dev-korr/rundeck-template-override-values.yaml

## rundeck-template-override-values.yaml
# This Gist Is Created To Support The Blog Post Below.
# https://medium.com/p/b29366f85d50
# Refer to post above for more informaton
image:
  repository: tagore22/rundeck
  tag: 3.3.4
  pullPolicy: Always
deployment:
  replicaCount: 1
  annotations: {}
  strategy:
    type: Recreate
rundeck:
  env:
    # Configuring Database as default backend.
    RUNDECK_PROJECTSSTORAGETYPE: "db"
    # Rundeck RDS Integration.
    RUNDECK_DATABASE_DRIVER: "org.postgresql.Driver"
    RUNDECK_DATABASE_URL: "jdbc:postgresql://rundeck-tagore-temp.mydatabaseid.us-east-1.rds.amazonaws.com"
    RUNDECK_DATABASE_USERNAME: "rundeckadm"
    # End of RDS Integration.
    RUNDECK_LOGGING_STRATEGY: "FILE"
    # Rundeck S3 Log Storage Plugin Integration.
    RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: "org.rundeck.amazon-s3"
    RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: "eks-rundeck-logs"
    RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATH: "${job.project}/${job.path}/${job.execid}.log"
    RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: "us-east-1"
    # Enf of  S3 Log Storage Plugin Integration.
    RUNDECK_SERVER_FORWARDED: "true"
    # Below URL Needs To Be Same Value As Provided In Ingress Hostname.
    RUNDECK_GRAILS_URL: "https://rundeck-eks.example.com"
    # Rundeck Integration with AD using LDAP.
    RUNDECK_JAAS_MODULES_0: "JettyCachingLdapLoginModule"
    RUNDECK_JAAS_LDAP_BINDDN: ""
    RUNDECK_JAAS_LDAP_FLAG: "required"
    RUNDECK_JAAS_LDAP_PROVIDERURL: "ldap://example.com:389"
    RUNDECK_JAAS_LDAP_ROLEBASEDN: "DC=example,DC=aws"
    RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE: "member"
    RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE: "cn"
    RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS: "group"
    RUNDECK_JAAS_LDAP_SUPPLEMENTALROLES: "user,readonly"
    RUNDECK_JAAS_LDAP_USERBASEDN: "OU=Users,OU=example,DC=example,DC=aws"
    RUNDECK_JAAS_LDAP_USEREMAILATTRIBUTE: "email"
    RUNDECK_JAAS_LDAP_USERFIRSTNAMEATTRIBUTE: "givenName"
    RUNDECK_JAAS_LDAP_USERIDATTRIBUTE: "sAMAccountName"
    RUNDECK_JAAS_LDAP_USERLASTNAMEATTRIBUTE: "sn"
    RUNDECK_JAAS_LDAP_USEROBJECTCLASS: "user"
    RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE: "unicodePwd"
    # End of Integration with AD.
    #Enabling Audit Logging
    RUNDECK_LOGGING_AUDIT_ENABLED: "True"
  # Name of the secret containing SSH files to mount under ~/.ssh
  sshSecrets: "ssh-keys-rundeck"
  # Name of secret containing to mount under ~/.aws/
  awsConfigCredentialsSecret: "aws-access-keys-secret"
  # Name of secret containing additional sensitive Runtime environment variables
  envSecret: "rundeck-env-secret"
nameOverride: ""
fullnameOverride: ""
persistence:
  enabled: false
  claim:
    create: false
serviceAccount:
  # Specifies whether a ServiceAccount should be created
  create: "true"
  annotations: {}
    # AWS IRSA annotation
    # eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/rundeck
  # The name of the ServiceAccount to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
ingress:
  enabled: "true"
  annotations:
     kubernetes.io/ingress.class: "nginx"
  paths:
    - "/"
  hosts:
    - "rundeck-eks.example.com"
  tls:
    - hosts:
      - "rundeck-eks.example.com"
      secretName: "rundeck-tls-secret"
# Rundeck is failrly intense memory hungry application. Adjust theese values based on your environment and requirements.
resources:
  limits:
   cpu: "1.5"
   memory: "2Gi"
  requests:
   cpu: "0.5"
   memory: "1Gi"
nodeSelector: {}
tolerations: []
affinity: {}
# volumes made available to all containers.
volumes:
   # Volume to download plugins into.
   - name: "plugins"
     emptyDir: {}
   # Volume to configure custom-acls.
   - name: "custom-acls"
     emptyDir: {}
   # ConfigMao volume with custom ACL data.
   - name: acl-config
     configMap:
       name: acl-configmap
       items:
         - key: custom.aclpolicy
           path: custom.aclpolicy
# volumeMounts to add to the rundeck container. Init container downloads plugins to this mount.
volumeMounts:
  - mountPath: /home/rundeck/libext/
    name: plugins
  - mountPath: /home/rundeck/etc
    name: custom-acls
# initContainers can be used to download plugins or customise your rundeck installation
initContainers:
   - name: download-plugins
     image: alpine:3.8
     command: [sh, -c]
     args:
       - echo "Downloading Plugins.";
         wget https://github.com/rundeck-plugins/vault-storage/releases/download/1.3.1/vault-storage-1.3.1.jar -O /home/rundeck/libext/vault-storage-1.3.1.jar;
         wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.11/rundeck-s3-log-plugin-1.0.11.jar -O /home/rundeck/libext/rundeck-s3-log-plugin-1.0.11.jar;
         wget https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/v1.5.14/rundeck-ec2-nodes-plugin-1.5.14.jar -O /home/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.14.jar;
         wget https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.2.5/slack-incoming-webhook-plugin-1.2.5.jar -O /home/rundeck/libext/slack-incoming-webhook-plugin-1.2.5.jar;
         chmod -R 777 /home/rundeck/libext;
         ls -al /home/rundeck/libext;
         echo "Configuring ACL's now";
         cat /home/cm/* > /rundeck/acls/custom.aclpolicy;
         ls -al /rundeck/acls/
     volumeMounts:
       - mountPath: /home/rundeck/libext/
         name: plugins
       - mountPath: /rundeck/acls
         name: custom-acls
       - mountPath: /home/cm
         name: acl-config
	# This Gist Is Created To Support The Blog Post Below.
	# https://medium.com/p/b29366f85d50
	# Refer to post above for more informaton
	image:
	repository: tagore22/rundeck
	tag: 3.3.4
	pullPolicy: Always
	deployment:
	replicaCount: 1
	annotations: {}
	strategy:
	type: Recreate
	rundeck:
	env:
	# Configuring Database as default backend.
	RUNDECK_PROJECTSSTORAGETYPE: "db"
	# Rundeck RDS Integration.
	RUNDECK_DATABASE_DRIVER: "org.postgresql.Driver"
	RUNDECK_DATABASE_URL: "jdbc:postgresql://rundeck-tagore-temp.mydatabaseid.us-east-1.rds.amazonaws.com"
	RUNDECK_DATABASE_USERNAME: "rundeckadm"
	# End of RDS Integration.
	RUNDECK_LOGGING_STRATEGY: "FILE"
	# Rundeck S3 Log Storage Plugin Integration.
	RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: "org.rundeck.amazon-s3"
	RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: "eks-rundeck-logs"
	RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATH: "${job.project}/${job.path}/${job.execid}.log"
	RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: "us-east-1"
	# Enf of S3 Log Storage Plugin Integration.
	RUNDECK_SERVER_FORWARDED: "true"
	# Below URL Needs To Be Same Value As Provided In Ingress Hostname.
	RUNDECK_GRAILS_URL: "https://rundeck-eks.example.com"
	# Rundeck Integration with AD using LDAP.
	RUNDECK_JAAS_MODULES_0: "JettyCachingLdapLoginModule"
	RUNDECK_JAAS_LDAP_BINDDN: ""
	RUNDECK_JAAS_LDAP_FLAG: "required"
	RUNDECK_JAAS_LDAP_PROVIDERURL: "ldap://example.com:389"
	RUNDECK_JAAS_LDAP_ROLEBASEDN: "DC=example,DC=aws"
	RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE: "member"
	RUNDECK_JAAS_LDAP_ROLENAMEATTRIBUTE: "cn"
	RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS: "group"
	RUNDECK_JAAS_LDAP_SUPPLEMENTALROLES: "user,readonly"
	RUNDECK_JAAS_LDAP_USERBASEDN: "OU=Users,OU=example,DC=example,DC=aws"
	RUNDECK_JAAS_LDAP_USEREMAILATTRIBUTE: "email"
	RUNDECK_JAAS_LDAP_USERFIRSTNAMEATTRIBUTE: "givenName"
	RUNDECK_JAAS_LDAP_USERIDATTRIBUTE: "sAMAccountName"
	RUNDECK_JAAS_LDAP_USERLASTNAMEATTRIBUTE: "sn"
	RUNDECK_JAAS_LDAP_USEROBJECTCLASS: "user"
	RUNDECK_JAAS_LDAP_USERPASSWORDATTRIBUTE: "unicodePwd"
	# End of Integration with AD.
	#Enabling Audit Logging
	RUNDECK_LOGGING_AUDIT_ENABLED: "True"
	# Name of the secret containing SSH files to mount under ~/.ssh
	sshSecrets: "ssh-keys-rundeck"
	# Name of secret containing to mount under ~/.aws/
	awsConfigCredentialsSecret: "aws-access-keys-secret"
	# Name of secret containing additional sensitive Runtime environment variables
	envSecret: "rundeck-env-secret"
	nameOverride: ""
	fullnameOverride: ""
	persistence:
	enabled: false
	claim:
	create: false
	serviceAccount:
	# Specifies whether a ServiceAccount should be created
	create: "true"
	annotations: {}
	# AWS IRSA annotation
	# eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/rundeck
	# The name of the ServiceAccount to use.
	# If not set and create is true, a name is generated using the fullname template
	name:
	ingress:
	enabled: "true"
	annotations:
	kubernetes.io/ingress.class: "nginx"
	paths:
	- "/"
	hosts:
	- "rundeck-eks.example.com"
	tls:
	- hosts:
	- "rundeck-eks.example.com"
	secretName: "rundeck-tls-secret"
	# Rundeck is failrly intense memory hungry application. Adjust theese values based on your environment and requirements.
	resources:
	limits:
	cpu: "1.5"
	memory: "2Gi"
	requests:
	cpu: "0.5"
	memory: "1Gi"
	nodeSelector: {}
	tolerations: []
	affinity: {}
	# volumes made available to all containers.
	volumes:
	# Volume to download plugins into.
	- name: "plugins"
	emptyDir: {}
	# Volume to configure custom-acls.
	- name: "custom-acls"
	emptyDir: {}
	# ConfigMao volume with custom ACL data.
	- name: acl-config
	configMap:
	name: acl-configmap
	items:
	- key: custom.aclpolicy
	path: custom.aclpolicy
	# volumeMounts to add to the rundeck container. Init container downloads plugins to this mount.
	volumeMounts:
	- mountPath: /home/rundeck/libext/
	name: plugins
	- mountPath: /home/rundeck/etc
	name: custom-acls
	# initContainers can be used to download plugins or customise your rundeck installation
	initContainers:
	- name: download-plugins
	image: alpine:3.8
	command: [sh, -c]
	args:
	- echo "Downloading Plugins.";
	wget https://github.com/rundeck-plugins/vault-storage/releases/download/1.3.1/vault-storage-1.3.1.jar -O /home/rundeck/libext/vault-storage-1.3.1.jar;
	wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.11/rundeck-s3-log-plugin-1.0.11.jar -O /home/rundeck/libext/rundeck-s3-log-plugin-1.0.11.jar;
	wget https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/v1.5.14/rundeck-ec2-nodes-plugin-1.5.14.jar -O /home/rundeck/libext/rundeck-ec2-nodes-plugin-1.5.14.jar;
	wget https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.2.5/slack-incoming-webhook-plugin-1.2.5.jar -O /home/rundeck/libext/slack-incoming-webhook-plugin-1.2.5.jar;
	chmod -R 777 /home/rundeck/libext;
	ls -al /home/rundeck/libext;
	echo "Configuring ACL's now";
	cat /home/cm/* > /rundeck/acls/custom.aclpolicy;
	ls -al /rundeck/acls/
	volumeMounts:
	- mountPath: /home/rundeck/libext/
	name: plugins
	- mountPath: /rundeck/acls
	name: custom-acls
	- mountPath: /home/cm
	name: acl-config