.github/environments/values.prod.yaml
---
features:
basicAuth: true
defaultBucket: true
oidcAuth: true
autoscaling:
enabled: true
maxReplicas: 4
config:
enabled: true
configMap:
BASICAUTH_ENABLED: "true"
DB_PORT: "5432"
KC_ENABLED: "true"
KC_IDENTITYKEY: idir_user_guid,bceid_user_guid
KC_PUBLICKEY: >-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB
KC_REALM: standard
KC_SERVERURL: "https://loginproxy.gov.bc.ca/auth"
# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: http
SERVER_PORT: "3000"
SERVER_PRIVACY_MASK: "true"
SERVER_TEMP_EXPIRESIN: "300"
postgres:
enabled: true
# --------------------------------
# --------crunchydb config: ------
# --------------------------------
instances:
- name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
replicas: 3
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 2Gi
storageClassName: "netapp-block-standard"
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
sidecars:
replicaCertCopy:
resources:
requests:
cpu: 1m
memory: 32Mi
limits:
cpu: 50m
memory: 64Mi
# -------- backups ---------
pgBackRestConfig:
manual:
repoName: repo1
options:
- --type=full
repoHost:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
cpu: 50m
memory: 256Mi
sidecars:
pgbackrest:
resources:
requests:
cpu: 5m
memory: 16Mi
limits:
cpu: 20m
memory: 64Mi
pgbackrestConfig:
resources:
requests:
cpu: 5m
memory: 32Mi
limits:
cpu: 20m
memory: 64Mi
jobs:
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 50m
memory: 128Mi
configuration:
# secret for saving backups to S3
- secret:
name: pgbackrest-s3
global:
# log-level-console: debug
# --- pvc
repo1-retention-full: "3"
repo1-retention-diff: "12"
# --- s3
repo2-path: /backups/common-object-management-service/postgres/prod
repo2-retention-full: "30"
repo2-s3-uri-style: path
repos:
- name: repo1
schedules:
full: "0 7 * * *" # full backup every day at 7am
differential: "0 */2 * * *" # differential every 2 hours
volume:
volumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 2Gi
storageClassName: "netapp-file-backup"
- name: repo2
schedules:
full: "0 3 * * *" # full backup every day at 3am
s3:
bucket: csstops
endpoint: https://nrs.objectstore.gov.bc.ca
region: us-east-1
# -------- monitoring ---------
monitoring: true
monitoringConfig:
resources:
requests:
cpu: 1m
memory: 16Mi
limits:
cpu: 35m
memory: 32Mi