Preparing infra.yaml
Prepare your infra.yaml
file that will be used to deploy and configure the solution.
Main Settings
Parameter | Value | Mandatory | Description |
---|---|---|---|
monitoring.enabled | true or false | Yes | Defines whether to install the monitoring and alerting solution. |
monitoring.version | A version | No |
Defines which version of the solution will be installed. When skipped, the latest version is installed. Note: We recommend that you skip this parameter unless you need to install a specific version. |
monitoring.product_namespace | A namespace | Yes | Specifies the namespace of your CloudBlue Commerce installation. |
monitoring.metrics_server_enabled | true or false | No |
Defines whether to install the Kubernetes metrics server (kube-state-metrics). The default value is false. |
monitoring.prometheus_fewer_metrics | true or false | No |
Defines whether to decrease the metric scraping frequency of Prometheus. The default value is false. You can set this parameter to true if Prometheus cannot cope with a very large metric flow. |
monitoring.prometheus_msteams_enabled | true or false | No |
Defines whether to send alerts to a Microsoft Teams channel. The default value is false. |
monitoring.prometheus_msteams_webhook | An Incoming Webhook URL |
|
The URL of an Incoming Webhook of a Microsoft Teams channel. To learn how to configure an Incoming Webhook of a Microsoft Teams channel, please refer to this article. |
monitoring.pcplogin.enabled |
true or false | Yes |
Reserved for future use. Set this parameter to false. |
monitoring.pcplogin.user |
A user name | Yes |
Reserved for future use. Set this parameter to xxxxxxx. |
monitoring.pcplogin.pcploginpassword | A password | Yes |
Reserved for future use. Set this parameter to xxxxxxx. |
monitoring.ingressclass | An ingress class name | Yes |
Defines which ingress controller must be used by the solution to create Ingress resources for the UIs of Prometheus, Alertmanager, and Grafana. You must specify the ingress class name of the ingress controller that you need:
Warning: If you plan to use an external ingress controller for the UIs of the solution, you must restrict access to those UIs with a firewall or the methods described in Restricting Access to the UIs of the Solution. |
monitoring.ingress_whitelist | IP ranges | No |
Defines the IP addresses from which access to the UIs of the solution is allowed. When omitted, access to those UIs is allowed from any IP address. The following format must be used: NETWORK1/MASK1,NETWORK2/MASK2,... For example: 192.168.1.0/24,192.168.2.10/32 |
monitoring.ingress_domain | A domain name | Yes |
Defines the base domain that the solution UI URLs will be based on. For instance, if you set this parameter to example.com, those URLs will be:
|
OAuth2 Proxy Settings
Parameter | Value | Mandatory | Description |
---|---|---|---|
ingress.enabled | true or false | Yes |
Reserved for internal use. You must set this parameter to false. |
ingress.oauth2_proxy.enabled | true or false | No |
Defines whether to install OAuth2 Proxy. The default value is false. |
ingress.oauth2_proxy.oidc_issuer_url | A URL |
|
Defines the OIDC issuer URL that will be used by OAuth2 Proxy. Specify https://sts.windows.net/AZURE_ACTIVE_DIRECTORY_TENANT_ID/, where AZURE_ACTIVE_DIRECTORY_TENANT_ID is the Azure Active Directory tenant ID that you prepared in Registering an Azure Application for OAuth2 Proxy. |
ingress.oauth2_proxy.client_id | An identifier |
|
Defines the client ID that will be used by OAuth2 Proxy. Specify the application ID that you prepared in Registering an Azure Application for OAuth2 Proxy. |
ingress.oauth2_proxy.client_secret | A secret |
|
Defines the client secret that will be used by OAuth2 Proxy. Specify the key value that you prepared in Registering an Azure Application for OAuth2 Proxy. |
ingress.oauth2_proxy.cookie_secret | A secret |
|
Defines the cookie secret that will be used by OAuth2 Proxy. Specify the value prepared with the |
ingress.oauth2_proxy.redis_password | A password |
|
Defines the password of the Redis instance that will be installed with OAuth2 Proxy. |
Example
monitoring: enabled: true product_namespace: cbc metrics_server_enabled: true prometheus_fewer_metrics: false prometheus_msteams_enabled: true prometheus_msteams_webhook: https://...webhook.office.com... pcplogin: enabled: false user: xxxxxxx password: xxxxxxx ingressclass: nginx-internal ingress_whitelist: 192.168.1.0/24,192.168.2.20/32 ingress_domain: example.com ingress: enabled: false oauth2_proxy: enabled: true issuer_url: https://sts.windows.net/2044a987-2d04-43a4-971c-dd0454a7b8e7/ client_id: 2cf58187-2bbe-4dcd-8b84-b60c66e455fd client_secret: +oN... cookie_secret: 7N8Vy21f0S1B3BOhz2iXiu5mEpsuT7vO redis_password: 1c0c6579-174b-4f92-ae35-aa44a9a5f213