example gitlab auto devops config with annotations for vault, datadog, etc

auto-deploy-values.yaml

# This is a fully-formed GitLab Pipeline using Auto DevOps:
# Location: root of the code repo: .gitlab/auto-deploy-values.yaml
# https://docs.gitlab.com/ee/topics/autodevops/#features
name: my-service
replicaCount: 3
strategyType:
enableSelector:
deploymentApiVersion: apps/v1
image:
  repository: gitlab.com/myGroup/myProject/my-service
  tag: stable
  pullPolicy: Always
  secrets:
    - name: gitlab-registry
podAnnotations:
externalDNS:
  enabled: true
  sslCertArn: arn:aws:acm:us-west-2:0101010101010:certificate/70b81dfa-0363-4c2d-9538-8ffdb44a00ed
  securityPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
  baseDNS: my-service.domain.tld.
  prodDNS: domain.tld.
  prodSSLCertArn: arn:aws:acm:us-west-2:0101010101010:certificate/5ee2c953-5d3a-488c-ab4a-a019c2bf0dca
datadog:
  enabled: true
  name: myService
  version: "2.0.0"
  annotations:
    ad.datadoghq.com/my-service.logs: '[{"source":"gitlab","service":"myService"}]'
    tags.datadoghq.com/service: "myService"
    ad.datadoghq.com/my-service.check_names: '["myService"]'
vault:
  enabled: true
  fileName: "config.json"
  secretKey: "kv/my-service"
  role: "app"
  annotations:
    vault.hashicorp.com/agent-inject-template-config.json: |
      {{- with secret "kv/my-service" -}}
      {
          "dbHostname":"{{ .Data.data.dbHostname }}",
          "dbUsername":"{{ .Data.data.dbUsername }}",
          "dbPassword":"{{ .Data.data.dbPassword }}",
          "listenPort":"{{ .Data.data.listenPort }}",
      }
      {{- end }}
application:
  track: stable
  tier: web
  migrateCommand:
  initializeCommand:
  secretName:
  secretChecksum:
hpa:
  enabled: true
  minReplicas: 2
  maxReplicas: 5
  targetCPUUtilizationPercentage: 80
gitlab:
  app:
  env:
  envName:
  envURL:
service:
  enabled: true
  annotations: {}
  name: http
  type: ClusterIP
  url: http://my.host.com/
  additionalHosts:
  commonName: my-service
  externalPort: 443
  internalPort: 4000
ingress:
  enabled: false
  tls:
    enabled: true
    secretName: "my-service"
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
  modSecurity:
    enabled: false
    secRuleEngine: "DetectionOnly"
    # secRules:
    #   - variable: ""
    #     operator: ""
    #     action: ""
prometheus:
  metrics: false
livenessProbe:
  path: "/health"
  initialDelaySeconds: 15
  timeoutSeconds: 15
  scheme: "HTTP"
  probeType: "httpGet"
readinessProbe:
  path: "/health"
  initialDelaySeconds: 5
  timeoutSeconds: 3
  scheme: "HTTP"
  probeType: "httpGet"
postgresql:
  enabled: false
  managed: false
  managedClassSelector:
    #   matchLabels:
    #     stack: gitlab (This is an example. The labels should match the labels on the CloudSQLInstanceClass)

resources:
  limits:
    cpu: 1000m
    memory: 256Mi
  requests:
    cpu: 1000m
    memory: 256Mi

## Configure PodDisruptionBudget
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
#
podDisruptionBudget:
  enabled: false
  # minAvailable: 1
  maxUnavailable: 1

## Configure NetworkPolicy
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
#
networkPolicy:
  enabled: false
  spec:
    podSelector:
      matchLabels: {}
    ingress:
    - from:
      - podSelector:
          matchLabels: {}
      - namespaceSelector:
          matchLabels:
            app.gitlab.com/managed_by: gitlab

workers: {}
  # worker:
  #   replicaCount: 1
  #   terminationGracePeriodSeconds: 60
  #   command:
  #   - /bin/herokuish
  #   - procfile
  #   - start
  #   - worker
  #   preStopCommand:
  #   - /bin/herokuish
  #   - procfile
  #   - start
  #   - stop_worker