directus: controllers: main: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: main: image: repository: directus/directus tag: 11.14.0 pullPolicy: IfNotPresent env: - name: PUBLIC_URL value: https://directus.alexlebens.dev - name: WEBSOCKETS_ENABLED value: true - name: ADMIN_EMAIL valueFrom: secretKeyRef: name: directus-config key: admin-email - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: directus-config key: admin-password - name: SECRET valueFrom: secretKeyRef: name: directus-config key: secret - name: KEY valueFrom: secretKeyRef: name: directus-config key: key - name: DB_CLIENT value: postgres - name: DB_HOST valueFrom: secretKeyRef: name: directus-postgresql-18-cluster-app key: host - name: DB_DATABASE valueFrom: secretKeyRef: name: directus-postgresql-18-cluster-app key: dbname - name: DB_PORT valueFrom: secretKeyRef: name: directus-postgresql-18-cluster-app key: port - name: DB_USER valueFrom: secretKeyRef: name: directus-postgresql-18-cluster-app key: user - name: DB_PASSWORD valueFrom: secretKeyRef: name: directus-postgresql-18-cluster-app key: password - name: SYNCHRONIZATION_STORE value: redis - name: CACHE_ENABLED value: true - name: CACHE_STORE value: redis - name: REDIS_ENABLED value: true - name: REDIS_HOST value: redis-replication-directus-master - name: REDIS_USERNAME valueFrom: secretKeyRef: name: directus-redis-config key: user - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: directus-redis-config key: password - name: STORAGE_LOCATIONS value: s3 - name: STORAGE_S3_DRIVER value: s3 - name: STORAGE_S3_KEY valueFrom: secretKeyRef: name: ceph-bucket-directus key: AWS_ACCESS_KEY_ID - name: STORAGE_S3_SECRET valueFrom: secretKeyRef: name: ceph-bucket-directus key: AWS_SECRET_ACCESS_KEY - name: STORAGE_S3_BUCKET valueFrom: configMapKeyRef: name: ceph-bucket-directus key: BUCKET_NAME - name: STORAGE_S3_REGION value: us-east-1 - name: STORAGE_S3_ENDPOINT value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 - name: STORAGE_S3_FORCE_PATH_STYLE value: true - name: AUTH_PROVIDERS value: AUTHENTIK - name: AUTH_AUTHENTIK_DRIVER value: openid - name: AUTH_AUTHENTIK_CLIENT_ID valueFrom: secretKeyRef: name: directus-oidc-secret key: OIDC_CLIENT_ID - name: AUTH_AUTHENTIK_CLIENT_SECRET valueFrom: secretKeyRef: name: directus-oidc-secret key: OIDC_CLIENT_SECRET - name: AUTH_AUTHENTIK_SCOPE value: openid profile email - name: AUTH_AUTHENTIK_ISSUER_URL value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration - name: AUTH_AUTHENTIK_IDENTIFIER_KEY value: email - name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION value: true - name: AUTH_AUTHENTIK_LABEL value: Authentik - name: TELEMETRY value: false - name: METRICS_ENABLED value: true - name: METRICS_TOKENS valueFrom: secretKeyRef: name: directus-metric-token key: metric-token resources: requests: cpu: 10m memory: 256Mi service: main: controller: main ports: http: port: 80 targetPort: 8055 protocol: TCP serviceMonitor: main: selector: matchLabels: app.kubernetes.io/name: directus app.kubernetes.io/instance: directus serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' endpoints: - port: http interval: 30s scrapeTimeout: 15s path: /metrics bearerTokenSecret: name: directus-metric-token key: metric-token postgres-18-cluster: mode: recovery recovery: method: objectStore objectStore: index: 1 backup: objectStore: - name: garage-local index: 1 destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true # - name: garage-remote # index: 1 # destinationBucket: postgres-backups # externalSecretCredentialPath: /garage/home-infra/postgres-backups # retentionPolicy: "90d" # data: # compression: bzip2 # - name: external # index: 1 # endpointURL: https://nyc3.digitaloceanspaces.com # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a # externalSecretCredentialPath: /garage/home-infra/postgres-backups # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote # - name: daily-backup # suspend: true # immediate: true # schedule: "0 0 0 * * *" # backupName: external redis-replication: existingSecret: enabled: true name: directus-redis-config key: password redisReplication: clusterSize: 3 redisSentinel: enabled: true clusterSize: 3