# Global image registry and tag imageRegistry: "" imageTag: "" # External ConfigMap (managed outside Helm) configMapName: "app-env" # Service definitions services: app: repository: app port: 3000 replicaCount: 2 autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 targetCPUUtilization: 80 command: - "app" - "--bind" - "0.0.0.0:3000" resources: requests: cpu: 200m memory: 256Mi limits: cpu: "1" memory: 512Mi volumeMounts: - name: shared-data mountPath: /data/repos subPath: repos - name: shared-data mountPath: /data/avatars subPath: avatars - name: shared-data mountPath: /data/files subPath: files email_worker: repository: email-worker port: 8084 replicaCount: 1 autoscaling: enabled: false # email must stay at 1 replica resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi git_hook: repository: git-hook port: 8083 replicaCount: 1 autoscaling: enabled: true minReplicas: 1 maxReplicas: 5 targetCPUUtilization: 80 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi volumeMounts: - name: shared-data mountPath: /data/repos subPath: repos gitserver: repository: gitserver ports: http: 8021 ssh: 2222 replicaCount: 1 autoscaling: enabled: true minReplicas: 1 maxReplicas: 5 targetCPUUtilization: 80 # SSH port must match the containerPort extraEnv: APP_SSH_PORT: "2222" # SSH service config (MetalLB + Cilium) # Shared IP: nginx ingress (80/443) + SSH (22) on same VIP # Requires ingress-nginx svc also annotated with allow-shared-ip: "gitdata-shared" sshService: annotations: {} resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi volumeMounts: - name: shared-data mountPath: /data/repos subPath: repos metrics_aggregator: repository: metrics-aggregator port: 9090 replicaCount: 1 autoscaling: enabled: true minReplicas: 1 maxReplicas: 5 targetCPUUtilization: 80 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi static_server: repository: static-server port: 8081 replicaCount: 1 autoscaling: enabled: true minReplicas: 1 maxReplicas: 5 targetCPUUtilization: 80 resources: requests: cpu: 50m memory: 64Mi limits: cpu: 200m memory: 128Mi volumeMounts: - name: shared-data mountPath: /data subPath: static # Ingress ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "cloudflare-acme-cluster-issuer" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "INGRESSROUTE" nginx.ingress.kubernetes.io/session-cookie-path: "/" nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" nginx.ingress.kubernetes.io/enable-real-ip: "true" nginx.ingress.kubernetes.io/real-ip-header: "X-Forwarded-For" nginx.ingress.kubernetes.io/use-forwarded-headers: "true" hosts: - host: gitdata.ai paths: - path: / pathType: Prefix serviceName: app servicePort: 3000 - host: static.gitdata.ai paths: - path: / pathType: Prefix serviceName: static_server servicePort: 8081 - host: git.gitdata.ai paths: - path: / pathType: Prefix serviceName: gitserver servicePort: 8021 tls: - secretName: gitdata-ai-tls hosts: - gitdata.ai - static.gitdata.ai - git.gitdata.ai imagePullSecrets: [] nameOverride: "" fullnameOverride: "" serviceAccount: create: true automount: true annotations: {} name: "" podSecurityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: false nodeSelector: {} tolerations: [] affinity: {}