fix

Author: adskyiproger

environments/staging/dependencies/values.yaml

@@ -0,0 +1,25 @@
+storage_type: host_path
+
+environment_type: production
+
+ingress:
+  tls_resolver: letsencrypt
+
+minio:
+  use_default_credentials: false
+
+elasticsearch:
+  use_default_credentials: false
+
+mongodb:
+  use_default_credentials: false
+
+postgres:
+  use_default_credentials: false
+
+monitoring:
+  enabled: true
+
+elastalert:
+  env:
+    HTTP_POST2_ALERT_URL: http://countryconfig.opencrvs-staging.svc.cluster.local:3040

environments/staging/mosip-api/values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  ssl_enabled: true

environments/staging/opencrvs-services/values.yaml

@@ -0,0 +1,56 @@
+########################################################################################
+# Initial configuration file for OpenCRVS installation
+########################################################################################
+# Some properties are not defined in this file and should be provided as key/value at
+# installation time:
+# - hostname: valid DNS name for opencrvs
+# - countryconfig.image.name: Countryconfig image repository
+# - countryconfig.image.tag: Countryconfig image tag
+ingress:
+  tls_resolver: letsencrypt
+
+environment_type: production
+
+hpa:
+  enabled: false
+
+env:
+  APN_SERVICE_URL: "http://apm-server.opencrvs-deps-staging.svc.cluster.local:8200"
+
+influxdb:
+  host: influxdb-0.influxdb.opencrvs-deps-staging.svc.cluster.local
+elasticsearch:
+  auth_mode: auto
+  host: elasticsearch.opencrvs-deps-staging.svc.cluster.local
+
+
+minio:
+  auth_mode: use_secret
+  host: minio-0.minio.opencrvs-deps-staging.svc.cluster.local
+  external_hostname: minio.test-k8s.opencrvs.dev
+
+mongodb:
+  auth_mode: auto
+  host: mongodb-0.mongodb.opencrvs-deps-staging.svc.cluster.local
+
+redis:
+  auth_mode: acl
+  host: redis-0.redis.opencrvs-deps-staging.svc.cluster.local
+
+postgres:
+  auth_mode: auto
+  host: postgres-0.postgres.opencrvs-deps-staging.svc.cluster.local
+
+imagePullSecrets:
+  # Default value for credentials created while yarn environment:init
+  - name: dockerhub-credentials
+
+countryconfig:
+  smtp-config:
+    - ALERT_EMAIL
+    - SENDER_EMAIL_ADDRESS
+    - SMTP_HOST
+    - SMTP_PASSWORD
+    - SMTP_PORT
+    - SMTP_SECURE
+    - SMTP_USERNAME

environments/staging/traefik/values.yaml

@@ -0,0 +1,72 @@
+# Overwriting https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
+namespaceOverride: "traefik"
+logs:
+  general:
+    # "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC"
+    level: "INFO"
+    # format: "common" # For local environment
+    format: "json" # For server environment
+  access:
+    # -- To enable access logs
+    enabled: true
+    format: "json"
+
+ingressRoute:
+  dashboard:
+    enabled: false
+
+# Be explicit that we only use CRDs, not ingress/gw support
+providers: 
+  kubernetesCRD:
+    enabled: true
+  kubernetesIngress:
+    enabled: false
+  kubernetesGateway:
+    enabled: false
+
+service:
+  enabled: true
+  single: false
+  type: NodePort
+
+ports:
+  web:
+    port: 8000
+    hostPort: 80
+    protocol: TCP
+    nodePort: 30080
+  websecure:
+    port: 8443
+    nodePort: 30443
+    hostPort: 443
+    protocol: TCP
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      tlsChallenge: false
+      httpChallenge:
+        entryPoint: web
+      email: vadym@opencrvs.org
+      # Storage for certificates:
+      storage: /certificates/acme.json
+      # NOTE: Sometimes Let's Encrypt hit production SSL certificate issuing limits
+      #       If you are having issues, switch to staging
+      # Staging server
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+      # Production server
+      caServer: https://acme-v02.api.letsencrypt.org/directory
+
+deployment:
+  hostNetwork: true
+  additionalVolumes:
+    - name: acme
+      hostPath:
+        path: /data/traefik
+
+additionalVolumeMounts:
+    - name: acme
+      mountPath: /certificates
+
+nodeSelector:
+  traefik-role: ingress

infrastructure/server-setup/inventory/staging.yml

@@ -0,0 +1,47 @@
+all:
+  vars:
+    # Domain/IP address for remote access to your cluster API (see ~/.kube/config)
+    # - If you are behind VPN, use private IP address
+    # - If your server is exposed (not recommeded), use public IP address
+    # - If you would like to run kubectl commands from the remote server, leave this field empty
+    # kube_api_host: ''
+    kube_api_host: test-stg.opencrvs.dev
+    # Default ansible provision user, keep as is
+    ansible_user: provision
+
+    # single_node:
+    # For development/qa/testing/staging keep true
+    # For production keep false
+    # Defaults production configuration:
+    # - master node
+    # - 2 worker nodes
+    single_node: true
+
+    # users: Add as many users as you wish
+    # Configuration example
+    # - name: <login>
+    #   ssh_keys:
+    #     - <public ssh key 1>
+    #     - <public ssh key 2>
+    #   state: present
+    #   role: admin
+    # Allowed roles:
+    # - operator, read only access to OS, full access to kubernetes cluster
+    # - admin, full access
+    # Allowed states:
+    # - present, user is allowed to login
+    # - absent, account is disabled
+    users: []
+
+  children:
+    master:
+      hosts:
+        # Replace master with value returned by command: hostname
+        master:
+          # Keep values (ansible_host, ansible_connection) as is
+          # Ansible is executed on master node
+          ansible_host: localhost
+          ansible_connection: local
+          labels:
+            # traefik-role label is used to identify where to deploy traefik
+            traefik-role: ingress