Phase 1 MVP — echo bot factory
All checks were successful
Docker Build / build-and-push-image (push) Successful in 1m8s
All checks were successful
Docker Build / build-and-push-image (push) Successful in 1m8s
This commit is contained in:
106
chart/values.yaml
Normal file
106
chart/values.yaml
Normal file
@@ -0,0 +1,106 @@
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: gitea.arcodange.lab/arcodange/homelab-gateway
|
||||
pullPolicy: Always
|
||||
tag: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
automount: true
|
||||
annotations: {}
|
||||
name: ""
|
||||
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
runAsGroup: 65532
|
||||
fsGroup: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8080
|
||||
|
||||
# Public exposure via Traefik. Cloudflare routes *.arcodange.fr to the home lab
|
||||
# already, so we just declare the hostname here. CF terminates TLS, Traefik
|
||||
# receives plain HTTP on entrypoint `web`.
|
||||
ingress:
|
||||
enabled: true
|
||||
className: ""
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
traefik.ingress.kubernetes.io/router.middlewares: kube-system-crowdsec@kubernetescrd
|
||||
hosts:
|
||||
- host: tg.arcodange.fr
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: http
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 3
|
||||
targetCPUUtilizationPercentage: 80
|
||||
|
||||
# Bot routing config — non-secret, becomes the bots.yaml ConfigMap entry.
|
||||
# Tokens & secret_token values live in a k8s Secret named `secret.name`.
|
||||
# In Phase 1 the Secret is created out-of-band (kubectl create secret); in a
|
||||
# later phase Vault will produce it via VSO (toggle `vault.enabled`).
|
||||
bots:
|
||||
factory:
|
||||
handler: echo
|
||||
|
||||
# k8s Secret consumed by `envFrom`. Phase 1: create it manually with kubectl.
|
||||
# kubectl -n homelab-gateway create secret generic homelab-gateway-bots \
|
||||
# --from-literal=BOT_FACTORY_TOKEN=… --from-literal=BOT_FACTORY_SECRET=…
|
||||
secret:
|
||||
name: homelab-gateway-bots
|
||||
|
||||
# Vault Secrets Operator integration (Phase 2+). When enabled, VSO writes the
|
||||
# secret named `secret.name` automatically from `kvv2/homelab-gateway/config`.
|
||||
vault:
|
||||
enabled: false
|
||||
role: homelab-gateway
|
||||
mount: kvv2
|
||||
path: homelab-gateway/config
|
||||
refreshAfter: 30s
|
||||
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: pi1
|
||||
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
Reference in New Issue
Block a user