Preparing infra.yaml

Prepare your infra.yaml file that will be used to deploy and configure the solution.

Main Settings

Parameter Value Mandatory Description
monitoring.enabled true or false Yes Defines whether to install the monitoring and alerting solution.
monitoring.version A version No

Defines which version of the solution will be installed.

When skipped, the latest version is installed.

Note: We recommend that you skip this parameter unless you need to install a specific version.

monitoring.product_namespace A namespace Yes Specifies the namespace of your CloudBlue Commerce installation.
monitoring.metrics_server_enabled true or false No

Defines whether to install the Kubernetes metrics server (kube-state-metrics).

The default value is false.

monitoring.prometheus_fewer_metrics true or false No

Defines whether to decrease the metric scraping frequency of Prometheus.

The default value is false.

You can set this parameter to true if Prometheus cannot cope with a very large metric flow.

monitoring.prometheus_msteams_enabled true or false No

Defines whether to send alerts to a Microsoft Teams channel.

The default value is false.

monitoring.prometheus_msteams_webhook An Incoming Webhook URL
  • Yes if monitoring.prometheus_msteams_enabled is set to true

  • No if monitoring.prometheus_msteams_enabled is set to false

The URL of an Incoming Webhook of a Microsoft Teams channel.

To learn how to configure an Incoming Webhook of a Microsoft Teams channel, please refer to this article.

monitoring.pcplogin.enabled

true or false Yes

Reserved for future use.

Set this parameter to false.

monitoring.pcplogin.user

A user name Yes

Reserved for future use.

Set this parameter to xxxxxxx.

monitoring.pcplogin.pcploginpassword A password Yes

Reserved for future use.

Set this parameter to xxxxxxx.

monitoring.ingressclass An ingress class name Yes

Defines which ingress controller must be used by the solution to create Ingress resources for the UIs of Prometheus, Alertmanager, and Grafana.

You must specify the ingress class name of the ingress controller that you need:

  • If you specify the ingress class name of an ingress controller whose LoadBalancer service has an external load balancer IP address, the UIs of the solution will be accessible from the Internet.

  • If you specify the ingress class name of an ingress controller whose LoadBalancer service has an internal load balancer IP address, the UIs of the solution will be accessible only from your internal network.

Warning: If you plan to use an external ingress controller for the UIs of the solution, you must restrict access to those UIs with a firewall or the methods described in Restricting Access to the UIs of the Solution.

monitoring.ingress_whitelist IP ranges No

Defines the IP addresses from which access to the UIs of the solution is allowed.

When omitted, access to those UIs is allowed from any IP address.

The following format must be used: NETWORK1/MASK1,NETWORK2/MASK2,...

For example: 192.168.1.0/24,192.168.2.10/32

monitoring.ingress_domain A domain name Yes

Defines the base domain that the solution UI URLs will be based on.

For instance, if you set this parameter to example.com, those URLs will be:

  • https://prometheus.example.com

  • https://alertmanager.example.com

  • https://grafana.example.com

OAuth2 Proxy Settings

Parameter Value Mandatory Description
ingress.enabled true or false Yes

Reserved for internal use.

You must set this parameter to false.

ingress.oauth2_proxy.enabled true or false No

Defines whether to install OAuth2 Proxy.

The default value is false.

ingress.oauth2_proxy.oidc_issuer_url A URL
  • Yes if you set ingress.oauth2_proxy.enabled to true.

  • No if you set ingress.oauth2_proxy.enabled to false

Defines the OIDC issuer URL that will be used by OAuth2 Proxy.

Specify https://sts.windows.net/AZURE_ACTIVE_DIRECTORY_TENANT_ID/, where AZURE_ACTIVE_DIRECTORY_TENANT_ID is the Azure Active Directory tenant ID that you prepared in Registering an Azure Application for OAuth2 Proxy.

ingress.oauth2_proxy.client_id An identifier
  • Yes if you set ingress.oauth2_proxy.enabled to true.

  • No if you set ingress.oauth2_proxy.enabled to false

Defines the client ID that will be used by OAuth2 Proxy.

Specify the application ID that you prepared in Registering an Azure Application for OAuth2 Proxy.

ingress.oauth2_proxy.client_secret A secret
  • Yes if you set ingress.oauth2_proxy.enabled to true.

  • No if you set ingress.oauth2_proxy.enabled to false

Defines the client secret that will be used by OAuth2 Proxy.

Specify the key value that you prepared in Registering an Azure Application for OAuth2 Proxy.

ingress.oauth2_proxy.cookie_secret A secret
  • Yes if you set ingress.oauth2_proxy.enabled to true.

  • No if you set ingress.oauth2_proxy.enabled to false

Defines the cookie secret that will be used by OAuth2 Proxy.

Specify the value prepared with the cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 command.

ingress.oauth2_proxy.redis_password A password
  • Yes if you set ingress.oauth2_proxy.enabled to true.

  • No if you set ingress.oauth2_proxy.enabled to false

Defines the password of the Redis instance that will be installed with OAuth2 Proxy.

Example

monitoring:
  enabled: true
  product_namespace: cbc
  metrics_server_enabled: true
  prometheus_fewer_metrics: false
  prometheus_msteams_enabled: true
  prometheus_msteams_webhook: https://...webhook.office.com...
  pcplogin:
    enabled: false
    user: xxxxxxx
    password: xxxxxxx
  ingressclass: nginx-internal
  ingress_whitelist: 192.168.1.0/24,192.168.2.20/32
  ingress_domain: example.com

ingress:
  enabled: false
  oauth2_proxy:
    enabled: true
    issuer_url: https://sts.windows.net/2044a987-2d04-43a4-971c-dd0454a7b8e7/
    client_id: 2cf58187-2bbe-4dcd-8b84-b60c66e455fd
    client_secret: +oN...
    cookie_secret: 7N8Vy21f0S1B3BOhz2iXiu5mEpsuT7vO
    redis_password: 1c0c6579-174b-4f92-ae35-aa44a9a5f213
CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.