diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index 9f44cc835..1730546f3 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -222,12 +222,6 @@ homepage: href: https://mail-cl01tl.boreal-beaufort.ts.net siteMonitor: http://roundcube.roundcube:80 statusStyle: dot - - Web Design: - icon: sh-penpot-light.svg - description: Penpot - href: https://penpot-cl01tl.boreal-beaufort.ts.net - siteMonitor: http://penpot-frontend.penpot:80 - statusStyle: dot - Code: - Code (Public): icon: sh-gitea.svg diff --git a/clusters/cl01tl/applications/penpot/Chart.yaml b/clusters/cl01tl/applications/penpot/Chart.yaml deleted file mode 100644 index 93b081926..000000000 --- a/clusters/cl01tl/applications/penpot/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v2 -name: penpot -version: 1.0.0 -description: Penpot -keywords: - - penpot - - design -home: https://wiki.alexlebens.dev/doc/penpot-14qHE5jOUd -sources: - - https://github.com/penpot/penpot - - https://github.com/minio/operator - - https://github.com/valkey-io/valkey - - https://github.com/cloudnative-pg/cloudnative-pg - - https://hub.docker.com/r/penpotapp/frontend - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/minio/operator/tree/master/helm/tenant - - https://github.com/bitnami/charts/tree/main/bitnami/valkey - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: penpot - repository: https://bjw-s.github.io/helm-charts/ - version: 3.6.0 - - name: tenant - version: 6.0.4 - alias: minio - repository: https://operator.min.io/ - - name: valkey - version: 2.2.1 - repository: https://charts.bitnami.com/bitnami - - name: postgres-cluster - alias: postgres-17-cluster - version: 4.1.3 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/penpot.png -appVersion: 2.3.3 diff --git a/clusters/cl01tl/applications/penpot/templates/config-map.yaml b/clusters/cl01tl/applications/penpot/templates/config-map.yaml deleted file mode 100644 index d0d81b808..000000000 --- a/clusters/cl01tl/applications/penpot/templates/config-map.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: penpot-frontend-nginx - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-frontend-nginx - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -data: - nginx.conf: | - include /etc/nginx/modules-enabled/*.conf; - - events { - worker_connections 2048; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_requests 30; - keepalive_timeout 65; - types_hash_max_size 2048; - - server_tokens off; - - reset_timedout_connection on; - client_body_timeout 30s; - client_header_timeout 30s; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - error_log /dev/stdout; - access_log /dev/stdout; - - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_static on; - gzip_comp_level 4; - gzip_buffers 16 8k; - gzip_http_version 1.1; - - gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json; - - resolver 127.0.0.11; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 80 default_server; - server_name _; - - client_max_body_size 100M; - charset utf-8; - - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - etag off; - root /var/www/app/; - - location ~* \.(js|css).*$ { - add_header Cache-Control "max-age=86400" always; # 24 hours - } - - location ~* \.(html).*$ { - add_header Cache-Control "no-cache, max-age=0" always; - } - - location /api/export { - proxy_pass http://penpot-exporter:6061; - } - - location /api { - proxy_pass http://penpot-backend:6060/api; - } - - location /ws/notifications { - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_pass http://penpot-backend:6060/ws/notifications; - } - - location @handle_redirect { - set $redirect_uri "$upstream_http_location"; - set $redirect_host "$upstream_http_x_host"; - set $redirect_cache_control "$upstream_http_cache_control"; - - proxy_buffering off; - - proxy_set_header Host "$redirect_host"; - proxy_hide_header etag; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header x-amz-meta-server-side-encryption; - proxy_hide_header x-amz-server-side-encryption; - proxy_pass $redirect_uri; - - add_header x-internal-redirect "$redirect_uri"; - add_header x-cache-control "$redirect_cache_control"; - add_header cache-control "$redirect_cache_control"; - } - - location /assets { - proxy_pass http://penpot-backend:6060/assets; - recursive_error_pages on; - proxy_intercept_errors on; - error_page 301 302 307 = @handle_redirect; - } - - location /internal/assets { - internal; - alias /opt/data/assets; - add_header x-internal-redirect "$upstream_http_x_accel_redirect"; - } - } - } diff --git a/clusters/cl01tl/applications/penpot/templates/external-secret.yaml b/clusters/cl01tl/applications/penpot/templates/external-secret.yaml deleted file mode 100644 index ae3d3d24a..000000000 --- a/clusters/cl01tl/applications/penpot/templates/external-secret.yaml +++ /dev/null @@ -1,228 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/penpot/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: auth - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/penpot - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/penpot - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-bucket-user-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-bucket-user-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/penpot/minio/auth - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/penpot/minio/auth - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-minio-root-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-minio-root-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/penpot/minio/root - metadataPolicy: None - property: config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-minio-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-minio-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.env - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/penpot/minio/config - metadataPolicy: None - property: config.env - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-data-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-data-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/penpot/penpot-data" - data: - - secretKey: BUCKET_ENDPOINT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/volsync-backups - metadataPolicy: None - property: secret_key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: penpot-postgresql-17-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-postgresql-17-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl/applications/penpot/templates/replication-source.yaml b/clusters/cl01tl/applications/penpot/templates/replication-source.yaml deleted file mode 100644 index 441ccdfac..000000000 --- a/clusters/cl01tl/applications/penpot/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: penpot-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: penpot-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: penpot-data - trigger: - schedule: 0 0 */3 * * - restic: - pruneIntervalDays: 30 - repository: penpot-data-backup-secret - retain: - hourly: 1 - daily: 1 - weekly: 1 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block-delete - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/penpot/values.yaml b/clusters/cl01tl/applications/penpot/values.yaml deleted file mode 100644 index dcecf4d5d..000000000 --- a/clusters/cl01tl/applications/penpot/values.yaml +++ /dev/null @@ -1,407 +0,0 @@ -penpot: - defaultPodOptions: - securityContext: - fsGroup: 1001 - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - penpot - topologyKey: "kubernetes.io/hostname" - controllers: - frontend: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: penpotapp/frontend - tag: 2.4.1 - pullPolicy: IfNotPresent - env: - - name: PENPOT_PUBLIC_URI - value: https://penpot-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_FLAGS - value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning - - name: PENPOT_SECRET_KEY - valueFrom: - secretKeyRef: - name: penpot-key-secret - key: key - - name: PENPOT_DATABASE_URI - value: postgresql://penpot-postgresql-17-cluster-rw:5432/app - - name: PENPOT_DATABASE_USERNAME - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: username - - name: PENPOT_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: password - - name: PENPOT_REDIS_URI - value: redis://penpot-valkey-headless.penpot.svc.cluster.local:6379/0 - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: assets-s3 - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: us-east-1 - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: penpot - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_TELEMETRY_ENABLED - value: false - - name: PENPOT_OIDC_BASE_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: client - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: secret - - name: PENPOT_OIDC_AUTH_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - - name: PENPOT_OIDC_TOKEN_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - - name: PENPOT_OIDC_USER_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - - name: PENPOT_OIDC_SCOPES - value: "openid profile email" - - name: PENPOT_OIDC_NAME_ATTR - value: preferred_username - - name: PENPOT_OIDC_EMAIL_ATTR - value: email - envFrom: - - secretRef: - name: penpot-bucket-user-secret - resources: - requests: - cpu: 10m - memory: 128Mi - backend: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: penpotapp/backend - tag: 2.4.1 - pullPolicy: IfNotPresent - env: - - name: PENPOT_PUBLIC_URI - value: https://penpot-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_FLAGS - value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning - - name: PENPOT_SECRET_KEY - valueFrom: - secretKeyRef: - name: penpot-key-secret - key: key - - name: PENPOT_DATABASE_URI - value: postgresql://penpot-postgresql-17-cluster-rw:5432/app - - name: PENPOT_DATABASE_USERNAME - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: username - - name: PENPOT_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: password - - name: PENPOT_REDIS_URI - value: redis://penpot-valkey-headless.penpot.svc.cluster.local:6379/0 - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: assets-s3 - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: us-east-1 - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: penpot - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_TELEMETRY_ENABLED - value: false - - name: PENPOT_OIDC_BASE_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: client - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: secret - - name: PENPOT_OIDC_AUTH_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - - name: PENPOT_OIDC_TOKEN_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - - name: PENPOT_OIDC_USER_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - - name: PENPOT_OIDC_SCOPES - value: "openid profile email" - - name: PENPOT_OIDC_NAME_ATTR - value: preferred_username - - name: PENPOT_OIDC_EMAIL_ATTR - value: email - envFrom: - - secretRef: - name: penpot-bucket-user-secret - securityContext: - runAsUser: 1001 - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - resources: - requests: - cpu: 10m - memory: 1Gi - exporter: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: penpotapp/exporter - tag: 2.4.1 - pullPolicy: IfNotPresent - env: - - name: PENPOT_PUBLIC_URI - value: https://penpot-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_FLAGS - value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning - - name: PENPOT_SECRET_KEY - valueFrom: - secretKeyRef: - name: penpot-key-secret - key: key - - name: PENPOT_DATABASE_URI - value: postgresql://penpot-postgresql-17-cluster-rw:5432/app - - name: PENPOT_DATABASE_USERNAME - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: username - - name: PENPOT_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: penpot-postgresql-17-cluster-app - key: password - - name: PENPOT_REDIS_URI - value: redis://penpot-valkey-headless.penpot.svc.cluster.local:6379/0 - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: assets-s3 - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: us-east-1 - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: penpot - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net - - name: PENPOT_TELEMETRY_ENABLED - value: false - - name: PENPOT_OIDC_BASE_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: client - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: penpot-oidc-secret - key: secret - - name: PENPOT_OIDC_AUTH_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - - name: PENPOT_OIDC_TOKEN_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - - name: PENPOT_OIDC_USER_URI - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - - name: PENPOT_OIDC_SCOPES - value: "openid profile email" - - name: PENPOT_OIDC_NAME_ATTR - value: preferred_username - - name: PENPOT_OIDC_EMAIL_ATTR - value: email - envFrom: - - secretRef: - name: penpot-bucket-user-secret - securityContext: - runAsUser: 1001 - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - resources: - requests: - cpu: 10m - memory: 256Mi - serviceAccount: - create: true - service: - frontend: - controller: frontend - ports: - http: - port: 80 - targetPort: 80 - protocol: HTTP - backend: - controller: backend - ports: - http: - port: 6060 - targetPort: 6060 - protocol: HTTP - exporter: - controller: exporter - ports: - http: - port: 6061 - targetPort: 6061 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: penpot-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: penpot-frontend - port: 80 - - path: /api - pathType: Prefix - service: - name: penpot-backend - port: 6060 - - path: /api/export - pathType: Prefix - service: - name: penpot-exporter - port: 6061 - - path: /assets - pathType: Prefix - service: - name: penpot-backend - port: 6060 - - path: /ws/notifications - pathType: Prefix - service: - name: penpot-backend - port: 6060 - tls: - - hosts: - - penpot-cl01tl - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 8Gi - retain: true - advancedMounts: - frontend: - main: - - path: /opt/data - readOnly: false - backend: - main: - - path: /opt/data - readOnly: false - config: - enabled: true - type: configMap - name: penpot-frontend-nginx - advancedMounts: - frontend: - main: - - path: /etc/nginx/nginx.conf - readOnly: true - mountPropagation: None - subPath: nginx.conf -valkey: - architecture: standalone - auth: - enabled: false -minio: - existingSecret: - name: penpot-minio-root-secret - tenant: - name: minio-penpot - configuration: - name: penpot-minio-config-secret - pools: - - servers: 3 - name: pool - volumesPerServer: 2 - size: 10Gi - storageClassName: ceph-block - mountPath: /export - subPath: /data - metrics: - enabled: true - port: 9000 - protocol: http - certificate: - requestAutoCert: false - ingress: - api: - enabled: true - ingressClassName: tailscale - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" - tls: - - secretName: penpot-storage-cl01tl - hosts: - - penpot-storage-cl01tl - host: penpot-storage-cl01tl - path: / - pathType: Prefix - console: - enabled: true - ingressClassName: tailscale - tls: - - secretName: minio-penpot-cl01tl - hosts: - - minio-penpot-cl01tl - host: minio-penpot-cl01tl - path: / - pathType: Prefix -postgres-17-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - backup: - enabled: true - endpointURL: https://nyc3.digitaloceanspaces.com - destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/penpot/penpot-postgresql-17-cluster - endpointCredentials: penpot-postgresql-17-cluster-backup-secret - backupIndex: 1