Preparing infra.yaml

Prepare your infra.yaml file that will be used to deploy and configure the solution.

Main Settings

Parameter	Value	Mandatory	Description
monitoring.enabled	true or false	Yes	Defines whether to install the monitoring and alerting solution.
monitoring.version	A version	No	Defines which version of the solution will be installed. When skipped, the latest version is installed. Note: We recommend that you skip this parameter unless you need to install a specific version.
monitoring.product_namespace	A namespace	Yes	Specifies the namespace of your CloudBlue Commerce installation.
monitoring.metrics_server_enabled	true or false	No	Defines whether to install the Kubernetes metrics server (kube-state-metrics). The default value is false.
monitoring.prometheus_fewer_metrics	true or false	No	Defines whether to decrease the metric scraping frequency of Prometheus. The default value is false. You can set this parameter to true if Prometheus cannot cope with a very large metric flow.
monitoring.prometheus_msteams_enabled	true or false	No	Defines whether to send alerts to a Microsoft Teams channel. The default value is false.
monitoring.prometheus_msteams_webhook	An Incoming Webhook URL	Yes if monitoring.prometheus_msteams_enabled is set to true No if monitoring.prometheus_msteams_enabled is set to false	The URL of an Incoming Webhook of a Microsoft Teams channel. To learn how to configure an Incoming Webhook of a Microsoft Teams channel, please refer to this article.
monitoring.pcplogin.enabled	true or false	Yes	Reserved for future use. Set this parameter to false.
monitoring.pcplogin.user	A user name	Yes	Reserved for future use. Set this parameter to xxxxxxx.
monitoring.pcplogin.pcploginpassword	A password	Yes	Reserved for future use. Set this parameter to xxxxxxx.
monitoring.ingressclass	An ingress class name	Yes	Defines which ingress controller must be used by the solution to create Ingress resources for the UIs of Prometheus, Alertmanager, and Grafana. You must specify the ingress class name of the ingress controller that you need: If you specify the ingress class name of an ingress controller whose LoadBalancer service has an external load balancer IP address, the UIs of the solution will be accessible from the Internet. If you specify the ingress class name of an ingress controller whose LoadBalancer service has an internal load balancer IP address, the UIs of the solution will be accessible only from your internal network. Warning: If you plan to use an external ingress controller for the UIs of the solution, you must restrict access to those UIs with a firewall or the methods described in Restricting Access to the UIs of the Solution.
monitoring.ingress_whitelist	IP ranges	No	Defines the IP addresses from which access to the UIs of the solution is allowed. When omitted, access to those UIs is allowed from any IP address. The following format must be used: NETWORK1/MASK1,NETWORK2/MASK2,... For example: 192.168.1.0/24,192.168.2.10/32
monitoring.ingress_domain	A domain name	Yes	Defines the base domain that the solution UI URLs will be based on. For instance, if you set this parameter to example.com, those URLs will be: https://prometheus.example.com https://alertmanager.example.com https://grafana.example.com

OAuth2 Proxy Settings

Parameter	Value	Mandatory	Description
ingress.enabled	true or false	Yes	Reserved for internal use. You must set this parameter to false.
ingress.oauth2_proxy.enabled	true or false	No	Defines whether to install OAuth2 Proxy. The default value is false.
ingress.oauth2_proxy.oidc_issuer_url	A URL	Yes if you set ingress.oauth2_proxy.enabled to true. No if you set ingress.oauth2_proxy.enabled to false	Defines the OIDC issuer URL that will be used by OAuth2 Proxy. Specify https://sts.windows.net/AZURE_ACTIVE_DIRECTORY_TENANT_ID/, where AZURE_ACTIVE_DIRECTORY_TENANT_ID is the Azure Active Directory tenant ID that you prepared in Registering an Azure Application for OAuth2 Proxy.
ingress.oauth2_proxy.client_id	An identifier	Yes if you set ingress.oauth2_proxy.enabled to true. No if you set ingress.oauth2_proxy.enabled to false	Defines the client ID that will be used by OAuth2 Proxy. Specify the application ID that you prepared in Registering an Azure Application for OAuth2 Proxy.
ingress.oauth2_proxy.client_secret	A secret	Yes if you set ingress.oauth2_proxy.enabled to true. No if you set ingress.oauth2_proxy.enabled to false	Defines the client secret that will be used by OAuth2 Proxy. Specify the key value that you prepared in Registering an Azure Application for OAuth2 Proxy.
ingress.oauth2_proxy.cookie_secret	A secret	Yes if you set ingress.oauth2_proxy.enabled to true. No if you set ingress.oauth2_proxy.enabled to false	Defines the cookie secret that will be used by OAuth2 Proxy. Specify the value prepared with the `cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1` command.
ingress.oauth2_proxy.redis_password	A password	Yes if you set ingress.oauth2_proxy.enabled to true. No if you set ingress.oauth2_proxy.enabled to false	Defines the password of the Redis instance that will be installed with OAuth2 Proxy.

Example

monitoring:
  enabled: true
  product_namespace: cbc
  metrics_server_enabled: true
  prometheus_fewer_metrics: false
  prometheus_msteams_enabled: true
  prometheus_msteams_webhook: https://...webhook.office.com...
  pcplogin:
    enabled: false
    user: xxxxxxx
    password: xxxxxxx
  ingressclass: nginx-internal
  ingress_whitelist: 192.168.1.0/24,192.168.2.20/32
  ingress_domain: example.com

ingress:
  enabled: false
  oauth2_proxy:
    enabled: true
    issuer_url: https://sts.windows.net/2044a987-2d04-43a4-971c-dd0454a7b8e7/
    client_id: 2cf58187-2bbe-4dcd-8b84-b60c66e455fd
    client_secret: +oN...
    cookie_secret: 7N8Vy21f0S1B3BOhz2iXiu5mEpsuT7vO
    redis_password: 1c0c6579-174b-4f92-ae35-aa44a9a5f213