-
Notifications
You must be signed in to change notification settings - Fork 1
/
moderator.yaml
101 lines (101 loc) · 3.05 KB
/
moderator.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
labels:
app: moderator
name: moderator
namespace: moderator-prod
spec:
chart:
spec:
chart: mozmoderator
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: mozilla-helm-charts
namespace: flux-system
version: 0.3.1
interval: 1m0s
releaseName: moderator
values:
configMap:
data:
ALLOWED_HOSTS: moderator.prod.mozit.cloud,moderator.mozilla.org
ANON_ALWAYS: true
AWS_DEFAULT_REGION: us-west-2
FROM_NOREPLY: Mozilla Moderator <no-reply@moderator.mozilla.org>
OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.mozilla.auth0.com/authorize
OIDC_OP_DOMAIN: auth.mozilla.auth0.com
OIDC_OP_JWKS_ENDPOINT: https://auth.mozilla.auth0.com/.well-known/jwks.json
OIDC_OP_TOKEN_ENDPOINT: https://auth.mozilla.auth0.com/oauth/token
OIDC_OP_USER_ENDPOINT: https://auth.mozilla.auth0.com/userinfo
OIDC_RP_SIGN_ALGO: RS256
SESSION_COOKIE_SECURE: true
SITE_URL: https://moderator.mozilla.org
deployment:
port: "8000"
replicaCount: "1"
externalSecrets:
enabled: true
name: moderator
secrets:
- remoteRef:
key: /prod/moderator/envvar
property: AWS_ACCESS_KEY_ID
secretKey: AWS_ACCESS_KEY_ID
- remoteRef:
key: /prod/moderator/envvar
property: AWS_SECRET_ACCESS_KEY
secretKey: AWS_SECRET_ACCESS_KEY
- remoteRef:
key: /prod/moderator/envvar
property: DATABASE_URL
secretKey: DATABASE_URL
- remoteRef:
key: /prod/moderator/envvar
property: OIDC_RP_CLIENT_ID
secretKey: OIDC_RP_CLIENT_ID
- remoteRef:
key: /prod/moderator/envvar
property: OIDC_RP_CLIENT_SECRET
secretKey: OIDC_RP_CLIENT_SECRET
- remoteRef:
key: /prod/moderator/envvar
property: SECRET_KEY
secretKey: SECRET_KEY
- remoteRef:
key: /prod/moderator/envvar
property: SENTRY_DSN
secretKey: SENTRY_DSN
store: secretsmanager-secretstore
image:
pullPolicy: Always
repository: 783633885093.dkr.ecr.us-west-2.amazonaws.com/moderator
tag: v2.1.3 # {"$imagepolicy": "flux-system:moderator-prod:tag"}
imagePullSecrets:
- name: dockerhub-credentials
ingress:
className: ingress-nginx-moderator-prod
hosts:
- host: moderator.prod.mozit.cloud
paths:
- path: /
pathType: ImplementationSpecific
serviceName: moderator
servicePort: 80
- host: moderator.mozilla.org
paths:
- path: /
pathType: ImplementationSpecific
serviceName: moderator
servicePort: 80
le:
name: prod
name: moderator
tls:
- hosts:
- moderator.mozilla.org
secretName: cert-moderator-mozilla-org
- hosts:
- moderator.prod.mozit.cloud
secretName: cert-moderator-prod-mozit-cloud