charts/hertzbeat/templates/manager/configmap.yaml (252 lines of code) (raw):
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "hertzbeat.manager" . }}"
labels:
{{- include "hertzbeat.labels" . | nindent 4 }}
data:
application.yml: |+
server:
port: 1157
spring:
application:
name: ${HOSTNAME:@hertzbeat@}${PID}
profiles:
active: prod
mvc:
static-path-pattern: /**
jackson:
default-property-inclusion: ALWAYS
web:
resources:
static-locations:
- classpath:/dist/
- classpath:../dist/
# need to disable spring boot mongodb auto config, or default mongodb connection tried and failed..
autoconfigure:
exclude: org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration, org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration
freemarker:
enabled: false
servlet:
multipart:
max-file-size: 100MB
max-request-size: 100MB
management:
health:
mail:
enabled: off
endpoints:
web:
exposure:
include:
- 'metrics'
- 'health'
- 'env'
enabled-by-default: on
sureness:
container: jakarta_servlet
auths:
- digest
- basic
- jwt
jwt:
secret: {{ .Values.manager.jwtSecretKey }}
---
spring:
config:
activate:
on-profile: prod
datasource:
driver-class-name: org.postgresql.Driver
username: root
password: {{ .Values.database.rootPassword }}
url: jdbc:postgresql://{{ include "hertzbeat.database" . }}:5432/hertzbeat
hikari:
max-lifetime: 120000
jpa:
show-sql: false
database-platform: org.eclipse.persistence.platform.database.PostgreSQLPlatform
database: postgresql
properties:
eclipselink:
logging:
level: SEVERE
flyway:
enabled: true
clean-disabled: true
baseline-on-migrate: true
baseline-version: 1
locations:
- classpath:db/migration/{vendor}
mail:
# Attention: this is mail server address.
host: smtp.qq.com
username: tancloud@qq.com
# Attention: this is not email account password, this requires an email authorization code
password: your-password
#Attention: Tencent mail smtps 465,smtp 587
port: 587
properties:
mail:
smtp:
socketFactoryClass: javax.net.ssl.SSLSocketFactory
ssl:
enable: true
common:
queue:
type: memory
warehouse:
store:
# store history metrics data, enable only one below
jpa:
enabled: false
victoria-metrics:
enabled: true
url: http://{{ include "hertzbeat.tsdb" . }}:8428
username: root
password: root
td-engine:
enabled: false
driver-class-name: com.taosdata.jdbc.rs.RestfulDriver
url: jdbc:TAOS-RS://{{ include "hertzbeat.tsdb" . }}:6041/hertzbeat
username: root
password: taosdata
greptime:
enabled: false
endpoint: localhost:4001
iot-db:
enabled: false
host: {{ include "hertzbeat.tsdb" . }}
rpc-port: 6667
username: root
password: root
# org.apache.hertzbeat.warehouse.config.IotDbVersion: V_0_13 || V_1_0
version: V_1_0
query-timeout-in-ms: -1
# 数据存储时间:默认'7776000000'(90天,单位为毫秒,-1代表永不过期)
# data expire time, unit:ms, default '7776000000'(90 days, -1:never expire)
expire-time: '7776000000'
influxdb:
enabled: false
server-url: http://127.0.0.1:8086
username: root
password: root
expire-time: '30d'
replication: 1
# store real-time metrics data, enable only one below
real-time:
memory:
enabled: true
init-size: 16
redis:
enabled: false
# redis mode: single, sentinel, cluster. Default is single
mode: single
# separate each address with comma when using cluster mode, eg: 127.0.0.1:6379,127.0.0.1:6380
address: 127.0.0.1:6379
# enter master name when using sentinel mode
masterName: mymaster
password: 123456
# redis db index, default: DB0
db: 0
alerter:
# custom console url
console-url: https://console.tancloud.io
# we work
we-work-webhook-url: https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=
# ding ding talk
ding-talk-webhook-url: https://oapi.dingtalk.com/robot/send?access_token=
# fei shu fly book
fly-book-webhook-url: https://open.feishu.cn/open-apis/bot/v2/hook/
# telegram
telegram-webhook-url: https://api.telegram.org/bot%s/sendMessage
# discord
discord-webhook-url: https://discord.com/api/v9/channels/%s/messages
# serverChan
server-chan-webhook-url: https://sctapi.ftqq.com/%s.send
# gotify
gotify-webhook-url: http://127.0.0.1/message?token=%s
scheduler:
server:
enabled: true
port: 1158
grafana:
enabled: false
url: http://127.0.0.1:3000
username: admin
password: admin
sureness.yml: |+
resourceRole:
- /api/account/auth/refresh===post===[admin,user,guest]
- /api/apps/**===get===[admin,user,guest]
- /api/monitor/**===get===[admin,user,guest]
- /api/monitor/**===post===[admin,user]
- /api/monitor/**===put===[admin,user]
- /api/monitor/**===delete==[admin]
- /api/monitors/**===get===[admin,user,guest]
- /api/monitors/**===post===[admin,user]
- /api/monitors/**===put===[admin,user]
- /api/monitors/**===delete===[admin]
- /api/alert/**===get===[admin,user,guest]
- /api/alert/**===post===[admin,user]
- /api/alert/**===put===[admin,user]
- /api/alert/**===delete===[admin]
- /api/alerts/**===get===[admin,user,guest]
- /api/alerts/**===post===[admin,user]
- /api/alerts/**===put===[admin,user]
- /api/alerts/**===delete===[admin]
- /api/notice/**===get===[admin,user,guest]
- /api/notice/**===post===[admin,user]
- /api/notice/**===put===[admin,user]
- /api/notice/**===delete===[admin]
- /api/tag/**===get===[admin,user,guest]
- /api/tag/**===post===[admin,user]
- /api/tag/**===put===[admin,user]
- /api/tag/**===delete===[admin]
- /api/summary/**===get===[admin,user,guest]
- /api/summary/**===post===[admin,user]
- /api/summary/**===put===[admin,user]
- /api/summary/**===delete===[admin]
- /api/collector/**===get===[admin,user,guest]
- /api/collector/**===post===[admin,user]
- /api/collector/**===put===[admin,user]
- /api/collector/**===delete===[admin]
- /api/status/page/**===get===[admin,user,guest]
- /api/status/page/**===post===[admin,user]
- /api/status/page/**===put===[admin,user]
- /api/status/page/**===delete===[admin]
- /api/grafana/**===get===[admin,user,guest]
- /api/grafana/**===post===[admin,user]
- /api/grafana/**===put===[admin,user]
- /api/grafana/**===delete===[admin]
- /api/bulletin/**===get===[admin,user,guest]
- /api/bulletin/**===post===[admin,user]
- /api/bulletin/**===put===[admin,user]
- /api/bulletin/**===delete===[admin]
# config the resource restful api that need bypass auth protection
# rule: api===method
# eg: /api/v1/source3===get means /api/v1/source3===get can be access by anyone, no need auth.
excludedResource:
- /api/alerts/report/**===*
- /api/alert/sse/**===*
- /api/account/auth/**===*
- /api/i18n/**===get
- /api/apps/hierarchy===get
- /api/push/**===*
- /api/status/page/public/**===*
- /api/manager/sse/**===*
# web ui resource
- /===get
- /assets/**===get
- /dashboard/**===get
- /monitors/**===get
- /alert/**===get
- /account/**===get
- /setting/**===get
- /passport/**===get
- /status/**===get
- /**/*.html===get
- /**/*.js===get
- /**/*.css===get
- /**/*.ico===get
- /**/*.ttf===get
- /**/*.png===get
- /**/*.gif===get
- /**/*.jpg===get
- /**/*.svg===get
- /**/*.json===get
- /**/*.woff===get
- /**/*.eot===get
# swagger ui resource
- /swagger-resources/**===get
- /v2/api-docs===get
- /v3/api-docs===get
# h2 database
- /h2-console/**===*
# account info config
# eg: admin has role [admin,user], password is hertzbeat
# eg: tom has role [user], password is hertzbeat
# eg: lili has role [guest], plain password is lili, salt is 123, salted password is 1A676730B0C7F54654B0E09184448289
account:
- appId: {{ .Values.manager.account.username }}
credential: {{ .Values.manager.account.password }}
role: [admin]
- appId: tom
credential: hertzbeat
role: [user]
- appId: guest
credential: hertzbeat
role: [guest]
- appId: lili
# credential = MD5(password + salt)
# plain password: hertzbeat
# attention: digest authentication does not support salted encrypted password accounts
credential: 94C6B34E7A199A9F9D4E1F208093B489
salt: 123
role: [user]