141 lines
3.4 KiB
YAML
141 lines
3.4 KiB
YAML
# Deploy values pour mic-after-work-server-impl-quarkus-main sur cluster k1 (prod)
|
|
# Override du chart lions-app 1.0.1
|
|
|
|
lions-app:
|
|
|
|
image:
|
|
registry: registry.lions.dev
|
|
repository: lionsdev
|
|
name: mic-after-work-server-impl-quarkus-main
|
|
tag: "1.0.0-SNAPSHOT-20260207-170659" # AUTO-UPDATED by lionsctl pipeline
|
|
pullPolicy: IfNotPresent
|
|
pullSecrets:
|
|
- lionsregistry-secret
|
|
|
|
replicaCount: 1
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 1Gi
|
|
|
|
# Env non-sensibles
|
|
configMap:
|
|
enabled: true
|
|
envFrom: true
|
|
data:
|
|
QUARKUS_PROFILE: prod
|
|
APP_ENV: production
|
|
JAVA_OPTS: "-Xms256m -Xmx512m"
|
|
QUARKUS_HTTP_PORT: "8080"
|
|
APP_BASE_URL: https://lions.dev
|
|
QUARKUS_DATASOURCE_DB_KIND: postgresql
|
|
QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/mic-after-work-server-impl-quarkus-main
|
|
QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION: validate
|
|
STORAGE_PATH: /app/storage
|
|
# Brevo SMTP (via secret brevo-smtp optionnel dans le namespace)
|
|
QUARKUS_MAILER_MOCK: "false"
|
|
|
|
# Secrets depuis K8s Secrets existants (migration Vault à venir)
|
|
extraEnvFrom:
|
|
- secretRef:
|
|
name: mic-after-work-db-eso
|
|
- secretRef:
|
|
name: mic-after-work-oidc-eso
|
|
- secretRef:
|
|
name: brevo-smtp-eso
|
|
optional: true
|
|
|
|
externalSecret:
|
|
enabled: false # migrated to Vault via separate ESO
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
clusterIssuer: letsencrypt-prod
|
|
host: api.lions.dev
|
|
pathPrefix:
|
|
enabled: true
|
|
strip: /mic-after-work
|
|
tls:
|
|
enabled: true
|
|
rateLimit:
|
|
enabled: true
|
|
rpm: 3000
|
|
connections: 200
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
|
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
|
|
|
|
networkPolicy:
|
|
enabled: true
|
|
allowIngressFrom:
|
|
- namespaceSelector:
|
|
kubernetes.io/metadata.name: ingress-nginx
|
|
- namespaceSelector:
|
|
kubernetes.io/metadata.name: monitoring
|
|
allowEgressDNS: true
|
|
allowEgressKubeAPI: true
|
|
allowEgressTo:
|
|
- namespaceSelector:
|
|
kubernetes.io/metadata.name: postgresql
|
|
ports:
|
|
- port: 5432
|
|
protocol: TCP
|
|
- namespaceSelector:
|
|
kubernetes.io/metadata.name: keycloak
|
|
ports:
|
|
- port: 8080
|
|
protocol: TCP
|
|
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
httpGet: null
|
|
tcpSocket:
|
|
port: 8080
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
readiness:
|
|
enabled: true
|
|
httpGet: null
|
|
tcpSocket:
|
|
port: 8080
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
|
|
volumes:
|
|
tmp:
|
|
enabled: true
|
|
sizeLimit: 200Mi
|
|
logs:
|
|
enabled: true
|
|
sizeLimit: 500Mi
|
|
mountPath: /app/logs
|
|
extra:
|
|
- name: app-storage
|
|
emptyDir:
|
|
sizeLimit: 2Gi
|
|
|
|
volumeMounts:
|
|
- name: app-storage
|
|
mountPath: /app/storage
|
|
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
|
|
podAnnotations:
|
|
lionsctl.lions.dev/cluster: k1
|
|
lionsctl.lions.dev/environment: production
|