values.yaml 7.75 KiB
{{- if and .Values.istio.enabled (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled)) }}
{{- include "values-secret" (dict "root" $ "package" .Values.addons.authservice "name" "authservice" "defaults" (include "bigbang.defaults.authservice" .)) }}
{{- end }}
{{- define "bigbang.defaults.authservice" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
{{- $domainName := default .Values.domain .Values.hostname }}
image:
pullPolicy: {{ .Values.imagePullPolicy }}
imagePullSecrets:
- name: private-registry
podAnnotations:
{{ include "istioAnnotation" . }}
openshift: {{ .Values.openshift }}
monitoring:
enabled: {{ .Values.monitoring.enabled }}
networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
ingressLabels:
{{- $gateway := default "public" .Values.addons.haproxy.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
{{- if or (dig "redis" "enabled" false .Values.addons.authservice.values) (dig "global" "redis_server_uri" "" .Values.addons.authservice.values) }}
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 3
{{- end }}
{{- if and (dig "redis" "enabled" false .Values.addons.authservice.values) .Values.monitoring.enabled }}
redis-bb:
metrics:
enabled: true
image:
pullSecrets:
- private-registry
serviceMonitor:
enabled: true
namespace: authservice
selector:
app.kubernetes.io/name: redis-bb
app.kubernetes.io/instance: authservice-authservice
# conditional passes only if all conditionals are true:
# - istio: enabled
# - mTLS: SCRICT
# - istio injection: enabled (for logging ns)
{{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.authservice.values) "STRICT") }}
scheme: https
tlsConfig:
caFile: /etc/prom-certs/root-cert.pem
certFile: /etc/prom-certs/cert-chain.pem
keyFile: /etc/prom-certs/key.pem
insecureSkipVerify: true
{{- end }}
prometheusRule:
enabled: true
namespace: monitoring
{{- end }}
{{- $legacy := and .Values.sso.oidc.realm .Values.sso.oidc.host -}}
{{- if not $legacy }}
issuer_uri: {{ include "sso.url" . }}
{{- end }}