marktvogt.de/web/deploy/helm/values.yaml

image:
  repository: somegit.dev/marktvogt.de/web
  tag: "latest"
  pullPolicy: IfNotPresent

imagePullSecrets:
  - name: somegit

nameOverride: ""
fullnameOverride: ""

replicaCount: 1

service:
  port: 80
  targetPort: 3000

httpRoute:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hostname: marktvogt.de
  gatewayName: default
  gatewayNamespace: nginx-gateway

resources:
  requests:
    cpu: 50m
    memory: 64Mi
  limits:
    cpu: 150m
    memory: 128Mi

autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 3
  targetCPUUtilizationPercentage: 80

pdb:
  enabled: false
  minAvailable: 1

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 65534
  fsGroup: 65534
  seccompProfile:
    type: RuntimeDefault

securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL

config:
  # Required by adapter-node — must match the public-facing origin exactly
  ORIGIN: "https://marktvogt.de"
  NODE_ENV: production
  PORT: "3000"
  HOST: "0.0.0.0"
  # Cloudflare Turnstile — read at runtime via $env/dynamic/public
  PUBLIC_TURNSTILE_SITE_KEY: "0x4AAAAAACjLCV-78Ql1oTPz"

nodeSelector: {}
tolerations: []
affinity: {}