vikingowl/marktvogt.de
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
24e072b63dcb2ee18ecf09624a37ea3db5cbd3ea
marktvogt.de/backend/deploy/helm/values.yaml
T

161 lines
3.4 KiB
YAML
Raw Blame History

image:
repository: registry.itsh.dev/vikingowl/marktvogt.de/backend
tag: "latest"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: itsh-registry
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
service:
port: 80
targetPort: 8080
httpRoute:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hostname: api.marktvogt.de
gatewayName: default
gatewayNamespace: nginx-gateway
sectionName: https-api-marktvogt-de
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
# Only meaningful with replicaCount >= 2
pdb:
enabled: false
minAvailable: 1
podSecurityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# Non-sensitive configuration — rendered into a ConfigMap
config:
APP_ENV: production
APP_PORT: "8080"
APP_HOST: "0.0.0.0"
CORS_ORIGINS: "https://marktvogt.de"
DB_SSLMODE: "require"
DB_MAX_CONNS: "25"
DB_MIN_CONNS: "5"
VALKEY_DB: "0"
RATE_LIMIT_RPS: "10"
RATE_LIMIT_BURST: "20"
# Access TTL is short because the SvelteKit admin UI does not yet auto-refresh
# on 401. Bumped from 15m to 2h as a pragmatic interim. Proper fix is a
# client-side refresh-on-401 interceptor (tracked in Ship 2 handoff §4.12).
JWT_ACCESS_TTL: "2h"
JWT_SESSION_TTL: "720h"
MAGIC_LINK_TTL: "15m"
MAGIC_LINK_BASE_URL: "https://marktvogt.de/auth/magic-link/verify"
OAUTH_REDIRECT_BASE_URL: "https://api.marktvogt.de"
SMTP_PORT: "587"
SMTP_FROM: "noreply@marktvogt.de"
ADMIN_EMAIL: "contact@marktvogt.de"
FRONTEND_URL: "https://marktvogt.de"
AI_MODEL_COMPLEX: "mistral-large-latest"
# Name of the manually-created Secret containing:
# JWT_SECRET, SENTRY_DSN,
# OAUTH_{GOOGLE,APPLE,FACEBOOK,GITHUB}_{CLIENT_ID,CLIENT_SECRET}
secretName: marktvogt-backend-secrets
# SMTP credentials — passed via Woodpecker secrets during deploy.
# Rendered into a Helm-managed K8s Secret.
smtp:
host: ""
user: ""
password: ""
# AI research credentials — passed via Woodpecker secrets during deploy.
ai:
apiKey: ""
agentSimple: ""
agentDiscovery: "" # set via CI secret in production
rateLimitRps: 1
# Discovery cron — token passed via CI secrets during deploy.
discovery:
enabled: true
schedule: "0 4 * * *"
token: ""
batchSize: 4
forwardMonths: 12
# Cloudflare Turnstile — passed via Woodpecker secrets during deploy.
turnstile:
secretKey: ""
# CloudNativePG Postgres cluster
postgres:
enabled: false
name: marktvogt-pg
instances: 1
# PostGIS-enabled CNPG image — verify tag at ghcr.io/cloudnative-pg/postgis
image: ghcr.io/cloudnative-pg/postgis:17-3.5
storageSize: 5Gi
resources:
requests:
cpu: 15m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
# DragonflyDB (Redis-compatible) — managed by the DragonflyDB operator
dragonfly:
enabled: true
name: marktvogt-cache
replicas: 1
resources:
requests:
cpu: 100m
memory: 72Mi
limits:
cpu: 150m
memory: 128Mi
# Migration job (Helm pre-install/pre-upgrade hook)
migrate:
enabled: true
networkPolicy:
enabled: false
serviceAccount:
create: true
name: ""
annotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
Reference in New Issue View Git Blame Copy Permalink