237 lines
5.2 KiB
YAML
237 lines
5.2 KiB
YAML
# Default values for motm-app
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# Application Configuration
|
|
app:
|
|
name: motm-app
|
|
version: "1.0.0"
|
|
description: "MOTM Hockey Voting Application"
|
|
|
|
# Image Configuration
|
|
image:
|
|
repository: harbor.ervine.dev/pubblic/hockey/motm-app
|
|
tag: "0.1.1"
|
|
pullPolicy: IfNotPresent
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
# tag: ""
|
|
|
|
# Image pull secrets
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
# Service Account
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
# Pod Security Context
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
# Container Security Context
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
# Service Configuration
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
targetPort: 5000
|
|
annotations: {}
|
|
|
|
# Ingress Configuration
|
|
ingress:
|
|
enabled: true
|
|
className: ""
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
hosts:
|
|
- host: motm.yourdomain.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: motm-app-tls
|
|
hosts:
|
|
- motm.yourdomain.com
|
|
|
|
# Resource Limits and Requests
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
# Autoscaling
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 80
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
# Node Selector
|
|
nodeSelector: {}
|
|
|
|
# Tolerations
|
|
tolerations: []
|
|
|
|
# Affinity
|
|
affinity: {}
|
|
|
|
# Pod Disruption Budget
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
minAvailable: 1
|
|
|
|
# Database Configuration
|
|
database:
|
|
type: "postgresql" # postgresql, mysql, sqlite
|
|
host: "postgresql-service"
|
|
port: 5432
|
|
name: "motm"
|
|
username: "motm_user"
|
|
# Password should be set via secret
|
|
# password: ""
|
|
|
|
# S3/MinIO Configuration
|
|
s3:
|
|
# Enable S3 storage (if false, uses local static files)
|
|
enabled: true
|
|
|
|
# Storage provider: "aws" or "minio"
|
|
storageProvider: "minio"
|
|
|
|
# S3/MinIO endpoint
|
|
# For AWS: "https://s3.amazonaws.com" or leave empty to use default
|
|
# For MinIO: "https://minio.example.com" or "http://minio.default.svc.cluster.local:9000"
|
|
endpoint: "http://minio.default.svc.cluster.local:9000"
|
|
|
|
# AWS region (used for AWS S3, required for boto3 even with MinIO)
|
|
region: "us-east-1"
|
|
|
|
# S3 bucket name
|
|
bucket: "hockey-apps"
|
|
|
|
# Bucket prefix/folder for assets (e.g., "assets/", "motm/", etc.)
|
|
bucketPrefix: "assets/"
|
|
|
|
# Use signed URLs for asset access (recommended for private buckets)
|
|
useSignedUrls: false
|
|
|
|
# Signed URL expiry time in seconds (default: 1 hour)
|
|
signedUrlExpiry: 3600
|
|
|
|
# Fallback to local static files if S3 access fails
|
|
fallbackToStatic: true
|
|
|
|
# SSL/TLS configuration
|
|
useSSL: false
|
|
|
|
# Credentials (should be set via secrets in production)
|
|
# These are ignored if secrets.useExternalSecret is true
|
|
accessKeyId: ""
|
|
secretAccessKey: ""
|
|
|
|
# Environment Variables
|
|
env:
|
|
FLASK_ENV: "production"
|
|
FLASK_APP: "main.py"
|
|
FLASK_RUN_HOST: "0.0.0.0"
|
|
FLASK_RUN_PORT: "5000"
|
|
PYTHONUNBUFFERED: "1"
|
|
PYTHONDONTWRITEBYTECODE: "1"
|
|
|
|
# ConfigMap for application configuration
|
|
configMap:
|
|
databaseConfig: |
|
|
[DATABASE]
|
|
type = {{ .Values.database.type }}
|
|
|
|
[MYSQL]
|
|
host = {{ .Values.database.host }}
|
|
port = {{ .Values.database.port }}
|
|
database = {{ .Values.database.name }}
|
|
username = {{ .Values.database.username }}
|
|
|
|
[POSTGRESQL]
|
|
host = {{ .Values.database.host }}
|
|
port = {{ .Values.database.port }}
|
|
database = {{ .Values.database.name }}
|
|
username = {{ .Values.database.username }}
|
|
|
|
# Secrets Configuration
|
|
secrets:
|
|
# Use an existing external secret instead of creating one
|
|
# If useExternalSecret is true, the chart will reference the external secret
|
|
# If false, the chart will create a secret with the provided values
|
|
useExternalSecret: false
|
|
externalSecretName: "" # Name of the existing secret to reference
|
|
|
|
# Secret key names (used for both external and managed secrets)
|
|
dbPasswordKey: "db-password"
|
|
s3AccessKeyKey: "s3-access-key"
|
|
s3SecretKeyKey: "s3-secret-key"
|
|
|
|
# Values for managed secret (only used when useExternalSecret is false)
|
|
# Database password
|
|
dbPassword: ""
|
|
# S3 credentials
|
|
s3AccessKey: ""
|
|
s3SecretKey: ""
|
|
|
|
# Health Checks
|
|
healthCheck:
|
|
enabled: true
|
|
path: "/"
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
|
|
# Persistence
|
|
persistence:
|
|
enabled: false
|
|
# storageClass: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
|
|
# Monitoring
|
|
monitoring:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
interval: 30s
|
|
scrapeTimeout: 10s
|
|
|
|
# Logging
|
|
logging:
|
|
level: "INFO"
|
|
format: "json"
|
|
|
|
# Labels and Annotations
|
|
labels: {}
|
|
annotations: {}
|
|
podLabels: {}
|
|
podAnnotations: {}
|
|
|