Production Configuration - psu-libraries/scholarsphere GitHub Wiki
Production Configuration
| Environment Variable | Where set | Defaults to |
|---|---|---|
| Vault Values | ||
| DATACITE_ENDPOINT | vault secret/app/scholarsphere/prod | |
| DATACITE_PREFIX | vault secret/app/scholarsphere/prod | |
| DATACITE_PUBLISHER | vault secret/app/scholarsphere/prod | |
| DATACITE_PASSWORD | vault secret/app/scholarsphere/prod | |
| DATACITE_USERNAME | vault secret/app/scholarsphere/prod | |
| DEFAULT_URL_HOST | vault secret/app/scholarsphere/prod | |
| OAUTH_APP_ID | vault secret/app/scholarsphere/prod | |
| OAUTH_APP_SECRET | vault secret/app/scholarsphere/prod | |
| SECRET_KEY_BASE | vault secret/app/scholarsphere/prod | |
| POSTGRES_DB | vault secret/app/scholarsphere/prod | |
| POSTGRES_HOST | vault secret/app/scholarsphere/prod | |
| POSTGRES_PASSWORD | vault secret/app/scholarsphere/prod | |
| POSTGRES_USER | vault secret/app/scholarsphere/prod | |
| Helm App Values | ||
| SMTP_ADDRESS | .Values.mail.server | smtp.psu.edu |
| SMTP_PORT | .Values.mail.port | 25 |
| MAIL_DELIVERY_METHOD | .Values.mail.deliveryMethod | smtp |
| DEFAULT_URL_PROTOCOL | .Values.default_url_protocol | https |
| SOLR_USERNAME | auto generated secret "scholarsphere-solr" | |
| SOLR_PASSWORD | auto generated secret "scholarsphere-solr" | |
| REDIS_HOST | auto generated based off deployment | |
| SOLR_COLLECTION | .Values.solr.collection | scholarsphere |
| SOLR_HOST | auto generated based off deployment | |
| AWS_BUCKET | auto generated secret "scholarsphere-aws-prod" | |
| AWS_REGION | auto generated secret "scholarsphere-aws-prod" | |
| AWS_ACCESS_KEY_ID | auto generated secret "scholarsphere-aws-prod" | |
| AWS_SECRET_ACCESS_KEY | auto generated secret "scholarsphere-aws-prod" | |
| LOGRAGE_ENABLED | .Values.logging.lograge | true |
| RAILS_LOG_JSON | .Values.logging.json | true |
| DD_ENV | set based off env | prod |
| DD_AGENT_HOST | set based of host pod is running on |
Any value that gets set via vault will trump any value set via the deployment. If we want to override SMTP_ADDRESS for a short time, we could do it in vault and perform a rollout on the deployments
You can override any of the app values in the scholarsphere-config repository, by adding the values to the argocd application object. for example, the file ./argocd-prod/prod.yaml in the scholarsphere-config to turn off json logging you'd issue a PR :
---
apiVersion: argoproj.io/v1alpha1
...
spec:
...
source:
...
helm:
values: |
logging:
json: false
...
...
All other overridables, can be found here: https://github.com/psu-stewardship/scholarsphere-config/blob/main/chart/values.yaml
we shouldn't need to change too many of these, but this is where we would do things like add replicas for workers, or disable datadog, for example.
References:
Vault Client setup: https://sites.psu.edu/dltdocs/?p=5380
Vault k/v secret engine https://sites.psu.edu/dltdocs/?p=5399
Helm Values: https://helm.sh/docs/chart_template_guide/values_files/