188 lines
4.3 KiB
YAML
188 lines
4.3 KiB
YAML
namespaces:
|
|
platform: platform
|
|
vault: extsvc
|
|
|
|
components:
|
|
caddy:
|
|
enabled: true
|
|
releaseName: caddy
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: caddy-ingress
|
|
namespace: flux-system
|
|
chart:
|
|
name: caddy-ingress-controller
|
|
version: ">=1.0.0 <2.0.0"
|
|
values:
|
|
ingressController:
|
|
enabled: true
|
|
ingressClass:
|
|
create: true
|
|
name: caddy
|
|
default: false
|
|
service:
|
|
type: LoadBalancer
|
|
apisix:
|
|
enabled: true
|
|
releaseName: apisix
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: apisix
|
|
namespace: flux-system
|
|
chart:
|
|
name: apisix
|
|
version: ">=2.7.0 <3.0.0"
|
|
values:
|
|
etcd:
|
|
enabled: false
|
|
externalEtcd:
|
|
user: ""
|
|
ingress-controller:
|
|
enabled: false
|
|
dashboard:
|
|
enabled: false
|
|
gateway:
|
|
enabled: true
|
|
type: ClusterIP
|
|
control:
|
|
enabled: false
|
|
apisix:
|
|
admin:
|
|
enabled: false
|
|
deployment:
|
|
mode: standalone
|
|
role: data_plane
|
|
standalone:
|
|
config: |
|
|
routes:
|
|
- id: 1
|
|
uri: "/*"
|
|
hosts:
|
|
- api.svc.plus
|
|
name: api-gateway-prod
|
|
upstream:
|
|
type: roundrobin
|
|
nodes:
|
|
"accounts.core-prod.svc.cluster.local:80": 1
|
|
- id: 2
|
|
uri: "/*"
|
|
hosts:
|
|
- api-pre.svc.plus
|
|
name: api-gateway-pre
|
|
upstream:
|
|
type: roundrobin
|
|
nodes:
|
|
"accounts.core-pre.svc.cluster.local:80": 1
|
|
externalDns:
|
|
enabled: true
|
|
releaseName: external-dns
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: external-dns
|
|
namespace: flux-system
|
|
chart:
|
|
name: external-dns
|
|
version: ">=1.14.0 <2.0.0"
|
|
secret:
|
|
name: cloudflare-api-token
|
|
refreshInterval: 1m
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-platform
|
|
target:
|
|
name: cloudflare-api-token
|
|
creationPolicy: Owner
|
|
data:
|
|
secretKey: api-token
|
|
remoteRef:
|
|
key: platform/cloudflare
|
|
property: api-token
|
|
values:
|
|
provider: cloudflare
|
|
policy: sync
|
|
registry: txt
|
|
txtOwnerId: svc-plus-k3s
|
|
sources:
|
|
- ingress
|
|
domainFilters:
|
|
- svc.plus
|
|
env:
|
|
- name: CF_API_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: cloudflare-api-token
|
|
key: api-token
|
|
externalSecretsStore:
|
|
enabled: true
|
|
name: vault-platform
|
|
vault:
|
|
server: http://vault.extsvc.svc.cluster.local:8200
|
|
path: secret
|
|
version: v2
|
|
auth:
|
|
kubernetes:
|
|
mountPath: kubernetes
|
|
role: external-secrets
|
|
serviceAccountRef:
|
|
name: external-secrets
|
|
namespace: platform
|
|
vault:
|
|
enabled: true
|
|
releaseName: vault
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: hashicorp
|
|
namespace: flux-system
|
|
chart:
|
|
name: vault
|
|
version: ">=0.28.0 <1.0.0"
|
|
values:
|
|
injector:
|
|
enabled: false
|
|
server:
|
|
standalone:
|
|
enabled: false
|
|
dataStorage:
|
|
enabled: true
|
|
size: 8Gi
|
|
ha:
|
|
enabled: true
|
|
replicas: 1
|
|
raft:
|
|
enabled: true
|
|
setNodeId: true
|
|
service:
|
|
enabled: true
|
|
|
|
apisixIngress:
|
|
enabled: true
|
|
name: apisix-gateway
|
|
namespace: platform
|
|
className: caddy
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: api.svc.plus,api-pre.svc.plus
|
|
tls:
|
|
secretName: apisix-gateway-tls
|
|
hosts:
|
|
- api.svc.plus
|
|
- api-pre.svc.plus
|
|
hosts:
|
|
- host: api.svc.plus
|
|
serviceName: apisix-gateway
|
|
servicePort: 80
|
|
- host: api-pre.svc.plus
|
|
serviceName: apisix-gateway
|
|
servicePort: 80
|
|
|
|
vaultBootstrap:
|
|
enabled: true
|
|
image: hashicorp/vault:1.16.3
|
|
serviceAccountName: vault-bootstrap
|
|
cloudflareSecretName: vault-bootstrap
|
|
cloudflareSecretKey: cloudflareApiToken
|
|
rootTokenSecretName: vault-bootstrap
|
|
rootTokenSecretKey: rootToken
|
|
externalSecretsRoleNamespace: platform
|
|
|
|
extraObjects: []
|