gitdataai/deploy/values.yaml

# =============================================================================
# Global / common settings
# =============================================================================
namespace: gitdataai
releaseName: gitdata

image:
  registry: harbor.gitdata.me/gta_team
  pullPolicy: IfNotPresent
  pullSecrets: []

# =============================================================================
# Cert-Manager Configuration (集群已安装 cert-manager)
# =============================================================================
certManager:
  enabled: true
  clusterIssuerName: cloudflare-acme-cluster-issuer  # 引用集群已有的 ClusterIssuer

# =============================================================================
# External Secrets Configuration (需要集群安装 ESO)
# =============================================================================
externalSecrets:
  storeName: "vault-backend"
  storeKind: "SecretStore"
  databaseKey: "gitdata/database"
  redisKey: "gitdata/redis"
  qdrantKey: "gitdata/qdrant"

# =============================================================================
# Shared persistent storage (aliyun-nfs)
# =============================================================================
storage:
  enabled: true
  storageClass: aliyun-nfs
  size: 20Ti
  accessMode: ReadWriteMany  # NFS supports multiple readers/writers

# =============================================================================
# Application config (non-sensitive, shared via ConfigMap)
# =============================================================================
config:
  # App info
  name: gitdata

  # Domain configuration
  staticDomain: "https://static.gitdata.ai"
  mediaDomain: ""
  gitHttpDomain: "https://git.gitdata.ai"

  # Storage paths
  avatarPath: /data/avatar
  reposRoot: /data/repos

  # Logging
  logLevel: info
  logFormat: json
  logFileEnabled: "false"
  logFilePath: /var/log/gitdata/app.log
  logFileRotation: daily
  logFileMaxFiles: "7"
  logFileMaxSize: "100"

  # OpenTelemetry
  otelEnabled: "false"
  otelEndpoint: ""
  otelServiceName: gitdata

  # Database pool tuning
  databaseMaxConnections: "100"
  databaseMinConnections: "5"
  databaseIdleTimeout: "600"
  databaseMaxLifetime: "3600"
  databaseConnectionTimeout: "30"
  databaseSchemaSearchPath: public
  databaseHealthCheckInterval: "30"
  databaseRetryAttempts: "3"
  databaseRetryDelay: "1"

  # Redis tuning
  redisPoolSize: "16"
  redisConnectTimeout: "5"
  redisAcquireTimeout: "1"

  # Hook pool
  hookPoolMaxConcurrent: "100"
  hookPoolCpuThreshold: "80"
  hookPoolRedisListPrefix: "{hook}"
  hookPoolRedisLogChannel: hook:logs
  hookPoolRedisBlockTimeout: "5"
  hookPoolRedisMaxRetries: "3"

  # SSH
  sshPort: "22"

  # SMTP (non-sensitive defaults)
  smtpPort: "465"
  smtpTls: "true"
  smtpTimeout: "30"

# PostgreSQL (required)
database:
  existingSecret: ""  # 留空则使用默认名 {release-name}-secrets
  secretKeys:
    url: APP_DATABASE_URL

# Redis (required)
redis:
  existingSecret: ""
  secretKeys:
    url: APP_REDIS_URL

# NATS (optional)
nats:
  enabled: true
  url: "nats://nats-client.nats.svc.cluster.local:4222"

# Qdrant (optional)
qdrant:
  enabled: true
  url: "http://qdrant.qdrant.svc.cluster.local:6333"
  existingSecret: ""
  secretKeys:
    apiKey: APP_QDRANT_API_KEY

# =============================================================================
# App – main web/API service (includes embedded SPA)
# =============================================================================
app:
  enabled: true
  replicaCount: 3

  image:
    repository: app
    tag: latest

  # Pod disruption budget
  pdb:
    enabled: true
    minAvailable: 2  # Keep at least 2 pods available during disruptions

  service:
    type: ClusterIP
    port: 8080

  ingress:
    enabled: false

  resources:
    requests:
      cpu: 100m
      memory: 256Mi

  livenessProbe:
    path: /health
    port: 8080
    initialDelaySeconds: 5
    periodSeconds: 10

  readinessProbe:
    path: /health
    port: 8080
    initialDelaySeconds: 5
    periodSeconds: 5

  startupProbe:
    path: /health
    port: 8080
    initialDelaySeconds: 0
    periodSeconds: 10
    failureThreshold: 30  # Allow up to 5 minutes for slow starts

  env: []

  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Static server - avatar, blob, media files
# =============================================================================
static:
  enabled: true
  replicaCount: 2

  image:
    repository: static
    tag: latest

  service:
    type: ClusterIP
    port: 8081

  ingress:
    enabled: false

  cors: true
  logLevel: info

  livenessProbe:
    path: /health
    port: 8081
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 3
    failureThreshold: 3

  readinessProbe:
    path: /health
    port: 8081
    initialDelaySeconds: 5
    periodSeconds: 5
    timeoutSeconds: 3
    failureThreshold: 3

  env: []
  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Gitserver – git daemon / SSH + HTTP server
# =============================================================================
gitserver:
  enabled: true
  replicaCount: 2

  image:
    repository: gitserver
    tag: latest

  service:
    http:
      type: ClusterIP
      port: 8022
    ssh:
      type: LoadBalancer
      port: 22
      domain: ""
      loadBalancerIP: ""
      loadBalancerSourceRanges: []

  resources:
    requests:
      cpu: 100m
      memory: 128Mi

  persistence:
    enabled: true
    storageClass: ""
    size: 50Gi
    accessMode: ReadWriteOnce

  ingress:
    enabled: false

  env: []

  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Email worker – processes outgoing email queue
# =============================================================================
emailWorker:
  enabled: true

  image:
    repository: email-worker
    tag: latest

  livenessProbe:
    exec:
      command:
        - /bin/sh
        - -c
        - "kill -0 1 || exit 1"
    initialDelaySeconds: 10
    periodSeconds: 30
    timeoutSeconds: 5
    failureThreshold: 3

  readinessProbe:
    exec:
      command:
        - /bin/sh
        - -c
        - "kill -0 1 || exit 1"
    initialDelaySeconds: 5
    periodSeconds: 15
    timeoutSeconds: 3
    failureThreshold: 3

  resources:
    requests:
      cpu: 50m
      memory: 64Mi

  env: []

  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Git hook pool – handles pre-receive / post-receive hooks
# =============================================================================
gitHook:
  enabled: true

  image:
    repository: git-hook
    tag: latest

  replicaCount: 2

  pdb:
    enabled: true
    minAvailable: 1

  livenessProbe:
    exec:
      command:
        - /bin/sh
        - -c
        - "kill -0 1 || exit 1"
    initialDelaySeconds: 10
    periodSeconds: 15
    timeoutSeconds: 5
    failureThreshold: 3

  readinessProbe:
    exec:
      command:
        - /bin/sh
        - -c
        - "kill -0 1 || exit 1"
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 3
    failureThreshold: 3

  resources:
    requests:
      cpu: 50m
      memory: 64Mi

  env: []

  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Migrate – database migration Job (runOnce)
# =============================================================================
migrate:
  enabled: false  # Set true to run migrations on upgrade

  image:
    repository: migrate
    tag: latest

  command: up
  backoffLimit: 3

  env: []

# =============================================================================
# Operator – Kubernetes operator
# =============================================================================
operator:
  enabled: false
  replicaCount: 2

  image:
    repository: operator
    tag: latest

  imagePrefix: ""
  logLevel: info

  resources:
    requests:
      cpu: 50m
      memory: 64Mi

  nodeSelector: {}
  tolerations: []
  affinity: {}

# =============================================================================
# Admin RPC – internal gRPC service for admin operations (k8s internal only)
# =============================================================================
adminrpc:
  enabled: true

  image:
    repository: adminrpc
    tag: latest

  service:
    port: 9090
    http_port: 9091

  readinessProbe:
    tcpSocket:
      port: 9090
    initialDelaySeconds: 3
    periodSeconds: 5

  resources:
    requests:
      cpu: 50m
      memory: 64Mi

  env: []

  nodeSelector: {}
  tolerations: []
  affinity: {}