alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity
Files
669fffc45739c76d560aa4ca9ee7b5610ff9483b
infrastructure/clusters/cl01tl/applications/penpot/values.yaml

389 lines
13 KiB
YAML
Raw Blame History

penpot:
defaultPodOptions:
securityContext:
fsGroup: 1001
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- penpot
topologyKey: "kubernetes.io/hostname"
controllers:
frontend:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: penpotapp/frontend
tag: 2.0.3
pullPolicy: IfNotPresent
env:
- name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net
- name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY
valueFrom:
secretKeyRef:
name: penpot-key-secret
key: key
- name: PENPOT_DATABASE_URI
value: postgresql://penpot-postgresql-16-cluster-rw:5432/app
- name: PENPOT_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: username
- name: PENPOT_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: password
- name: PENPOT_REDIS_URI
value: redis://penpot-redis-headless.penpot.svc.cluster.local:6379/0
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: assets-s3
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: us-east-1
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: client
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: secret
- name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/
- name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES
value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR
value: preferred_username
- name: PENPOT_OIDC_EMAIL_ATTR
value: email
envFrom:
- secretRef:
name: penpot-bucket-user-secret
resources:
requests:
cpu: 100m
memory: 128Mi
backend:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: penpotapp/backend
tag: 2.0.3
pullPolicy: IfNotPresent
env:
- name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net
- name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY
valueFrom:
secretKeyRef:
name: penpot-key-secret
key: key
- name: PENPOT_DATABASE_URI
value: postgresql://penpot-postgresql-16-cluster-rw:5432/app
- name: PENPOT_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: username
- name: PENPOT_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: password
- name: PENPOT_REDIS_URI
value: redis://penpot-redis-headless.penpot.svc.cluster.local:6379/0
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: assets-s3
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: us-east-1
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: client
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: secret
- name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/
- name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES
value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR
value: preferred_username
- name: PENPOT_OIDC_EMAIL_ATTR
value: email
envFrom:
- secretRef:
name: penpot-bucket-user-secret
securityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
resources:
requests:
cpu: 100m
memory: 1Gi
exporter:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: penpotapp/exporter
tag: 2.0.3
pullPolicy: IfNotPresent
env:
- name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net
- name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY
valueFrom:
secretKeyRef:
name: penpot-key-secret
key: key
- name: PENPOT_DATABASE_URI
value: postgresql://penpot-postgresql-16-cluster-rw:5432/app
- name: PENPOT_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: username
- name: PENPOT_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: penpot-postgresql-16-cluster-app
key: password
- name: PENPOT_REDIS_URI
value: redis://penpot-redis-headless.penpot.svc.cluster.local:6379/0
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: assets-s3
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: us-east-1
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: client
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: penpot-oidc-secret
key: secret
- name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/
- name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES
value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR
value: preferred_username
- name: PENPOT_OIDC_EMAIL_ATTR
value: email
envFrom:
- secretRef:
name: penpot-bucket-user-secret
securityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
frontend:
controller: frontend
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
backend:
controller: backend
ports:
http:
port: 6060
targetPort: 6060
protocol: HTTP
exporter:
controller: exporter
ports:
http:
port: 6061
targetPort: 6061
protocol: HTTP
ingress:
main:
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: penpot.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: penpot-frontend
port: 80
tls:
- secretName: penpot-secret-tls
hosts:
- penpot.alexlebens.net
persistence:
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 8Gi
retain: true
advancedMounts:
frontend:
main:
- path: /opt/data
readOnly: false
backend:
main:
- path: /opt/data
readOnly: false
config:
enabled: true
type: configMap
name: penpot-frontend-nginx
advancedMounts:
frontend:
main:
- path: /etc/nginx/nginx.conf
readOnly: true
mountPropagation: None
subPath: nginx.conf
redis:
architecture: standalone
auth:
enabled: false
minio:
existingSecret:
name: penpot-minio-root-secret
tenant:
name: minio-penpot
configuration:
name: penpot-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
api:
enabled: false
console:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
tls:
- secretName: minio-penpot-console-secret-tls
hosts:
- minio-penpot.alexlebens.net
host: minio-penpot.alexlebens.net
path: /
pathType: Prefix
postgres-16-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: false
backup:
enabled: true
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/penpot
endpointCredentials: penpot-postgresql-16-cluster-backup-secret
backupIndex: 1
retentionPolicy: 14d
Reference in New Issue View Git Blame Copy Permalink