values.yaml 19.95 KiB
{{- if .Values.monitoring.enabled }}
{{- include "values-secret" (dict "root" $ "package" (dict "values" (fromYaml (include "bigbang.overlays.monitoring" .))) "name" "monitoring" "defaults" (include "bigbang.defaults.monitoring" .)) }}
{{- end }}
{{- define "bigbang.defaults.monitoring" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
{{- $domainName := default .Values.domain .Values.hostname }}
hostname: {{ $domainName }}
domain: {{ $domainName }}
{{- $istioInjection := (and (eq (dig "istio" "injection" "enabled" .Values.monitoring) "enabled") .Values.istio.enabled) }}
{{- $gitlabRedis := (and (ne .Values.addons.gitlab.redis.password "" ) (or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled)) }}
{{- $authserviceRedisEnabled := (and (dig "values" "redis" "enabled" false .Values.addons.authservice) .Values.addons.authservice.enabled) }}
{{- $redisDatasource := (or $gitlabRedis .Values.addons.argocd.enabled $authserviceRedisEnabled) }}
{{- $thanosEnabled := (.Values.addons.thanos.enabled) }}
{{- $lokiEnabled := (.Values.loki.enabled) }}
{{- $clusterName := ( default "logging-loki" .Values.loki.clusterName ) }}
flux:
enabled: true
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
ingressLabels:
{{- $gateway := default "public" .Values.monitoring.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
openshift: {{ .Values.openshift }}
minioOperator:
enabled: {{ .Values.addons.minioOperator.enabled }}
gitlabRunner:
enabled: {{ .Values.addons.gitlabRunner.enabled }}
istio:
{{- $monitoringInjection := dig "istio" "injection" "enabled" .Values.monitoring }}
enabled: {{ .Values.istio.enabled }}
hardened:
enabled: {{ or
(dig "istio" "hardened" "enabled" false .Values.monitoring.values)
(dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
(dig "hardened" "enabled" false .Values.istio.values)
(dig "istio" "hardened" "enabled" false .Values.grafana.values)
(dig "istio" "hardened" "enabled" false .Values.loki.values)
(dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
(dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
}}
loki:
enabled: {{ and .Values.loki.enabled (or
(dig "hardened" "enabled" false .Values.istio.values)
(dig "istio" "hardened" "enabled" false .Values.monitoring.values))
}}
{{- if and (dig "values" "istio" "hardened" "enabled" false .Values.monitoring) (contains "s3" .Values.addons.thanos.objectStorage.endpoint) }}
customServiceEntries:
- name: egress-object-store
enabled: true
spec:
hosts:
- "{{ .Values.addons.thanos.objectStorage.bucket }}.{{ .Values.addons.thanos.objectStorage.endpoint }}"
location: MESH_EXTERNAL
ports:
- number: 443
protocol: TLS
name: https
resolution: DNS
{{- end }}
clusterWideHardenedEnabled: {{ dig "hardened" "enabled" false .Values.istio.values }}