/
api.values.yaml.gotmpl
172 lines (161 loc) · 4.63 KB
/
api.values.yaml.gotmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
image:
tag: 10x.8.1
replicaCount:
web: 1
backend: 4
scheduler: 1
queue: 2
useProbes: true
platform:
backendMwHost: mediawiki-139-app-backend.default.svc.cluster.local
queue:
queueNames: ['default']
horizon:
enabled: true
queueNames: ['default', 'manual-intervention']
# This mw db connection is only used by the queue..
mw:
db:
readHost: sql-mariadb-secondary.default.svc.cluster.local
writeHost: sql-mariadb-primary.default.svc.cluster.local
# database: someDbName
username: mediawiki-db-manager
passwordSecretName: sql-secrets-init-passwords
passwordSecretKey: SQL_INIT_PASSWORD_MW
backoff: [10,60,300,900,1500] # 10s, 1m, 5m, 15m, 30m
serviceMonitor:
enabled: true
additionalLabels:
release: kube-prometheus-stack
ingress:
tls:
- hosts:
- wikibase.cloud ## todo should be injected
secretName: wikibase-production-tls
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
hosts:
{{- range .Values.services.app.ingressHosts }}
- host: {{ .host }}
paths:
{{- range .paths }}
- {{ . | quote }}
{{- end }}
{{- end }}
wbstack:
qsBatchMarkFailedAfter: 3
qsBatchPendingTimeout: 'PT300S'
signupThrottlingRange: 'PT24H'
signupThrottlingLimit: 20
summaryCreationRateRanges:
- 'PT24H'
- 'P30D'
subdomainSuffix: {{ .Values.wbstack.subdomainSuffix }}
uiurl: {{ .Values.wbstack.uiurl }}
wikiDbProvisionVersion: mw1.39-wbs1
wikiDbUseVersion: mw1.39-wbs1
maxWikisPerUser: 6
monitoringEmail: "wb-cloud-monitoring@wikimedia.de"
elasticSearch:
enabledByDefault: true
contact:
mail:
recipient: contact.wikibase@wikimedia.de
sender: contact-<subject>@wikibase.cloud
app:
name: WBaaS Wikibase Production
env: production
logLevel: info
keySecretName: api-app-secrets
keySecretKey: api-app-key
url: {{ .Values.services.app.url }}
cacheDriver: redis
queueConnection: redis
jwtSecretSecretName: api-app-secrets
jwtSecretSecretKey: api-app-jwt-secret
queryServiceHost: queryservice.default.svc.cluster.local:9999
elasticSearchHost: elasticsearch-1.default.svc.cluster.local:9200
elasticSearchSharedIndexHost: elasticsearch-2.default.svc.cluster.local:9200
elasticSearchSharedIndexPrefix: wiki_1
redis:
prefix: wikibase_production_api
# TODO is it possible to take advantage of replicas here?
host: {{ .Values.services.redis.writeHost }}
passwordSecretName: redis-password
passwordSecretKey: password
# Default values includes a password right now, so we need to explictly set this as empty
password:
port: {{ .Values.services.redis.port }}
db: {{ .Values.services.redis.databases.apiDb }}
cachedb: {{ .Values.services.redis.databases.apiCacheDb }}
db:
connection: mysql
readHost: sql-mariadb-secondary.default.svc.cluster.local
writeHost: sql-mariadb-primary.default.svc.cluster.local
port: 3306
name: {{ .Values.services.sql.api.db }}
user: {{ .Values.services.sql.api.user }}
passwordSecretName: sql-secrets-init-passwords
passwordSecretKey: SQL_INIT_PASSWORD_API
mail:
mailer: {{ .Values.services.app.mailer }} # mailgun/log https://laravel.com/docs/8.x/mail
fromaddress: noreply@wikibase.cloud
fromname: Wikibase Cloud
smtpUserSecretName: smtp-credentials
smtpUserSecretKey: username
smtpPasswordSecretName: smtp-credentials
smtpPasswordSecretKey: password
smtphost: smtp.eu.mailgun.org
smtpport: 587
recaptcha:
secretSecretName: {{ .Values.external.recaptcha3.secretName }}
secretSecretKey: secret_key
badgehide: true
gce:
projectId: {{ .Values.gceProject }}
serviceAccountSecret: api-serviceaccount
existingSecret: api-passport-keys
stackdriver:
enabled: true
loggingEnabled: false
tracingEnabled: false
errorReportingEnabled: true
trustedProxy:
proxies: ['10.108.0.0/14']
storage:
url: https://storage.googleapis.com/wikibase-cloud-static
accessKeySecretName: public-assets-hmac-key
secretKeySecretName: public-assets-hmac-key
resources:
# The backed is a platform critical element, so make sure it is allowed to be a bit silly...
backend:
requests:
cpu: 500m
memory: 300Mi
limits:
cpu: 1000m
memory: 600Mi
web:
requests:
cpu: 100m
memory: 340Mi
limits:
cpu: 250m
memory: 400Mi
queue:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1024Mi
scheduler:
requests:
cpu: 5m
memory: 20Mi
limits:
cpu: 40m
memory: 80Mi