vikingowl
8f306059d8
Set web limits to 200m/256Mi to stay within the tenant-1 ResourceQuota of 1 CPU total.
71 lines
1.2 KiB
YAML
71 lines
1.2 KiB
YAML
image:
|
|
repository: somegit.dev/marktvogt.de/web
|
|
tag: "latest"
|
|
pullPolicy: IfNotPresent
|
|
|
|
imagePullSecrets:
|
|
- name: somegit
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
replicaCount: 1
|
|
|
|
service:
|
|
port: 80
|
|
targetPort: 3000
|
|
|
|
httpRoute:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hostname: marktvogt.de
|
|
gatewayName: default
|
|
gatewayNamespace: nginx-gateway
|
|
sectionName: https-marktvogt-de
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 3
|
|
targetCPUUtilizationPercentage: 80
|
|
|
|
pdb:
|
|
enabled: false
|
|
minAvailable: 1
|
|
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
fsGroup: 65534
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
config:
|
|
# Required by adapter-node — must match the public-facing origin exactly
|
|
ORIGIN: "https://marktvogt.de"
|
|
NODE_ENV: production
|
|
PORT: "3000"
|
|
HOST: "0.0.0.0"
|
|
# Cloudflare Turnstile — read at runtime via $env/dynamic/public
|
|
PUBLIC_TURNSTILE_SITE_KEY: "0x4AAAAAACjLCV-78Ql1oTPz"
|
|
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|