-
Notifications
You must be signed in to change notification settings - Fork 44
Expand file tree
/
Copy pathprod-values.example.yaml
More file actions
391 lines (386 loc) · 13.8 KB
/
prod-values.example.yaml
File metadata and controls
391 lines (386 loc) · 13.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
# CHANGEME-PROD: All values here should be changed/reviewed
tags:
proxy: false # enable if you want/need giphy/youtube/etc proxying
legalhold: false # Enable if you need legalhold
federation: false # Enable to use federation
cassandra-migrations:
# images:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
cassandra:
host: cassandra-external
replicationFactor: 3
elasticsearch-index:
elasticsearch:
host: elasticsearch-external
cassandra:
host: cassandra-external
brig:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
config:
multiSFT:
enabled: false # enable to turn on SFT to SFT communication for federated calls
cassandra:
host: cassandra-external
elasticsearch:
host: elasticsearch-external
rabbitmq:
# Default: rabbitmq-external (for production external RabbitMQ VMs)
# CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral
host: rabbitmq-external
postgresql:
host: postgresql-external-rw # DNS name without protocol
port: "5432"
user: wire-server
dbname: wire-server
# See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html
postgresqlPool:
size: 10 # adjust pool size as needed based on expected load and available resources
useSES: false
# Set to false if you want to hand out DynamoDB to store prekeys
randomPrekeys: true
aws:
# change if using real AWS
region: "eu-west-1"
sqsEndpoint: http://fake-aws-sqs:4568
# dynamoDBEndpoint: http://fake-aws-dynamodb:4567
# these must match the table names created on fake or real AWS services
internalQueue: integration-brig-events-internal
prekeyTable: integration-brig-prekeys
externalUrls:
nginz: https://nginz-https.example.com # change this
teamSettings: https://teams.example.com # change this (or unset if team settings are not used)
teamCreatorWelcome: https://teams.example.com/login # change this
teamMemberWelcome: https://wire.example.com/download # change this
enableFederation: false # Keep false unless federation is explicitly configured
optSettings:
setEnableMLS: false # Enable for MLS protocol use
setFederationDomain: example.com # change this
# Sync the domain with the 'host' variable in the sftd chart
# Comment the next line (by adding '#' before it) if conference calling is not used
setSftStaticUrl: "https://sftd.example.com:443"
# setSftListAllServers: "enabled" # Uncomment for Federation!
# If set to true, creating new personal users or new teams on your instance from
# outside your backend installation is disabled
setRestrictUserCreation: false
# Uncomment and replace values below for adding federated backends
# setFederationStrategy: allowDynamic
# setFederationDomainConfigs:
# - domain: remotebackend1.example.com
# search_policy: full_search
emailSMS:
general:
emailSender: email@example.com # change this
smsSender: "insert-sms-sender-for-twilio" # change this if SMS support is desired
templateBranding: # change all of these, they are used in emails
brand: Wire
brandUrl: https://wire.com
brandLabel: wire.com
brandLabelUrl: https://wire.com
brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png
brandService: Wire Service Provider
copyright: © WIRE SWISS GmbH
misuse: misuse@wire.com
legal: https://wire.com/legal/
forgot: https://wire.com/forgot/
support: https://support.wire.com/
user:
passwordResetUrl: https://account.example.com/reset/?key=${key}&code=${code}
activationUrl: https://account.example.com/verify/?key=${key}&code=${code}
smsActivationUrl: https://account.example.com/v/${code}
deletionUrl: https://account.example.com/d/?key=${key}&code=${code}
invitationUrl: https://account.example.com/i/${code}
smtp:
# Default: smtp (for CI/demo environments with demo-smtp chart)
# Production: Change to your actual SMTP server hostname
host: smtp
port: 25 # change this
connType: plain # change this. Possible values: plain|ssl|tls
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
turnStatic:
v1: []
v2:
# - "turn:<IP of coturn1>:3478"
# - "turn:<IP of coturn2>:3478"
# - "turn:<IP of coturn1>:3478?transport=tcp"
# - "turn:<IP of coturn2>:3478?transport=tcp"
metrics:
serviceMonitor:
enabled: false
proxy:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
# config:
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
metrics:
serviceMonitor:
enabled: false
cannon:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
# For demo mode only, we don't need to keep websocket connections open on chart upgrades
drainTimeout: 10
config:
rabbitmq:
# Default: rabbitmq-external (for production external RabbitMQ VMs)
# CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral
host: rabbitmq-external
cassandra:
host: cassandra-external
metrics:
serviceMonitor:
enabled: false
cargohold:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
config:
aws:
# change if using real AWS
region: "eu-west-1"
s3Bucket: assets
s3Endpoint: http://minio-external:9000
s3DownloadEndpoint: https://assets.example.com
enableFederation: false # Enable to use federation
settings:
federationDomain: example.com # change this
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
metrics:
serviceMonitor:
enabled: false
galley:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
config:
cassandra:
host: cassandra-external
rabbitmq:
# Default: rabbitmq-external (for production external RabbitMQ VMs)
# CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral
host: rabbitmq-external
postgresql:
host: postgresql-external-rw # DNS name without protocol
port: "5432"
user: wire-server
dbname: wire-server
# See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html
postgresqlPool:
size: 10 # adjust pool size as needed based on expected load and available resources
# Explicitly set postgresMigration to cassandra for fresh deployments.
# This controls whether galley reads conversations/teamFeatures from Cassandra or PostgreSQL.
postgresMigration:
conversation: cassandra
conversationCodes: cassandra
teamFeatures: cassandra
enableFederation: false # Enable to use federation
settings:
# prefix URI used when inviting users to a conversation by link
conversationCodeURI: https://account.example.com/conversation-join/ # change this
federationDomain: example.com # change this
# see #RefConfigOptions in `/docs/reference` (https://github.com/wireapp/wire-server/)
featureFlags:
mls: # Keep disabled unless MLS is explicitly configured
defaults:
status: disabled
config:
protocolToggleUsers: []
defaultProtocol: mls
allowedCipherSuites: [2]
defaultCipherSuite: 2
supportedProtocols: [proteus, mls]
lockStatus: unlocked
mlsMigration: # Keep disabled unless MLS migration is explicitly configured
defaults:
status: disabled
config:
startTime: null
finalizeRegardlessAfter: null
usersThreshold: 100
clientsThreshold: 100
lockStatus: unlocked
sso: enabled-by-default
# channels: # Uncomment to enable channels by default for all newly created teams
# defaults:
# status: enabled
# config:
# allowed_to_create_channels: team-members
# allowed_to_open_channels: team-members
# lockStatus: unlocked
# NOTE: Change this to "disabled-by-default" for legalhold support
# legalhold: disabled-by-default
legalhold: disabled-permanently
teamSearchVisibility: disabled-by-default
aws:
region: "eu-west-1"
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
metrics:
serviceMonitor:
enabled: false
gundeck:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
config:
redis:
host: databases-ephemeral-redis-ephemeral # Updated hostname for redis-ephemeral chart
rabbitmq:
# Default: rabbitmq-external (for production external RabbitMQ VMs)
# CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral
host: rabbitmq-external
cassandra:
host: cassandra-external
aws:
# change if using real AWS
account: "123456789012"
region: "eu-west-1"
arnEnv: integration
queueName: integration-gundeck-events
sqsEndpoint: http://fake-aws-sqs:4568
snsEndpoint: http://fake-aws-sns:4575
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
metrics:
serviceMonitor:
enabled: false
nginz:
replicaCount: 3
config:
ws:
useProxyProtocol: false
# images:
# nginz:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
nginx_conf:
# using prod means mostly that some internal endpoints are not exposed
dns_resolver: coredns
env: prod
external_env_domain: example.com
deeplink:
endpoints:
backendURL: "https://nginz-https.example.com"
backendWSURL: "https://nginz-ssl.example.com"
teamsURL: "https://teams.example.com"
accountsURL: "https://account.example.com"
blackListURL: "https://clientblacklist.wire.com/prod"
websiteURL: "https://wire.com"
title: "My Custom Wire Backend"
# Optional -- Uncomment these if you want to direct all of your mobile users to use the same proxy.
#apiProxy:
#host: "socks5.proxy.com"
#port: 1080
#needsAuthentication: true
# For demo mode only, we don't need to keep websocket connections open on upgrade:
drainTimeout: 10
terminationGracePeriodSeconds: 30
metrics:
serviceMonitor:
enabled: false
spar:
replicaCount: 3
# image:
# tag: some-tag (only override if you want a newer/different version than what is in the chart)
config:
cassandra:
host: cassandra-external
logLevel: Debug
domain: example.com
appUri: https://nginz-https.example.com
ssoUri: https://nginz-https.example.com/sso
maxttlAuthreq: 28800
maxttlAuthresp: 28800
# maxScimTokens: 16 # uncomment this if you want to use SCIM provisioning
contacts:
- type: ContactSupport
company: YourCompany
email: email:support@example.com
# proxy:
# httpProxy: "http://proxy.example.com"
# httpsProxy: "https://proxy.example.com"
# noProxyList:
# - "local.example.com"
# - "10.23.0.0/16"
metrics:
serviceMonitor:
enabled: false
# Only needed when legalhold is enabled
legalhold:
host: "legalhold.example.com"
wireApiHost: "https://nginz-https.example.com"
metrics:
serviceMonitor:
enabled: false
# Only needed when federation is enabled
federator:
# config:
# optSettings:
# federationStrategy:
# allowedDomains:
# - example.com
tls:
useSharedFederatorSecret: true
# remoteCAContents: | # Uncomment and place the federating backends root CA certificates in chain (if there are multiple)
metrics:
serviceMonitor:
enabled: false
background-worker:
config:
federationDomain: example.com
# logLevel: Debug
rabbitmq:
# Default: rabbitmq-external (for production external RabbitMQ VMs)
# CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral
host: rabbitmq-external
cassandra:
host: cassandra-external
cassandraGalley:
host: cassandra-external
cassandraBrig:
host: cassandra-external
postgresql:
host: postgresql-external-rw # DNS name without protocol
port: "5432"
user: wire-server
dbname: wire-server
# See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html
postgresqlPool:
size: 5 # Background worker has fewer connections to DB, so smaller pool size is fine
postgresMigration:
conversation: cassandra
conversationCodes: cassandra
teamFeatures: cassandra
migrateConversations: false
migrateConversationCodes: false
migrateTeamFeatures: false
# Enable for federation
enableFederation: false
metrics:
serviceMonitor:
enabled: false