bounca/variables.yml

---

# Name of this instance (controls job and service name)
instance: bounca

bounca:

  # The image to use
  image: danielberteaud/bounca:latest

  vault:
    # Vault policies to use
    policies:
      - '[[ .instance ]][[ .consul.suffix ]]'
    # Random secrets to generate
    rand_secrets:
      fields:
        - django_secret

  postgres:
    database: '[[ .instance ]]'
    user: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
    password: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'

  # Env variable to pass to the container
  env:
    BOUNCA_DB_NAME: '[[ .bounca.postgres.database ]]'
    BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.root ]]/kv/service/[[ .instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'

  # Public URL where user can reach the app
  public_url: https://pki.example.org

  # Custom django settings
  django_custom_settings: ""

  # Wait for postgres to be ready before starting
  wait_for:
    - service: master.postgres[[ .consul.suffix ]]

  # Connect to the postgres service through the service mesh]
  consul:
    connect:
      upstreams:
        - destination_name: postgres[[ .consul.suffix ]]
          local_bind_port: 5432

  # Traefik settings
  traefik: {}

  # Settings for /public, which can be different from the main interface
  # /public expose certificates and CRL so it should usually be publicly accessible
  public:
    traefik:
      auto_rule: false
      router: '[[ .instance ]]-public[[ .consul.suffix ]]'

  # Resource allocation for the main bounca task
  resources:
    cpu: 200
    memory: 192
BounCA bundle 2023-11-15 22:44:50 +01:00			`---`

Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00			`# Name of this instance (controls job and service name)`
			`instance: bounca`
BounCA bundle 2023-11-15 22:44:50 +01:00
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00			`bounca:`
BounCA bundle 2023-11-15 22:44:50 +01:00
			`# The image to use`
Cleanup 2023-12-21 23:37:28 +01:00			`image: danielberteaud/bounca:latest`
BounCA bundle 2023-11-15 22:44:50 +01:00
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00			`vault:`
Update for vault cleanup 2024-01-31 12:29:56 +01:00			`# Vault policies to use`
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00			`policies:`
			`- '[[ .instance ]][[ .consul.suffix ]]'`
Update for vault cleanup 2024-01-31 12:29:56 +01:00			`# Random secrets to generate`
			`rand_secrets:`
			`fields:`
			`- django_secret`
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00
			`postgres:`
			`database: '[[ .instance ]]'`
Update for vault cleanup 2024-01-31 12:29:56 +01:00			`user: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'`
			`password: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'`
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00
BounCA bundle 2023-11-15 22:44:50 +01:00			`# Env variable to pass to the container`
			`env:`
Cleanup, add missing wait_for, support pgbouncer 2024-01-13 15:03:05 +01:00			`BOUNCA_DB_NAME: '[[ .bounca.postgres.database ]]'`
Update for vault cleanup 2024-01-31 12:29:56 +01:00			`BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.root ]]/kv/service/[[ .instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'`
BounCA bundle 2023-11-15 22:44:50 +01:00
			`# Public URL where user can reach the app`
			`public_url: https://pki.example.org`

			`# Custom django settings`
			`django_custom_settings: ""`

			`# Wait for postgres to be ready before starting`
			`wait_for:`
			`- service: master.postgres[[ .consul.suffix ]]`

			`# Connect to the postgres service through the service mesh]`
			`consul:`
			`connect:`
			`upstreams:`
			`- destination_name: postgres[[ .consul.suffix ]]`
			`local_bind_port: 5432`

			`# Traefik settings`
Adapt to new middleware model 2024-01-28 22:57:33 +01:00			`traefik: {}`
BounCA bundle 2023-11-15 22:44:50 +01:00
Different traefik settings for /public + cleanup 2023-11-16 10:07:08 +01:00			`# Settings for /public, which can be different from the main interface`
			`# /public expose certificates and CRL so it should usually be publicly accessible`
			`public:`
			`traefik:`
Adapt to new middleware model 2024-01-28 22:57:33 +01:00			`auto_rule: false`
			`router: '[[ .instance ]]-public[[ .consul.suffix ]]'`
Different traefik settings for /public + cleanup 2023-11-16 10:07:08 +01:00
BounCA bundle 2023-11-15 22:44:50 +01:00			`# Resource allocation for the main bounca task`
			`resources:`
			`cpu: 200`
			`memory: 192`