
serviceAccount:
create: true
rbac:
create: true
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
resources:
- securitycontextconstraints
verbs:
- use
keycloakConfigCli:
enabled: true
extraEnvVars:
- name: IMPORT_FILES_LOCATIONS
value: "/config/*"
containerSecurityContext:
enabled: false
podSecurityContext:
enabled: false
existingConfigmap: keycloak-realm
extraEnvVars:
- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_LOG_LEVEL
value: WARN
extraVolumeMounts:
- name: profiles
mountPath: /opt/bitnami/keycloak/conf/profile.properties
subPath: profile.properties
extraVolumes:
- name: profiles
configMap:
name: keycloak-profile
podLabels:
marinera/platform: fiware
marinera/component: security
marinera/subcomponent: auth
marinera/product: keycloak
service:
type: ClusterIP
resources:
limits:
cpu: 7
memory: 2Gi
requests:
cpu: 100m
memory: 400Mi
metrics:
enabled: true
serviceMonitor:
interval: 30s
# -- config for setting up the alerts.
alerting:
# -- should overall alerting for keycloak be enabled?
enabled: true
## config for enabling alerting on erronous requests
requestError:
# -- should it be enabled?
enabled: true
# -- how many failed request until the alert fires
threshold: 25
# -- timeframe to apply the threshold to
timeWindow: 15m
# -- severity of the alert
severity: warning
containerPorts:
management: 8080
postgresql:
auth:
username: bn_keycloak
password: secretpassword
replicationPassword: secretreplicationpassword
primary:
podSecurityContext:
enabled: false
containerSecurityContext:
enabled: false
podLabels:
marinera/platform: fiware
marinera/component: security
marinera/subcomponent: persistence
marinera/product: postgresql
architecture: replication
readReplicas:
replicaCount: 1
podSecurityContext:
enabled: false
containerSecurityContext:
enabled: false
audit:
clientMinMessages: warning
metrics:
enabled: true
containerSecurityContext:
enabled: false
serviceMonitor:
enabled: true
interval: 30s