320 lines
10 KiB
Plaintext
320 lines
10 KiB
Plaintext
# Provisioning Platform Environment Configuration
|
|
# Copy this file to .env and customize for your deployment
|
|
|
|
#==============================================================================
|
|
# PLATFORM MODE
|
|
#==============================================================================
|
|
# Deployment mode: solo, multi-user, cicd, enterprise
|
|
PROVISIONING_MODE=solo
|
|
|
|
# Platform metadata
|
|
PLATFORM_NAME=provisioning
|
|
PLATFORM_VERSION=3.0.0
|
|
PLATFORM_ENVIRONMENT=development
|
|
|
|
#==============================================================================
|
|
# NETWORK CONFIGURATION
|
|
#==============================================================================
|
|
# Docker network subnet
|
|
NETWORK_SUBNET=172.20.0.0/16
|
|
NETWORK_GATEWAY=172.20.0.1
|
|
|
|
# External access
|
|
EXTERNAL_DOMAIN=provisioning.local
|
|
ENABLE_TLS=false
|
|
TLS_CERT_PATH=/etc/ssl/certs/provisioning.crt
|
|
TLS_KEY_PATH=/etc/ssl/private/provisioning.key
|
|
|
|
#==============================================================================
|
|
# ORCHESTRATOR SERVICE
|
|
#==============================================================================
|
|
ORCHESTRATOR_ENABLED=true
|
|
ORCHESTRATOR_HOST=0.0.0.0
|
|
ORCHESTRATOR_PORT=8080
|
|
ORCHESTRATOR_WORKERS=4
|
|
ORCHESTRATOR_LOG_LEVEL=info
|
|
ORCHESTRATOR_DATA_DIR=/data
|
|
ORCHESTRATOR_STORAGE_TYPE=filesystem
|
|
ORCHESTRATOR_MAX_CONCURRENT_TASKS=5
|
|
ORCHESTRATOR_RETRY_ATTEMPTS=3
|
|
|
|
# CPU and memory limits
|
|
ORCHESTRATOR_CPU_LIMIT=2000m
|
|
ORCHESTRATOR_MEMORY_LIMIT=2048M
|
|
|
|
#==============================================================================
|
|
# CONTROL CENTER SERVICE
|
|
#==============================================================================
|
|
CONTROL_CENTER_ENABLED=true
|
|
CONTROL_CENTER_HOST=0.0.0.0
|
|
CONTROL_CENTER_PORT=8081
|
|
CONTROL_CENTER_LOG_LEVEL=info
|
|
CONTROL_CENTER_DATABASE_TYPE=rocksdb
|
|
CONTROL_CENTER_SESSION_TIMEOUT=3600
|
|
|
|
# JWT Configuration
|
|
CONTROL_CENTER_JWT_SECRET=CHANGE_ME_RANDOM_SECRET_HERE
|
|
CONTROL_CENTER_ACCESS_TOKEN_EXPIRATION=3600
|
|
CONTROL_CENTER_REFRESH_TOKEN_EXPIRATION=86400
|
|
|
|
# CPU and memory limits
|
|
CONTROL_CENTER_CPU_LIMIT=1000m
|
|
CONTROL_CENTER_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# COREDNS SERVICE
|
|
#==============================================================================
|
|
COREDNS_ENABLED=true
|
|
COREDNS_PORT=53
|
|
COREDNS_TCP_PORT=53
|
|
COREDNS_ZONES_DIR=/zones
|
|
COREDNS_LOG_LEVEL=info
|
|
|
|
# CPU and memory limits
|
|
COREDNS_CPU_LIMIT=500m
|
|
COREDNS_MEMORY_LIMIT=512M
|
|
|
|
#==============================================================================
|
|
# GITEA SERVICE (Multi-user mode and above)
|
|
#==============================================================================
|
|
GITEA_ENABLED=false
|
|
GITEA_HTTP_PORT=3000
|
|
GITEA_SSH_PORT=222
|
|
GITEA_DOMAIN=localhost
|
|
GITEA_ROOT_URL=http://localhost:3000/
|
|
GITEA_DB_TYPE=sqlite3
|
|
GITEA_SECRET_KEY=CHANGE_ME_GITEA_SECRET_KEY
|
|
|
|
# Admin user (created on first run)
|
|
GITEA_ADMIN_USERNAME=provisioning
|
|
GITEA_ADMIN_PASSWORD=CHANGE_ME_ADMIN_PASSWORD
|
|
GITEA_ADMIN_EMAIL=admin@provisioning.local
|
|
|
|
# CPU and memory limits
|
|
GITEA_CPU_LIMIT=1000m
|
|
GITEA_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# OCI REGISTRY SERVICE
|
|
#==============================================================================
|
|
OCI_REGISTRY_ENABLED=true
|
|
OCI_REGISTRY_TYPE=zot
|
|
OCI_REGISTRY_PORT=5000
|
|
OCI_REGISTRY_NAMESPACE=provisioning-extensions
|
|
OCI_REGISTRY_LOG_LEVEL=info
|
|
|
|
# Authentication (disabled for solo mode)
|
|
OCI_REGISTRY_AUTH_ENABLED=false
|
|
OCI_REGISTRY_AUTH_HTPASSWD_PATH=/etc/registry/htpasswd
|
|
|
|
# Storage
|
|
OCI_REGISTRY_STORAGE_ROOT=/var/lib/registry
|
|
OCI_REGISTRY_DEDUPE_ENABLED=true
|
|
|
|
# CPU and memory limits
|
|
OCI_REGISTRY_CPU_LIMIT=1000m
|
|
OCI_REGISTRY_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# EXTENSION REGISTRY SERVICE
|
|
#==============================================================================
|
|
EXTENSION_REGISTRY_ENABLED=true
|
|
EXTENSION_REGISTRY_HOST=0.0.0.0
|
|
EXTENSION_REGISTRY_PORT=8082
|
|
EXTENSION_REGISTRY_LOG_LEVEL=info
|
|
EXTENSION_REGISTRY_DATA_DIR=/app/data
|
|
|
|
# OCI integration
|
|
EXTENSION_REGISTRY_OCI_URL=http://oci-registry:5000
|
|
EXTENSION_REGISTRY_NAMESPACE=provisioning-extensions
|
|
|
|
# CPU and memory limits
|
|
EXTENSION_REGISTRY_CPU_LIMIT=500m
|
|
EXTENSION_REGISTRY_MEMORY_LIMIT=512M
|
|
|
|
#==============================================================================
|
|
# PROVISIONING API SERVER SERVICE
|
|
#==============================================================================
|
|
API_SERVER_ENABLED=false
|
|
API_SERVER_HOST=0.0.0.0
|
|
API_SERVER_PORT=8083
|
|
API_SERVER_LOG_LEVEL=info
|
|
|
|
# JWT Configuration
|
|
API_SERVER_JWT_SECRET=CHANGE_ME_API_SERVER_JWT_SECRET
|
|
API_SERVER_TOKEN_EXPIRATION=3600
|
|
|
|
# Integration
|
|
API_SERVER_ORCHESTRATOR_URL=http://orchestrator:8080
|
|
API_SERVER_CONTROL_CENTER_URL=http://control-center:8081
|
|
|
|
# CPU and memory limits
|
|
API_SERVER_CPU_LIMIT=1000m
|
|
API_SERVER_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# MCP SERVER SERVICE (Optional)
|
|
#==============================================================================
|
|
MCP_SERVER_ENABLED=false
|
|
MCP_SERVER_HOST=0.0.0.0
|
|
MCP_SERVER_PORT=8084
|
|
MCP_SERVER_PROTOCOL=http
|
|
MCP_SERVER_LOG_LEVEL=info
|
|
|
|
# Capabilities
|
|
MCP_SERVER_TOOLS_ENABLED=true
|
|
MCP_SERVER_PROMPTS_ENABLED=true
|
|
MCP_SERVER_RESOURCES_ENABLED=true
|
|
|
|
# CPU and memory limits
|
|
MCP_SERVER_CPU_LIMIT=500m
|
|
MCP_SERVER_MEMORY_LIMIT=512M
|
|
|
|
#==============================================================================
|
|
# DATABASE SERVICE (PostgreSQL for enterprise mode)
|
|
#==============================================================================
|
|
POSTGRES_ENABLED=false
|
|
POSTGRES_HOST=postgres
|
|
POSTGRES_PORT=5432
|
|
POSTGRES_DB=provisioning
|
|
POSTGRES_USER=provisioning
|
|
POSTGRES_PASSWORD=CHANGE_ME_POSTGRES_PASSWORD
|
|
|
|
# CPU and memory limits
|
|
POSTGRES_CPU_LIMIT=2000m
|
|
POSTGRES_MEMORY_LIMIT=2048M
|
|
|
|
#==============================================================================
|
|
# COSMIAN KMS SERVICE (Enterprise mode)
|
|
#==============================================================================
|
|
KMS_ENABLED=false
|
|
KMS_SERVER=http://kms:9998
|
|
KMS_AUTH_METHOD=certificate
|
|
KMS_CERT_PATH=/etc/kms/client.crt
|
|
KMS_KEY_PATH=/etc/kms/client.key
|
|
|
|
# CPU and memory limits
|
|
KMS_CPU_LIMIT=1000m
|
|
KMS_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# HARBOR REGISTRY (Enterprise mode alternative to Zot)
|
|
#==============================================================================
|
|
HARBOR_ENABLED=false
|
|
HARBOR_ADMIN_PASSWORD=CHANGE_ME_HARBOR_ADMIN_PASSWORD
|
|
HARBOR_DATABASE_PASSWORD=CHANGE_ME_HARBOR_DB_PASSWORD
|
|
HARBOR_CORE_SECRET=CHANGE_ME_HARBOR_CORE_SECRET
|
|
HARBOR_JOBSERVICE_SECRET=CHANGE_ME_HARBOR_JOBSERVICE_SECRET
|
|
|
|
# CPU and memory limits
|
|
HARBOR_CORE_CPU_LIMIT=2000m
|
|
HARBOR_CORE_MEMORY_LIMIT=2048M
|
|
|
|
#==============================================================================
|
|
# MONITORING STACK (Prometheus, Grafana)
|
|
#==============================================================================
|
|
MONITORING_ENABLED=false
|
|
PROMETHEUS_PORT=9090
|
|
PROMETHEUS_RETENTION_TIME=15d
|
|
GRAFANA_PORT=3001
|
|
GRAFANA_ADMIN_PASSWORD=CHANGE_ME_GRAFANA_PASSWORD
|
|
|
|
# CPU and memory limits
|
|
PROMETHEUS_CPU_LIMIT=2000m
|
|
PROMETHEUS_MEMORY_LIMIT=2048M
|
|
GRAFANA_CPU_LIMIT=500m
|
|
GRAFANA_MEMORY_LIMIT=512M
|
|
|
|
#==============================================================================
|
|
# LOGGING STACK (Loki, Promtail)
|
|
#==============================================================================
|
|
LOGGING_ENABLED=false
|
|
LOKI_PORT=3100
|
|
LOKI_RETENTION_PERIOD=168h
|
|
|
|
# CPU and memory limits
|
|
LOKI_CPU_LIMIT=1000m
|
|
LOKI_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# ELASTICSEARCH + KIBANA (Enterprise audit logs)
|
|
#==============================================================================
|
|
ELASTICSEARCH_ENABLED=false
|
|
ELASTICSEARCH_PORT=9200
|
|
ELASTICSEARCH_CLUSTER_NAME=provisioning-logs
|
|
ELASTICSEARCH_HEAP_SIZE=1g
|
|
KIBANA_PORT=5601
|
|
|
|
# CPU and memory limits
|
|
ELASTICSEARCH_CPU_LIMIT=2000m
|
|
ELASTICSEARCH_MEMORY_LIMIT=2048M
|
|
KIBANA_CPU_LIMIT=1000m
|
|
KIBANA_MEMORY_LIMIT=1024M
|
|
|
|
#==============================================================================
|
|
# NGINX REVERSE PROXY
|
|
#==============================================================================
|
|
NGINX_ENABLED=false
|
|
NGINX_HTTP_PORT=80
|
|
NGINX_HTTPS_PORT=443
|
|
NGINX_WORKER_PROCESSES=4
|
|
NGINX_WORKER_CONNECTIONS=1024
|
|
|
|
# Rate limiting
|
|
NGINX_RATE_LIMIT_ENABLED=true
|
|
NGINX_RATE_LIMIT_REQUESTS=100
|
|
NGINX_RATE_LIMIT_PERIOD=1m
|
|
|
|
# CPU and memory limits
|
|
NGINX_CPU_LIMIT=500m
|
|
NGINX_MEMORY_LIMIT=256M
|
|
|
|
#==============================================================================
|
|
# BACKUP CONFIGURATION
|
|
#==============================================================================
|
|
BACKUP_ENABLED=false
|
|
BACKUP_SCHEDULE=0 2 * * *
|
|
BACKUP_RETENTION_DAYS=7
|
|
BACKUP_STORAGE_PATH=/backup
|
|
|
|
#==============================================================================
|
|
# SECURITY CONFIGURATION
|
|
#==============================================================================
|
|
# Enable security scanning
|
|
SECURITY_SCAN_ENABLED=false
|
|
|
|
# Secrets encryption
|
|
SECRETS_ENCRYPTION_ENABLED=false
|
|
SECRETS_KEY_PATH=/etc/provisioning/secrets.key
|
|
|
|
# Network policies
|
|
NETWORK_POLICIES_ENABLED=false
|
|
|
|
#==============================================================================
|
|
# RESOURCE LIMITS DEFAULTS
|
|
#==============================================================================
|
|
DEFAULT_CPU_LIMIT=1000m
|
|
DEFAULT_MEMORY_LIMIT=1024M
|
|
DEFAULT_RESTART_POLICY=unless-stopped
|
|
|
|
#==============================================================================
|
|
# HEALTHCHECK CONFIGURATION
|
|
#==============================================================================
|
|
HEALTHCHECK_INTERVAL=30s
|
|
HEALTHCHECK_TIMEOUT=10s
|
|
HEALTHCHECK_RETRIES=3
|
|
HEALTHCHECK_START_PERIOD=30s
|
|
|
|
#==============================================================================
|
|
# LOGGING CONFIGURATION
|
|
#==============================================================================
|
|
LOG_DRIVER=json-file
|
|
LOG_MAX_SIZE=10m
|
|
LOG_MAX_FILE=3
|
|
|
|
#==============================================================================
|
|
# USER AND PERMISSION CONFIGURATION
|
|
#==============================================================================
|
|
USER_UID=1000
|
|
USER_GID=1000
|