alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 2 Activity
Files
9a2d78c22e7e210a3c965666ef7d94cf5f782052
infrastructure/clusters/cl01tl/helm/komodo/values.yaml
Alex Lebens 9a2d78c22e
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 49s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 39s
Details
render-manifests / render-manifests (pull_request) Successful in 42s
Details
feat: add storage and affinity
2026-04-02 21:36:47 -05:00

232 lines
6.8 KiB
YAML
Raw Blame History

komodo:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/moghtech/komodo-core
tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba
env:
- name: COMPOSE_LOGGING_DRIVER
value: local
- name: KOMODO_HOST
value: https://komodo.alexlebens.net
- name: KOMODO_TITLE
value: Komodo
- name: PASSKEY
valueFrom:
secretKeyRef:
name: komodo-secret
key: passkey
- name: KOMODO_MONITORING_INTERVAL
value: 15-sec
- name: KOMODO_RESOURCE_POLL_INTERVAL
value: 5-min
- name: KOMODO_PASSKEY
valueFrom:
secretKeyRef:
name: komodo-secret
key: passkey
- name: KOMODO_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: komodo-secret
key: webhook
- name: KOMODO_JWT_SECRET
valueFrom:
secretKeyRef:
name: komodo-secret
key: jwt
- name: KOMODO_LOCAL_AUTH
value: true
- name: KOMODO_ENABLE_NEW_USERS
value: false
- name: KOMODO_DISABLE_NON_ADMIN_CREATE
value: true
- name: KOMODO_TRANSPARENT_MODE
value: false
- name: PERIPHERY_SSL_ENABLED
value: false
- name: DB_USERNAME
value: ferret
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret
key: password
- name: KOMODO_DATABASE_URI
value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@komodo-ferretdb-2.komodo:27017/komodo
- name: KOMODO_OIDC_ENABLED
value: true
- name: KOMODO_OIDC_PROVIDER
value: http://authentik-server.authentik/application/o/komodo/
- name: KOMODO_OIDC_REDIRECT_HOST
value: https://authentik.alexlebens.net
- name: KOMODO_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: komodo-secret
key: oidc-client-id
- name: KOMODO_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: komodo-secret
key: oidc-client-secret
- name: KOMODO_OIDC_USE_FULL_EMAIL
value: true
resources:
requests:
cpu: 10m
memory: 80Mi
ferretdb-2:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/ferretdb/ferretdb
tag: 2.7.0@sha256:5706414241eb84f0515512c37b46db0f1b1eac9e5ceb7e4c2523211c184b1985
env:
- name: DB_USERNAME
value: ferret
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret
key: password
- name: FERRETDB_POSTGRESQL_URL
value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB
resources:
requests:
cpu: 1m
memory: 20Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 9120
ferretdb-2:
controller: ferretdb-2
ports:
http:
port: 27017
targetPort: 27017
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- komodo.alexlebens.net
rules:
- backendRefs:
- name: komodo-main
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
keys:
forceRename: komodo-keys
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
main:
main:
- path: /config/keys
readOnly: false
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
main:
main:
- path: /repo-cache
readOnly: false
syncs:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
main:
main:
- path: /syncs
readOnly: false
postgresql-17-fdb-cluster:
nameOverride: komodo-postgresql-17-fdb
mode: recovery
cluster:
image:
repository: ghcr.io/ferretdb/postgres-documentdb
tag: 17-0.107.0-ferretdb-2.7.0@sha256:2386795ec2aa7ae559304361979f1dc5708d383ee9020ae63dadc2940dfe58f7
postgresUID: 999
postgresGID: 999
postgresql:
parameters:
cron.database_name: 'ferretDB'
documentdb.enableCompact: "true"
documentdb.enableLetAndCollationForQueryMatch: "true"
documentdb.enableNowSystemVariable: "true"
documentdb.enableSortbyIdPushDownToPrimaryKey: "true"
documentdb.enableSchemaValidation: "true"
documentdb.enableBypassDocumentValidation: "true"
documentdb.enableUserCrud: "true"
documentdb.maxUserLimit: "100"
shared_buffers: 128MB
max_slot_wal_keep_size: 2000MB
hot_standby_feedback: "on"
pg_hba:
- host ferretDB postgres localhost trust
- host ferretDB ferret localhost trust
shared_preload_libraries:
- pg_cron
- pg_documentdb_core
- pg_documentdb
initdb:
database: ferretDB
owner: ferret
postInitApplicationSQL:
- CREATE EXTENSION IF NOT EXISTS pg_cron;
- CREATE EXTENSION IF NOT EXISTS documentdb CASCADE;
- GRANT documentdb_admin_role TO ferret;
recovery:
method: objectStore
objectStore:
index: 2
backup:
objectStore:
- name: garage-local
index: 2
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 50 14 * * *"
backupName: garage-local
volsync-target-keys:
pvcTarget: komodo-keys
local:
enabled: true
schedule: 54 11 * * *
remote:
enabled: true
schedule: 54 12 * * *
external:
enabled: true
schedule: 54 13 * * *
Reference in New Issue View Git Blame Copy Permalink