feat(helm): chart skeleton (Chart.yaml, values, helpers)
Initial scaffold for the ezscale-website chart. Defaults assume self-contained local dev (in-cluster MariaDB + Valkey). Production overrides will live in values-us-prod.yaml. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
160
helm/ezscale-website/values.yaml
Normal file
160
helm/ezscale-website/values.yaml
Normal file
@@ -0,0 +1,160 @@
|
||||
# Default values: lean toward "self-contained dev cluster" so `helm install`
|
||||
# with no flags produces a working stack on a local k3d. Production values
|
||||
# live in values-us-prod.yaml and disable the in-cluster MariaDB/Valkey when
|
||||
# pointing at the existing ezscale-namespace MariaDB.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
registry: git.ezscale.cloud
|
||||
repository: ezscale/website
|
||||
# The chart appends `-{role}-{tag}` to derive each role's image.
|
||||
# Override `tag` per-release via --set image.tag=v0.1.0
|
||||
tag: latest
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
imagePullSecrets:
|
||||
- name: gitea-registry
|
||||
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
# --- App (php-fpm + nginx sidecar) ---
|
||||
app:
|
||||
replicaCount: 1
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 8
|
||||
targetCPU: 70
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
|
||||
# --- Horizon ---
|
||||
horizon:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
|
||||
# --- Scheduler ---
|
||||
scheduler:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
|
||||
# --- In-cluster MariaDB (mariadb-operator CRD) ---
|
||||
mariadb:
|
||||
enabled: true
|
||||
# When enabled, deploys a MariaDB CR named `{release}-mariadb` in this
|
||||
# release's namespace. When disabled, the chart still creates Database/User/
|
||||
# Grant CRDs but they reference an externally-managed MariaDB CR via
|
||||
# `mariadb.externalRef`.
|
||||
externalRef:
|
||||
name: "" # e.g. "mariadb"
|
||||
namespace: "" # e.g. "ezscale"
|
||||
image: mariadb:11.4
|
||||
replicas: 1
|
||||
storage:
|
||||
size: 5Gi
|
||||
storageClassName: local-path
|
||||
rootPasswordSecret: "" # if empty, chart generates a random secret
|
||||
database: ezscale_billing
|
||||
username: ezscale_billing_app
|
||||
|
||||
# --- In-cluster Valkey (StatefulSet) ---
|
||||
valkey:
|
||||
enabled: true
|
||||
image: valkey/valkey:9-alpine
|
||||
password: "" # if empty, chart generates a random secret
|
||||
maxmemory: "1gb"
|
||||
storage:
|
||||
size: 5Gi
|
||||
storageClassName: local-path
|
||||
|
||||
# --- Migration Job (Helm hook) ---
|
||||
migrate:
|
||||
enabled: true
|
||||
seed: false
|
||||
seedClass: ProductionSeeder
|
||||
|
||||
# --- Ingress (Traefik IngressRoute) ---
|
||||
ingressRoute:
|
||||
enabled: false
|
||||
hosts:
|
||||
- ezscale.cloud
|
||||
- account.ezscale.cloud
|
||||
- admin.ezscale.cloud
|
||||
tls:
|
||||
secretName: ezscale-website-tls
|
||||
issuerName: letsencrypt
|
||||
middlewares:
|
||||
cloudflarewarp:
|
||||
enabled: false
|
||||
namespace: kube-system
|
||||
name: cloudflarewarp
|
||||
httpToHttps:
|
||||
enabled: false
|
||||
namespace: kube-system
|
||||
name: http-to-https
|
||||
|
||||
# --- Service ---
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
|
||||
# --- Non-secret env vars (rendered into ConfigMap) ---
|
||||
env:
|
||||
APP_NAME: "EZSCALE Billing"
|
||||
APP_ENV: production
|
||||
APP_DEBUG: "false"
|
||||
APP_URL: https://ezscale.cloud
|
||||
APP_MAINTENANCE_DRIVER: file
|
||||
LOG_CHANNEL: stack
|
||||
LOG_STACK: single
|
||||
LOG_LEVEL: info
|
||||
DB_CONNECTION: mysql
|
||||
DB_PORT: "3306"
|
||||
DB_DATABASE: ezscale_billing
|
||||
DB_USERNAME: ezscale_billing_app
|
||||
REDIS_CLIENT: phpredis
|
||||
REDIS_PORT: "6379"
|
||||
SESSION_DRIVER: redis
|
||||
SESSION_LIFETIME: "120"
|
||||
SESSION_DOMAIN: .ezscale.cloud
|
||||
CACHE_STORE: redis
|
||||
QUEUE_CONNECTION: redis
|
||||
BROADCAST_CONNECTION: log
|
||||
FILESYSTEM_DISK: s3
|
||||
MAIL_MAILER: smtp
|
||||
AWS_DEFAULT_REGION: us-east-1
|
||||
AWS_USE_PATH_STYLE_ENDPOINT: "true"
|
||||
|
||||
# --- Secret references (chart does NOT generate APP_KEY or Passport keys) ---
|
||||
secret:
|
||||
# When false, chart assumes a Secret named `secret.existingSecretName` is
|
||||
# already present. This is the production path.
|
||||
create: false
|
||||
existingSecretName: ezscale-website-secrets
|
||||
# Used only when create=true (local dev convenience).
|
||||
values: {}
|
||||
|
||||
# --- Probes ---
|
||||
healthCheck:
|
||||
livenessPath: /up
|
||||
readinessPath: /up
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
Reference in New Issue
Block a user