86 lines
3.0 KiB
YAML
86 lines
3.0 KiB
YAML
# Global defaults (Optional - can be overridden per application)
|
|
# global:
|
|
# istio:
|
|
# gatewaySelector:
|
|
# istio: ingressgateway # Default selector for Istio ingress pods
|
|
# certManager:
|
|
# issuerName: "letsencrypt-prod"
|
|
# issuerKind: ClusterIssuer
|
|
# createSecretInNamespace: "" # Default: empty means create in app namespace
|
|
|
|
# List of applications to configure ingress for
|
|
applications:
|
|
# --- Example for Grafana ---
|
|
- name: grafana
|
|
# Set to true to create resources for this application
|
|
enabled: true
|
|
# Namespace where the Grafana SERVICE lives (and where Gateway/VS will be created)
|
|
namespace: monitoring
|
|
# Name of the Grafana Kubernetes Service
|
|
serviceName: kube-prometheus-stack-grafana # Adjust if different
|
|
# Port the Grafana Service listens on
|
|
servicePort: 80 # The K8s service port, often 80, targets Grafana's internal port (3000)
|
|
# Hostname(s) for accessing Grafana
|
|
hosts:
|
|
- grafana.james-mellors.com
|
|
# Path configuration for routing
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix # Prefix or Exact
|
|
|
|
# TLS specific configuration
|
|
tls:
|
|
# Set to true if this application uses TLS (required for certificate)
|
|
enabled: true
|
|
# Name of the Kubernetes Secret to store/read the TLS certificate
|
|
secretName: grafana-tls
|
|
# List of hosts the certificate should cover (usually matches 'hosts' above)
|
|
hosts:
|
|
- grafana.james-mellors.com
|
|
|
|
# Istio specific overrides for this application (Optional)
|
|
istio:
|
|
# Override the global gateway selector if needed
|
|
# gatewaySelector:
|
|
# istio: my-custom-gateway
|
|
# Enable HTTP->HTTPS redirect for this app's Gateway
|
|
httpRedirect: true
|
|
|
|
# Cert-Manager specific overrides for this application (Optional)
|
|
certManager:
|
|
# Override global issuer if needed
|
|
issuerName: "letsencrypt-cloudflare"
|
|
issuerKind: ClusterIssuer
|
|
# Override where the Secret is created (e.g., "istio-system" or keep empty for app namespace)
|
|
createSecretInNamespace: "istio-system" # Default: uses 'namespace' field above
|
|
|
|
# --- Example for NTFY ---
|
|
# - name: ntfy
|
|
# enabled: true
|
|
# namespace: default # Or wherever your NTFY service lives
|
|
# serviceName: ntfy-server # Adjust if different
|
|
# servicePort: 80 # The port the K8s service listens on
|
|
# hosts:
|
|
# - ntfy.yourdomain.com
|
|
# paths:
|
|
# - path: /
|
|
# pathType: Prefix
|
|
# tls:
|
|
# enabled: true
|
|
# secretName: ntfy-tls
|
|
# hosts:
|
|
# - ntfy.yourdomain.com
|
|
# istio:
|
|
# httpRedirect: true
|
|
# certManager:
|
|
# # Using global defaults defined above (if any) or specify here
|
|
# # issuerName: "letsencrypt-prod"
|
|
# # issuerKind: ClusterIssuer
|
|
# createSecretInNamespace: "" # Default: uses 'namespace' field above
|
|
|
|
# --- Add more applications here ---
|
|
# - name: my-other-app
|
|
# enabled: false # Disabled example
|
|
# namespace: apps
|
|
# serviceName: my-other-app-svc
|
|
# ... etc ... |