Last active
February 1, 2021 08:19
-
-
Save dev-korr/6beb0c85a070f4eb9ac17286291232c5 to your computer and use it in GitHub Desktop.
Example values.yaml for production ready rundeck deployment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This Gist Is Created To Support The Blog Post Below. | |
# https://medium.com/p/b29366f85d50 | |
# Refer to post above for more informaton | |
image: | |
repository: tagore22/rundeck | |
tag: 3.3.4 | |
pullPolicy: Always | |
deployment: | |
replicaCount: 1 | |
annotations: {} | |
strategy: | |
type: Recreate | |
rundeck: | |
env: | |
# Configuring Database as default backend. | |
RUNDECK_PROJECTSSTORAGETYPE: "db" | |
# Rundeck RDS Integration. | |
RUNDECK_DATABASE_DRIVER: "org.postgresql.Driver" | |
RUNDECK_DATABASE_URL: "jdbc:postgresql://rundeck-tagore-temp.mydatabaseid.us-east-1.rds.amazonaws.com" | |
RUNDECK_DATABASE_USERNAME: "rundeckadm" | |
# End of RDS Integration. | |
RUNDECK_LOGGING_STRATEGY: "FILE" | |
# Rundeck S3 Log Storage Plugin Integration. | |
RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: "org.rundeck.amazon-s3" | |
RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: "eks-rundeck-logs" | |
RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATH: "${job.project}/${job.path}/${job.execid}.log" | |
RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: "us-east-1" | |
# Enf of S3 Log Storage Plugin Integration. | |
RUNDECK_SERVER_FORWARDED: "true" | |
# Below URL Needs To Be Same Value As Provided In Ingress Hostname. | |
RUNDECK_GRAILS_URL: "https://rundeck-eks.example.com" | |
# Rundeck Integration with AD using LDAP. | |
RUNDECK_JAAS_MODULES_0: "JettyCachingLdapLoginModule" | |
RUNDECK_JAAS_LDAP_BINDDN: "" | |
RUNDECK_JAAS_LDAP_FLAG: "required" | |
RUNDECK_JAAS_LDAP_PROVIDERURL: "ldap://example.com:389" | |
RUNDECK_JAAS_LDAP_ROLEBASEDN: "DC=example,DC=aws" | |
RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE: "member" | |
RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE: "cn" | |
RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS: "group" | |
RUNDECK_JAAS_LDAP_SUPPLEMENTALROLES: "user,readonly" | |
RUNDECK_JAAS_LDAP_USERBASEDN: "OU=Users,OU=example,DC=example,DC=aws" | |
RUNDECK_JAAS_LDAP_USEREMAILATTRIBUTE: "email" | |
RUNDECK_JAAS_LDAP_USERFIRSTNAMEATTRIBUTE: "givenName" | |
RUNDECK_JAAS_LDAP_USERIDATTRIBUTE: "sAMAccountName" | |
RUNDECK_JAAS_LDAP_USERLASTNAMEATTRIBUTE: "sn" | |
RUNDECK_JAAS_LDAP_USEROBJECTCLASS: "user" | |
RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE: "unicodePwd" | |
# End of Integration with AD. | |
#Enabling Audit Logging | |
RUNDECK_LOGGING_AUDIT_ENABLED: "True" | |
# Name of the secret containing SSH files to mount under ~/.ssh | |
sshSecrets: "ssh-keys-rundeck" | |
# Name of secret containing to mount under ~/.aws/ | |
awsConfigCredentialsSecret: "aws-access-keys-secret" | |
# Name of secret containing additional sensitive Runtime environment variables | |
envSecret: "rundeck-env-secret" | |
nameOverride: "" | |
fullnameOverride: "" | |
persistence: | |
enabled: false | |
claim: | |
create: false | |
serviceAccount: | |
# Specifies whether a ServiceAccount should be created | |
create: "true" | |
annotations: {} | |
# AWS IRSA annotation | |
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/rundeck | |
# The name of the ServiceAccount to use. | |
# If not set and create is true, a name is generated using the fullname template | |
name: | |
ingress: | |
enabled: "true" | |
annotations: | |
kubernetes.io/ingress.class: "nginx" | |
paths: | |
- "/" | |
hosts: | |
- "rundeck-eks.example.com" | |
tls: | |
- hosts: | |
- "rundeck-eks.example.com" | |
secretName: "rundeck-tls-secret" | |
# Rundeck is failrly intense memory hungry application. Adjust theese values based on your environment and requirements. | |
resources: | |
limits: | |
cpu: "1.5" | |
memory: "2Gi" | |
requests: | |
cpu: "0.5" | |
memory: "1Gi" | |
nodeSelector: {} | |
tolerations: [] | |
affinity: {} | |
# volumes made available to all containers. | |
volumes: | |
# Volume to download plugins into. | |
- name: "plugins" | |
emptyDir: {} | |
# Volume to configure custom-acls. | |
- name: "custom-acls" | |
emptyDir: {} | |
# ConfigMao volume with custom ACL data. | |
- name: acl-config | |
configMap: | |
name: acl-configmap | |
items: | |
- key: custom.aclpolicy | |
path: custom.aclpolicy | |
# volumeMounts to add to the rundeck container. Init container downloads plugins to this mount. | |
volumeMounts: | |
- mountPath: /home/rundeck/libext/ | |
name: plugins | |
- mountPath: /home/rundeck/etc | |
name: custom-acls | |
# initContainers can be used to download plugins or customise your rundeck installation | |
initContainers: | |
- name: download-plugins | |
image: alpine:3.8 | |
command: [sh, -c] | |
args: | |
- echo "Downloading Plugins."; | |
wget https://github.com/rundeck-plugins/vault-storage/releases/download/1.3.1/vault-storage-1.3.1.jar -O /home/rundeck/libext/vault-storage-1.3.1.jar; | |
wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.11/rundeck-s3-log-plugin-1.0.11.jar -O /home/rundeck/libext/rundeck-s3-log-plugin-1.0.11.jar; | |
wget https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/v1.5.14/rundeck-ec2-nodes-plugin-1.5.14.jar -O /home/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.14.jar; | |
wget https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.2.5/slack-incoming-webhook-plugin-1.2.5.jar -O /home/rundeck/libext/slack-incoming-webhook-plugin-1.2.5.jar; | |
chmod -R 777 /home/rundeck/libext; | |
ls -al /home/rundeck/libext; | |
echo "Configuring ACL's now"; | |
cat /home/cm/* > /rundeck/acls/custom.aclpolicy; | |
ls -al /rundeck/acls/ | |
volumeMounts: | |
- mountPath: /home/rundeck/libext/ | |
name: plugins | |
- mountPath: /rundeck/acls | |
name: custom-acls | |
- mountPath: /home/cm | |
name: acl-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment