-
Notifications
You must be signed in to change notification settings - Fork 0
/
prod.values.yaml
172 lines (151 loc) · 4.86 KB
/
prod.values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
filebrowser:
enabled: false
global:
pvc:
isManaged: true
size: 1Gi
name: database
description: Accounting Portal for eosc - PROD
status: active
url: accounting.eosc-portal.eu
imagePullSecrets:
gitlab:
email: [email protected]
password: ${GITLAB_REGISTRY}
registry: gitlab.in2p3.fr
username: gitlab-registry
gitlab-registry:
email: [email protected]
password: ${GITLAB_REGISTRY}
registry: gitlab-registry.in2p3.fr
username: gitlab-registry
owner:
email: [email protected]
firstName: Cyril
lastName: Lorphelin
organization: CC-IN2P3
ingress:
allow: any
nginx:
image:
url: $IMAGE_NGINX
config:
env:
NGINX_LISTEN_PORT: '8080'
NGINX_ROOT_DIR: /var/www/html/public
NGINX_SERVER_NAME: _
SYMFONY_BUILD_DIR: /var/www/html/public/build
SYMFONY_IMG_DIR: /var/www/html/public/build/img
templates:
default.conf.template: |
map $http_user_agent $excluded_uas {
~*kube-probe 0;
default 1;
}
log_format main '$http_x_forwarded_for - $realip_remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
server {
listen ${NGINX_LISTEN_PORT};
server_name ${NGINX_SERVER_NAME};
root ${NGINX_ROOT_DIR};
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
access_log /var/log/nginx/access.log main if=$excluded_uas;
error_log /var/log/nginx/error.log warn;
client_max_body_size 5g;
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri /index.php$is_args$args;
}
location ${SYMFONY_BUILD_DIR} {
try_files $uri =404;
}
location ${SYMFONY_IMG_DIR} {
try_files $uri =404;
}
# additional config
include general.conf;
# handle the php frontend calls
location ~ ^/index\.php(/|$) {
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass {{ReleaseName}}-php:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
# 404 other php calls
location ~ \.php$ {
return 404;
}
}
enabled: true
resources:
limits:
memory: 512Mi
requests:
memory: 512Mi
cpu: 500m
initWithIndex: false
pvc:
disabled: true
php:
pvc:
disabled: false
name: database
path: /var/data
image:
url: $IMAGE_PHP
config:
templates:
xxx.ini: |
include_path = .:/usr/local/lib/php:/var/www/html
yyy.ini: |
memory_limit = 512M
post_max_size = 100M
upload_max_filesize = 100M
templatesMountPath: /usr/local/etc/php/conf.d
env:
APP_ENV: "prod"
APP_SECRET: "${APP_SECRET}"
DATABASE_URL: "sqlite:////var/data/user"
EOSC_AAI_ID: "${EOSC_AAI_ID}"
EOSC_AAI_SECRET: "${EOSC_AAI_SECRET}"
MAINTENANCE_MODE: "false"
MAINTENANCE_DESCRIPTION: "Scheduled maintenance at CC-IN2P3 - June 14th"
MAINTENANCE_URL: "https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=32482"
EOSC_AAI_INFO: "https://aai.eosc-portal.eu/auth/realms/core/protocol/openid-connect/userinfo"
EOSC_AAI_AUTHORIZE: "https://aai.eosc-portal.eu/auth/realms/core/protocol/openid-connect/auth"
EOSC_AAI_TOKEN: "https://aai.eosc-portal.eu/auth/realms/core/protocol/openid-connect/token"
ACCOUNTING_API_URL: "https://api.accounting.argo.grnet.gr/accounting-system"
REFRESH_TOKEN: "${REFRESH_TOKEN}"
MAILER_URL: "smtp://wrelay.in2p3.fr:25"
MAILER_DSN: "smtp://wrelay.in2p3.fr:25"
MESSENGER_TRANSPORT_DSN: "doctrine://default?auto_setup=0"
enabled: true
resources:
limits:
memory: 512Mi
requests:
memory: 512Mi
cpu: 500m
wordpress: false
webdav:
enabled: false
java:
enabled: false