-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.sample
129 lines (108 loc) · 4.75 KB
/
.env.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Terraform
TF_TOKEN_app_terraform_io=
host_machine_architecture=amd64
domain_host=chrislee.local
# Stage 1
kubernetes_cluster_type=kubeadm
# kubernetes_cluster_type=minikube
# kubernetes_cluster_type=k3s
server_ssh_host=192.168.1.100
server_ssh_user=
server_ssh_port=2222
# k3s
k3s_extra_server_args=""
# openssl rand -base64 64 | tr -d '\n'
k3s_token=
k3s_extra_server_args=
sshd_port="${server_ssh_port}"
wireguard_port=51820
docker_default_data_path=/var/lib/docker
# i.e. [{\"ip\":\"192.168.1.100\",\"name\":\"gitlab.chrislee.local\"}]
etc_hosts_json=[]
# Stage 2
TF_VAR_ingress_enable_tls=true # If set false, it will not generate TLS certificates.
# Kubernetes
TF_VAR_host_machine_architecture="${host_machine_architecture}"
TF_VAR_kubernetes_override_ip="${server_ssh_host}"
TF_VAR_kubernetes_override_domains="minio.${domain_host} gitlab.${domain_host} registry.${domain_host} argocd.${domain_host}"
# Nginx
TF_VAR_nginx_service_loadbalancer_ip="${server_ssh_host}"
# htpasswd -nb user password | openssl base64
TF_VAR_nginx_frontend_basic_auth_base64=
TF_VAR_nginx_client_max_body_size=10M
TF_VAR_nginx_client_body_buffer_size=10M
# Cert Manager
TF_VAR_cert_manager_acme_email="chris@${domain_host}"
TF_VAR_cert_manager_ingress_class=nginx
TF_VAR_cert_manager_host_alias_ip="${server_ssh_host}"
# Need hostaliases to workaround hairpin NAT issue.
TF_VAR_cert_manager_host_alias_hostnames="longhorn.${domain_host},minio.${domain_host},minio-console.${domain_host},kas.${domain_host},gitlab.${domain_host},registry.${domain_host},alertmanager.${domain_host},grafana.${domain_host},prometheus.${domain_host},kibana.${domain_host},cost.${domain_host},argocd.${domain_host}"
# Longhorn
TF_VAR_longhorn_default_settings_default_data_path=/var/lib/longhorn
TF_VAR_longhorn_ingress_class_name=nginx
TF_VAR_longhorn_ingress_host="k8s.${domain_host}"
# Minio
TF_VAR_minio_tenant_pools_size=100Gi
TF_VAR_minio_tenant_ingress_class_name=nginx
TF_VAR_minio_tenant_ingress_api_host="minio.${domain_host}"
TF_VAR_minio_tenant_ingress_console_host="minio-console.${domain_host}"
# Gitlab
TF_VAR_gitlab_global_hosts_domain="${domain_host}"
TF_VAR_gitlab_global_hosts_host_suffix=
TF_VAR_gitlab_global_hosts_external_ip="${server_ssh_host}"
TF_VAR_gitlab_global_ingress_class=nginx
TF_VAR_gitlab_global_ingress_provider=nginx
TF_VAR_gitlab_certmanager_issuer_email="chris@${domain_host}"
TF_VAR_gitlab_postgresql_primary_persistence_size=20Gi
TF_VAR_gitlab_redis_master_persistence_size=20Gi
TF_VAR_gitlab_gitlay_persistence_size=20Gi
# Go to Admin area -> CI/CD -> Runners -> New instance runner
# Make sure to set `Run untagged jobs`
# Copy token and paste here
TF_VAR_gitlab_runner_authentication_token=
TF_VAR_gitlab_minio_host="minio.${domain_host}"
TF_VAR_gitlab_minio_endpoint="https://minio.${domain_host}"
# Prometheus Stack
TF_VAR_prometheus_alertmanager_domain="alertmanager.${domain_host}"
TF_VAR_prometheus_grafana_domain="grafana.${domain_host}"
TF_VAR_prometheus_ingress_class_name=nginx
TF_VAR_prometheus_prometheus_domain="prometheus.${domain_host}"
TF_VAR_prometheus_persistence_size=10Gi
TF_VAR_prometheus_alertmanager_slack_channel=notification
# From https://api.slack.com/apps -> Settings -> Install App -> Bot User OAtuh Token
TF_VAR_prometheus_alertmanager_slack_credentials=
# From https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metrics-using-prometheus.html?ref=docs-redirect#generate-the-scrape-configuration
# ```
# $ kubectl exec -it minio-tenant-0 -nminio--- /bin/bash
# $ mc config host add minio http://minio.minio-tenant.svc.cluster.local minio <minio_tenant_root_password>
# $ mc admin prometheus generate minio
# $ mc admin prometheus generate minio node
# $ mc admin prometheus generate minio bucket
# $ mc admin prometheus generate minio resource
TF_VAR_prometheus_minio_job_bearer_token=
TF_VAR_prometheus_minio_job_node_bearer_token=
TF_VAR_prometheus_minio_job_bucket_bearer_token=
TF_VAR_prometheus_minio_job_resource_bearer_token=
# Elasticsearch
TF_VAR_elasticsearch_storage_size=10Gi
TF_VAR_kibana_ingress_class_name=nginx
TF_VAR_kibana_domain="kibana.${domain_host}"
# Kubecost
TF_VAR_kubecost_ingress_host="cost.${domain_host}"
TF_VAR_kubecost_ingress_class_name=nginx
# generated at http://kubecost.com/install, used for alerts tracking and free trials
TF_VAR_kubecost_token=
# Tailscale
TF_VAR_tailscale_enable=false
# From https://tailscale.com/kb/1085/auth-keys
TF_VAR_tailscale_auth_key=""
TF_VAR_tailscale_advertise_routes="192.86.0.0/24"
TF_VAR_tailscale_hostname=tailscale-kubernetes
# Wireguard
TF_VAR_wireguard_enable=false
TF_VAR_wireguard_ingress_host="vpn.${domain_host}"
TF_VAR_wireguard_port="${wireguard_port}"
# ArgoCD
TF_VAR_argocd_domain="argocd.${domain_host}"
TF_VAR_argocd_ssh_known_hosts_base64=""
TF_VAR_argocd_config_repositories_json_encoded="[]"