-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexample.yaml
94 lines (82 loc) · 3.34 KB
/
example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
tenant: product-catalog
# Defaults for namespaces to avoid repetition
default:
# Destination for Argo CD (i.e. server)
argocd:
cluster:
name: in-cluster
# Annotations applied to all namespaces, merged with annotations defined on namespace
annotations:
app.openshift.io/vcs-uri: https://github.com/gnunn-gitops/product-catalog
app.openshift.io/vcs-ref: main
# Labels applied to all namespaces, merged with labels defined on namespace
labels:
argocd.argoproj.io/managed-by: gitops
tenant: product-catalog
networkPolicy: true
# Default rbac for all projects, could be overridden on a namespace by namespace level
# adminGroups, editGroups and viewGroups will be granted admin, edit, view cluster roles respectively
rbac:
adminGroups:
- product-catalog-admins
editGroups:
- product-catalog-users
# Configuration for shared Argo CD, generates AppProject to cover tenant requirements
argocd:
# Namespace where the tenant Argo CD is located, if
# set an AppProject for the tenant will be created
namespace: gitops
# Repositories the tenant is limited to
sourceRepos:
- '*'
# Groups for which users will be admins of the AppProject
adminGroups:
- product-catalog-admins
# Groups for which users will be users of the AppProject
userGroups:
- product-catalog-users
pipelineGroups:
- product-catalog-pipeline
# Will create a ClusterSecretStore scoped to just the tenants namespaces that
# is backed by a secret in the platform tenant-secrets namespace
externalSecrets:
# ClusterSecretStore to use to retrieve tenant's doppler token, must already exist
tenantClusterSecretStore: doppler-cluster
# Namespace where to create secret with token to access tenant's secret store. This can be a
# namespace created by the chart or a separate existing namespace (recommended) if you don't want the tenant to
# have access to it. If a separate namespace then a process needs to be added to copy the secret
# to the desired namespace
tenantSecretNamespace: tenant-secrets
namespaces:
dev:
quota: medium
annotations:
app.openshift.io/vcs-uri: https://github.com/gnunn-gitops/product-catalog
app.openshift.io/vcs-ref: main
test:
quota: medium
annotations:
openshift.io/description: Project for test environment of product catalog application
openshift.io/display-name: Product Catalog Test
prod:
quota: medium
annotations:
openshift.io/description: Project for production environment of product catalog application
openshift.io/display-name: Product Catalog Prod
cicd:
externalSecrets:
# Key where the tenant's token required to access secret store is stored
tenantTokenKey: TENANT_PRODUCT_CATALOG_DOPPLER_TOKEN
annotations:
openshift.io/description: Project for ci/cd tools for product catalog application
openshift.io/display-name: Product Catalog CI/CD
gitops:
annotations:
openshift.io/description: Project for gitops tool for product catalog team
openshift.io/display-name: Product Catalog GitOps
monitor:
annotations:
openshift.io/description: Project for monitoring tools of product catalog application
openshift.io/display-name: Product Catalog Monitor
# If operatorGroup for namespace is required to be created
operatorGroup: true