-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathexample.yaml
118 lines (107 loc) · 6.29 KB
/
example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
profile: "pov" # Profile to configure harness resources and cluster resources. Please select the supported profile.
output_directory: "./dist-130" # Output directory to store rendered files and outputs
provider: "aws" # Cloud provider to install harness in. Please select the supported profile
region: "us-east-1" # Region to install harness in
# By enabling airgap, the following actions take place
# 1. The installer will configure image registry in harness based on registry config
# 2. The installer will not create NAT gateway
# 3. The installer will set kubernetes cluster_endpoint_public_access to false
airgap: false
tags: # Tags to associate with all resources created by installer
harness: "smp"
### Creates VPC
### For AWS, it creates a VPC
vpc:
manage: true
id: "" # Set this to existing VPC id, if manage is set to false
cidr: "" # Set this to CIDR block of VPC to create or existing CIDR block of VPC
availability_zones: [] # Set this to existing availability zones
subnets:
public: # Set this to existing subnet ids, if manage is set to false
- id: ""
cidr: ""
private: # Set this to existing subnet ids, if manage is set to false
- id: ""
cidr: ""
### Creates Kubernetes cluster
### For AWS, it creates an EKS cluster in private subnet provided in vpc configuration
kubernetes:
manage: true # If set to false, installer will not execute tofu module for kubernetes cluster
cluster_name: "" # Set this to existing cluster if manage is set to false
version: "1.30" # Kubernetes version to create the cluster
instance_tags: # Tags to associate with all instances created by installer. Same tags are used by loadbalancer to create target groups
name: "harness-smp-instance-new"
security_group_id: "" # Set this to existing security group id of kubernetes nodes, if manage is set to false
oidc_provider_arn: "" # Set this to existing OIDC provider ARN, if manage is set to false. Required for external secrets operator
oidc_provider_url: "" # Set this to existing OIDC provider URL, if manage is set to false. Required for external secrets operator
nodes: {} # Override nodes configuration according to your needs. By default, installer will set these values based on profile
# machine_type: "t2.2xlarge"
# initial_nodes: 5
# minimum_nodes: 1
# maximum_nodes: 5
### Creates loadbalancer
### For AWS, it creates an ALB in public subnet provided in vpc configuration
loadbalancer:
manage: true # If set to false, installer will not execute tofu module for loadbalancer
ip: "" # Set this to loadbalancer IP or domain if manage is set to false
tls:
enabled: true # Set it to true to enable TLS for the domain.
existing_certificate_id: "" # Set this to existing certificate id/arn, if empty installer will create a new self-signed certificate
subject_alternative_names: [] # Subject alternative names for the certificate
### DNS related configuration.
### For AWS, it manages the Route53 configuration. It creates a private zone in route53.
dns:
manage: false # If set to false, installer will not create dns zone or records
domain: "" # Domain to be used for harness configuration. If empty, installer will use loadbalancer Domain to configure endpoints.
zone_id: "" # Set this to existing zone id, if record needs to be created in existing zone
private_zone: true # Set it to false to create a public zone in AWS route53
### Install external-secrets operator to manage secrets in cloud secret manager
### The secrets operator is installed using helm chart
### For more details, refer to https://external-secrets.io
secretoperator:
manage: false # If set to false, installer will not execute tofu module for secretoperator
kubernetes_service_account: "" # Kubernetes service account associated with IAM role to access cloud secret manager. If not provided, installer will create a new service account.
namespace: "external-secrets" # Namespace to install external-secrets operator
### Manage secrets of databases in cloud secret manager
### The secrets are stored in cloud secret manager and accessed by harness using external-secrets operator
### Currently, the supported databases are minio, mongo, and timescaledb
secrets:
manage: false # If set to false, installer will not execute tofu module for secrets
### Install monitoring stack
### The monitoring stack includes prometheus, grafana, and alertmanager
monitoring:
manage: true # If set to false, installer will not install prometheus and grafana helm charts
enabled: true # Set it to true to enable monitoring configuration in harness
namespace: "monitoring" # Namespace to install monitoring stack
prometheus_chart_repository: "" # Prometheus helm chart repository to fetch chart from. Default: oci://registry-1.docker.io/bitnamicharts
prometheus_chart_name: "" # Prometheus helm chart name to install. Default: kube-prometheus
prometheus_chart_version: "10.2.5" # Prometheus helm chart version to install. Set to empty to skip installation
prometheus_override_file: "" # Prometheus helm chart override file to use for installation
grafana_chart_repository: "" # Grafana helm chart repository to fetch chart from. Default: https://grafana.github.io/helm-charts
grafana_chart_name: "" # Grafana helm chart name to install. Default: grafana
grafana_chart_version: "8.8.5" # Grafana helm chart version to install. Set to empty to skip installation
grafana_override_file: "" # Grafana helm chart override file to use for installation
### Harness helm chart configuration
harness:
manage: true
version: "0.23.1" # Harness version to be installed
namespace: "harness" # Namespace to install harness
repository: # Helm chart repository to fetch chart from
url: "https://harness.github.io/helm-charts"
# Existing override files to use for helm chart installation. These files take precendence over auto-generated override file. Their order matters.
override_files: []
nginx: true # Set it to true to configure harness with nginx controller.
ingress_node_port: 32000 # Node port to expose ingress controller. This is used when nginx is enabled.
modules: # Configure the modules to enable in the chart.
cd: true
ci: false
ff: false
ccm: false
sto: false
chaos: false
ssca: false
dbops: false
code: false
licenses: # Configure the licenses for cg and ng
ng: ""
cg: ""