Created
August 3, 2022 15:49
-
-
Save byahia/a83f8c8172af401374ddc224ba11c7aa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global: | |
edition: ee | |
serviceAccount: | |
enabled: true | |
create: true | |
annotations: | |
name: "gitlab-sa" | |
eks.amazonaws.com/role-arn: "${gitlab_s3_iam_role}" | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
ingress: | |
enabled: true | |
configureCertmanager: false | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${lb_certificate}" | |
tls: | |
enabled: false | |
operator: | |
enabled: false | |
gitaly: | |
enabled: true | |
hosts: | |
domain: "${main_domain_name}" | |
https: false | |
pages: | |
name: "pages.${main_domain_name}" | |
https: false | |
smtp: | |
enabled: true | |
address: "${smtp_server_address}" | |
port: 25 | |
authentication: "" | |
starttls_auto: false | |
openssl_verify_mode: "none" | |
email: | |
from: "gitlab@gitlab.com" | |
display_name: "Gitlab" | |
reply_to: "gitlab@gitlab.com" | |
subject_suffix: "" | |
psql: | |
# https://postgresqlco.nf/doc/en/param/ | |
connectTimeout: 10 #The number of seconds to wait for a database connection. The default is 3 seconds | |
keepalivesIdle: 30 #The number of seconds of inactivity after which TCP should send a keepalive message to the server. A value of zero uses the system default. | |
keepalivesInterval: 30 #The number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted. A value of zero uses the system default | |
keepalivesCount: 10 #The number of TCP keepalives that can be lost before the client’s connection to the server is considered dead. A value of zero uses the system default. | |
host: "${database_host}" | |
database: "${database_name}" | |
username: "${database_username}" | |
password: | |
secret: "${database_secret_name}" | |
key: "${database_secret_key}" | |
minio: | |
enabled: false | |
registry: | |
bucket: "${gitlab_bucket_name}" | |
annotations: | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${registry_certificate}" | |
appConfig: | |
defaultCanCreateGroup: false | |
omniauth: | |
enabled: true | |
allowSingleSignOn: true | |
blockAutoCreatedUsers: false | |
syncProfileFromProvider: ["google_oauth2"] | |
providers: | |
- secret: "google-oauth-compagny1" | |
- secret: "google-oauth-compagny2" | |
defaultProjectsFeatures: | |
issues: false | |
wiki: false | |
snippets: true | |
lfs: | |
bucket: "${gitlab_lfs_bucket_name}" | |
enabled: true | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
artifacts: | |
enabled: true | |
bucket: "${gitlab_artifacts_bucket_name}" | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
uploads: | |
enabled: true | |
bucket: "${gitlab_uploads_bucket_name}" | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
packages: | |
enabled: true | |
bucket: "${gitlab_packages_bucket_name}" | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
externalDiffs: | |
enabled: true | |
bucket: "${gitlab_external_diffs_bucket_name}" | |
background_upload: True | |
direct_upload: True | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
backups: | |
bucket: "${gitlab_backup_bucket_name}" | |
tmpBucket: "${gitlab_backup_tmp_bucket_name}" | |
service: | |
annotations: | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
eks.amazonaws.com/role-arn: "${gitlab_s3_iam_role}" | |
#grafana: | |
#enabled: true | |
pages: | |
enabled: true | |
host: "${gitlab_pages_url}" | |
accessControl: true | |
redirectHttp: true | |
objectStore: | |
enabled: true | |
bucket: "${gitlab_pages_bucket_name}" | |
connection: | |
secret: "gitlab-s3-secret" | |
key: connection | |
certmanager: | |
install: false | |
nginx-ingress: | |
enabled: true | |
tcpExternalConfig: "true" | |
controller: | |
service: | |
enabled: true | |
targetPorts: | |
https: http | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${lb_certificate}" | |
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp | |
service.beta.kubernetes.io/aws-load-balancer-name: "gitlab-ingress" | |
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" | |
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" | |
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https | |
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: 3600 | |
addHeaders: | |
Referrer-Policy: strict-origin-when-cross-origin | |
config: | |
# pass the X-Forwarded-* headers directly from the upstream | |
use-forwarded-headers: "true" | |
use-http2: "true" | |
controller: | |
service: | |
labels: | |
dns: "route53" | |
annotations: | |
domainName: "https://${gitlab_url}" | |
webservice: | |
workerTimeout: 120 | |
postgresql: | |
install: false | |
s3: | |
bucket: "${gitlab_bucket_name}" | |
v4auth: true | |
region: "${region}" | |
gitlab-runner: | |
install: false | |
gitlab-pages: | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${pages_certificate}" | |
redis: | |
master: | |
persistence: | |
size: "${redis_disk_size}Gi" | |
gitlab: | |
toolbox: | |
enabled: true | |
persistence: | |
# In case of pod dying due to mem usage(by default task-runner uses memory to keep the temporary files) enable this config | |
enabled: true | |
accessMode: ReadWriteOnce | |
size: 600Gi | |
backups: | |
cron: | |
enabled: true | |
concurrencyPolicy: Replace | |
persistence: | |
enabled: true | |
accessMode: "ReadWriteOnce" | |
size: 600Gi | |
resources: | |
requests: | |
cpu: "50m" | |
memory: "350M" | |
schedule: "0 1 * * *" | |
extraArgs: "--skip uploads,artifacts,builds,packages,registry,external_diffs" | |
objectStorage: | |
backend: "s3" | |
config: | |
secret: "${s3cmd_secret}" | |
key: config | |
resources: | |
requests: | |
cpu: "50m" | |
memory: "350M" | |
annotations: | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
gitaly: | |
persistence: | |
size: "${gitaly_disk_size}Gi" | |
storageClass: "${gitaly_storage_class}" | |
annotations: | |
eks.amazonaws.com/role-arn: "${gitlab_s3_iam_role}" | |
webservice: | |
ingress: | |
annotations: | |
nginx.ingress.kubernetes.io/service-upstream: "false" | |
deployment: | |
readinessProbe: | |
periodSeconds: 15 | |
timeoutSeconds: 10 | |
annotations: | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
gitlab-shell: | |
config: # this controls ProxyProtcol from NGINX to GitLab Shell | |
proxyProtocol: true | |
sshDaemon: gitlab-sshd | |
annotations: | |
iam.amazonaws.com/role: "${gitlab_s3_iam_role}" | |
gitlab-pages: | |
ingress: | |
annotations: | |
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${pages_certificate}" | |
prometheus: | |
server: | |
persistentVolume: | |
enabled: true | |
size: "${prometheus_disk_size}Gi" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment