diff --git a/helm/ezscale-website/values-local.yaml b/helm/ezscale-website/values-local.yaml new file mode 100644 index 0000000..ef3e61e --- /dev/null +++ b/helm/ezscale-website/values-local.yaml @@ -0,0 +1,61 @@ +# =========================================================================== +# Local k3d/minikube cluster — fully self-contained. +# Prerequisite: mariadb-operator installed in the cluster. +# helm install mariadb-operator -n mariadb-operator --create-namespace \ +# mariadb-operator/mariadb-operator +# =========================================================================== + +image: + tag: latest + pullPolicy: Always + +imagePullSecrets: [] # no registry auth needed for locally-built images + +app: + replicaCount: 1 + resources: + requests: { cpu: 100m, memory: 256Mi } + +mariadb: + enabled: true + replicas: 1 + storage: + size: 5Gi + storageClassName: local-path + +valkey: + enabled: true + storage: + size: 1Gi + storageClassName: local-path + +migrate: + enabled: true + seed: true + seedClass: DemoDataSeeder + +ingressRoute: + enabled: false # local uses port-forward, not Traefik + +# Local dev: chart generates a random APP_KEY on first install. +# This is OK in local because there's no encrypted prod data to lose. +# In production this MUST be `secret.create=false`. +secret: + create: true + existingSecretName: "" + values: + APP_KEY: "base64:CHANGEME_GENERATE_VIA_PHP_ARTISAN_KEY_GENERATE_SHOW" + DB_PASSWORD: "local_dev_password" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + STRIPE_KEY: "" + STRIPE_SECRET: "" + +env: + APP_ENV: local + APP_DEBUG: "true" + APP_URL: http://localhost + LOG_LEVEL: debug + FILESYSTEM_DISK: local + MAIL_MAILER: log + SESSION_DOMAIN: "" diff --git a/helm/ezscale-website/values-us-prod.yaml b/helm/ezscale-website/values-us-prod.yaml new file mode 100644 index 0000000..9b55835 --- /dev/null +++ b/helm/ezscale-website/values-us-prod.yaml @@ -0,0 +1,98 @@ +# =========================================================================== +# Production: ezs-us-east-prod-01.node.ezscale.tech +# Namespace: ezscale (shared with mariadb instance + ezscale_api) +# =========================================================================== + +image: + registry: git.ezscale.cloud + repository: ezscale/website + tag: "" # SET via --set image.tag=v0.1.0 at deploy time + pullPolicy: IfNotPresent + +imagePullSecrets: + - name: gitea-registry + +app: + replicaCount: 2 + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 8 + targetCPU: 70 + resources: + requests: { cpu: 200m, memory: 512Mi } + limits: { cpu: 1500m, memory: 1536Mi } + +horizon: + replicaCount: 1 + resources: + requests: { cpu: 200m, memory: 512Mi } + limits: { cpu: 1000m, memory: 1Gi } + +scheduler: + replicaCount: 1 + resources: + requests: { cpu: 50m, memory: 128Mi } + +# Reuse the cluster's existing replicated MariaDB. +mariadb: + enabled: false + externalRef: + name: mariadb + namespace: ezscale + database: ezscale_billing + username: ezscale_billing_app + +# Per-app Valkey for sessions/cache/queue. +valkey: + enabled: true + storage: + size: 10Gi + storageClassName: longhorn + +migrate: + enabled: true + seed: false + +ingressRoute: + enabled: true + hosts: + - ezscale.cloud + - account.ezscale.cloud + - admin.ezscale.cloud + tls: + secretName: ezscale-website-tls + issuerName: letsencrypt + middlewares: + cloudflarewarp: + enabled: true + namespace: kube-system + name: cloudflarewarp + httpToHttps: + enabled: true + namespace: kube-system + name: http-to-https + +# Production NEVER lets the chart generate APP_KEY. Bootstrap procedure +# in helm/ezscale-website/README.md. +secret: + create: false + existingSecretName: ezscale-website-secrets + +env: + APP_NAME: "EZSCALE Billing" + APP_ENV: production + APP_DEBUG: "false" + APP_URL: https://ezscale.cloud + LOG_LEVEL: warning + FILESYSTEM_DISK: s3 + AWS_BUCKET: ezscale-website-prod + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT: https://gateway.storjshare.io + AWS_USE_PATH_STYLE_ENDPOINT: "true" + SESSION_DRIVER: redis + SESSION_DOMAIN: .ezscale.cloud + CACHE_STORE: redis + QUEUE_CONNECTION: redis + MAIL_MAILER: smtp + TRUSTED_PROXIES: "*"