136 lines
3.9 KiB
YAML
136 lines
3.9 KiB
YAML
penpot:
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
|
hosts:
|
|
- host: penpot.alexlebens.net
|
|
tls:
|
|
- secretName: penpot-secret-tls
|
|
hosts:
|
|
- penpot.alexlebens.net
|
|
persistence:
|
|
enabled: true
|
|
storageClass: ceph-block
|
|
size: 8Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
config:
|
|
publicURI: https://penpot.alexlebens.net
|
|
flags: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
|
|
apiSecretKey:
|
|
existingSecretName: penpot-key-secret
|
|
existingSecretKey: key
|
|
postgresql:
|
|
host: penpot-postgresql-16-cluster-rw.penpot.svc.cluster.local
|
|
port: 5432
|
|
database: app
|
|
existingSecret: penpot-postgresql-16-cluster-app
|
|
secretKeys:
|
|
usernameKey: username
|
|
passwordKey: password
|
|
redis:
|
|
host: penpot-redis-headless.penpot.svc.cluster.local
|
|
port: 6379
|
|
database: 0
|
|
assets:
|
|
storageBackend: assets-s3
|
|
s3:
|
|
region: us-east-1
|
|
bucket: penpot
|
|
endpointURI: https://minio-penpot-api.alexlebens.net/penpot
|
|
existingSecret: penpot-bucket-user-secret
|
|
secretKeys:
|
|
accessKeyIDKey: AWS_ACCESS_KEY_ID
|
|
secretAccessKey: AWS_SECRET_ACCESS_KEY
|
|
telemetryEnabled: false
|
|
providers:
|
|
oidc:
|
|
enabled: true
|
|
baseURI: https://authentik.alexlebens.net/application/o/
|
|
authURI: https://authentik.alexlebens.net/application/o/authorize/
|
|
tokenURI: https://authentik.alexlebens.net/application/o/token/
|
|
userURI: https://authentik.alexlebens.net/application/o/userinfo/
|
|
roles: ""
|
|
rolesAttribute: ""
|
|
scopes: "openid profile email"
|
|
nameAttribute: preferred_username
|
|
emailAttribute: email
|
|
existingSecret: penpot-oidc-secret
|
|
secretKeys:
|
|
oidcClientIDKey: client
|
|
oidcClientSecretKey: secret
|
|
redis:
|
|
architecture: standalone
|
|
auth:
|
|
enabled: false
|
|
minio:
|
|
existingSecret:
|
|
name: penpot-minio-root-secret
|
|
tenant:
|
|
name: minio-penpot
|
|
configuration:
|
|
name: penpot-minio-config-secret
|
|
pools:
|
|
- servers: 3
|
|
name: pool
|
|
volumesPerServer: 2
|
|
size: 10Gi
|
|
storageClassName: ceph-block
|
|
mountPath: /export
|
|
subPath: /data
|
|
metrics:
|
|
enabled: true
|
|
port: 9000
|
|
protocol: http
|
|
certificate:
|
|
requestAutoCert: false
|
|
ingress:
|
|
api:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
|
tls:
|
|
- secretName: minio-penpot-api-secret-tls
|
|
hosts:
|
|
- minio-penpot-api.alexlebens.net
|
|
host: minio-penpot-api.alexlebens.net
|
|
path: /
|
|
pathType: Prefix
|
|
console:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
|
tls:
|
|
- secretName: minio-penpot-console-secret-tls
|
|
hosts:
|
|
- minio-penpot.alexlebens.net
|
|
host: minio-penpot.alexlebens.net
|
|
path: /
|
|
pathType: Prefix
|
|
postgres-16-cluster:
|
|
mode: standalone
|
|
kubernetesClusterName: cl01tl
|
|
cluster:
|
|
walStorage:
|
|
storageClass: local-path
|
|
storage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
backup:
|
|
enabled: true
|
|
endpointURL: https://s3.us-east-2.amazonaws.com
|
|
destinationPath: s3://cl01tl-postgresql-backups/penpot
|
|
endpointCredentials: penpot-postgresql-16-cluster-backup-secret
|
|
backupIndex: 1
|
|
retentionPolicy: 14d
|