# ============================================================================= # Global / common settings # ============================================================================= namespace: gitdataai releaseName: gitdata image: registry: harbor.gitdata.me/gta_team pullPolicy: IfNotPresent pullSecrets: [] # ============================================================================= # Cert-Manager Configuration (集群已安装 cert-manager) # ============================================================================= certManager: enabled: true clusterIssuerName: cloudflare-acme-cluster-issuer # 引用集群已有的 ClusterIssuer # ============================================================================= # External Secrets Configuration (需要集群安装 ESO) # ============================================================================= externalSecrets: storeName: "vault-backend" storeKind: "SecretStore" databaseKey: "gitdata/database" redisKey: "gitdata/redis" qdrantKey: "gitdata/qdrant" # ============================================================================= # Shared persistent storage (aliyun-nfs) # ============================================================================= storage: enabled: true storageClass: aliyun-nfs size: 20Ti accessMode: ReadWriteMany # NFS supports multiple readers/writers # ============================================================================= # Application config (non-sensitive, shared via ConfigMap) # ============================================================================= config: # App info name: gitdata # Domain configuration staticDomain: "https://static.gitdata.ai" mediaDomain: "" gitHttpDomain: "https://git.gitdata.ai" # Storage paths avatarPath: /data/avatar reposRoot: /data/repos # Logging logLevel: info logFormat: json logFileEnabled: "false" logFilePath: /var/log/gitdata/app.log logFileRotation: daily logFileMaxFiles: "7" logFileMaxSize: "100" # OpenTelemetry otelEnabled: "false" otelEndpoint: "" otelServiceName: gitdata # Database pool tuning databaseMaxConnections: "100" databaseMinConnections: "5" databaseIdleTimeout: "600" databaseMaxLifetime: "3600" databaseConnectionTimeout: "30" databaseSchemaSearchPath: public databaseHealthCheckInterval: "30" databaseRetryAttempts: "3" databaseRetryDelay: "1" # Redis tuning redisPoolSize: "16" redisConnectTimeout: "5" redisAcquireTimeout: "1" # Hook pool hookPoolMaxConcurrent: "100" hookPoolCpuThreshold: "80" hookPoolRedisListPrefix: "{hook}" hookPoolRedisLogChannel: hook:logs hookPoolRedisBlockTimeout: "5" hookPoolRedisMaxRetries: "3" # SSH sshPort: "22" # SMTP (non-sensitive defaults) smtpPort: "465" smtpTls: "true" smtpTimeout: "30" # PostgreSQL (required) database: existingSecret: "" # 留空则使用默认名 {release-name}-secrets secretKeys: url: APP_DATABASE_URL # Redis (required) redis: existingSecret: "" secretKeys: url: APP_REDIS_URL # NATS (optional) nats: enabled: true url: "nats://nats-client.nats.svc.cluster.local:4222" # Qdrant (optional) qdrant: enabled: true url: "http://qdrant.qdrant.svc.cluster.local:6333" existingSecret: "" secretKeys: apiKey: APP_QDRANT_API_KEY # ============================================================================= # Frontend - React SPA # ============================================================================= frontend: enabled: true replicaCount: 2 image: repository: frontend tag: latest service: type: ClusterIP ingress: enabled: false resources: requests: cpu: 50m memory: 64Mi livenessProbe: initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: initialDelaySeconds: 5 periodSeconds: 5 nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # App – main web/API service # ============================================================================= app: enabled: true replicaCount: 3 image: repository: app tag: latest # Pod disruption budget pdb: enabled: true minAvailable: 2 # Keep at least 2 pods available during disruptions service: type: ClusterIP port: 8080 ingress: enabled: false resources: requests: cpu: 100m memory: 256Mi livenessProbe: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 5 startupProbe: path: /health port: 8080 initialDelaySeconds: 0 periodSeconds: 10 failureThreshold: 30 # Allow up to 5 minutes for slow starts env: [] nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # Static server - avatar, blob, media files # ============================================================================= static: enabled: true replicaCount: 2 image: repository: static tag: latest service: type: ClusterIP port: 8081 ingress: enabled: false cors: true logLevel: info livenessProbe: path: /health port: 8081 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 readinessProbe: path: /health port: 8081 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 env: [] nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # Gitserver – git daemon / SSH + HTTP server # ============================================================================= gitserver: enabled: true replicaCount: 1 image: repository: gitserver tag: latest service: http: type: ClusterIP port: 8022 ssh: type: LoadBalancer port: 22 domain: "" loadBalancerIP: "" loadBalancerSourceRanges: [] resources: requests: cpu: 100m memory: 128Mi livenessProbe: tcpSocket: port: 8022 initialDelaySeconds: 10 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: tcpSocket: port: 8022 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 persistence: enabled: true storageClass: "" size: 50Gi accessMode: ReadWriteOnce ingress: enabled: false env: [] nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # Email worker – processes outgoing email queue # ============================================================================= emailWorker: enabled: true image: repository: email-worker tag: latest livenessProbe: exec: command: - /bin/sh - -c - "pgrep email-worker || exit 1" initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: exec: command: - /bin/sh - -c - "pgrep email-worker || exit 1" initialDelaySeconds: 5 periodSeconds: 15 timeoutSeconds: 3 failureThreshold: 3 resources: requests: cpu: 50m memory: 64Mi env: [] nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # Git hook pool – handles pre-receive / post-receive hooks # ============================================================================= gitHook: enabled: true image: repository: git-hook tag: latest replicaCount: 2 pdb: enabled: true minAvailable: 1 livenessProbe: exec: command: - /bin/sh - -c - "pgrep git-hook || exit 1" initialDelaySeconds: 10 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: exec: command: - /bin/sh - -c - "pgrep git-hook || exit 1" initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 resources: requests: cpu: 50m memory: 64Mi env: [] nodeSelector: {} tolerations: [] affinity: {} # ============================================================================= # Migrate – database migration Job (runOnce) # ============================================================================= migrate: enabled: false # Set true to run migrations on upgrade image: repository: migrate tag: latest command: up backoffLimit: 3 env: [] # ============================================================================= # Operator – Kubernetes operator # ============================================================================= operator: enabled: false image: repository: operator tag: latest imagePrefix: "" logLevel: info resources: requests: cpu: 50m memory: 64Mi nodeSelector: {} tolerations: [] affinity: {}