ehsan-minadd/peikarband
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
ea08dc8d9e17c3dee07cb3b1612c4ce649306153
peikarband/helm/peikarband/values-production.yaml
Ehsan.Asadi a956c745ea
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
[K8S] Update image tag to latest for automatic updates (fix) | ApprovalToken: AT-202512310643
2025-12-31 06:43:26 +03:30

157 lines
3.7 KiB
YAML
Raw Blame History

# Production-specific values for peikarband
# This file overrides default values.yaml for production
replicaCount: 1
image:
pullPolicy: Always
tag: "latest"
# Auto-create registry secret
registrySecret:
enabled: true
name: hub-registry-secret
server: hub.peikarband.ir
username: "admin"
password: "5459ed7590d37656410fae38bdf59eb7ee33b68cd4c"
imagePullSecrets:
- name: hub-registry-secret
# Auto-create application secrets (database, redis, etc)
appSecrets:
enabled: false # Set to true if you need database/redis
name: peikarband-prod-secrets
dbUsername: ""
dbPassword: ""
redisPassword: ""
# Reflex configuration for production
reflex:
apiUrl: "https://api.peikarband.ir" # Production API URL (backend)
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8000"
prometheus.io/path: "/metrics"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
ingress:
enabled: true
className: "traefik"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.tls: "true"
# Rate limiting and body size should be configured via Traefik Middleware
# Example: traefik.ingress.kubernetes.io/router.middlewares: default-ratelimit@kubernetescrd
hosts:
- host: peikarband.ir
paths:
- path: /
pathType: Prefix
- host: www.peikarband.ir
paths:
- path: /
pathType: Prefix
tls:
- secretName: peikarband-tls
hosts:
- peikarband.ir
- www.peikarband.ir
# Backend API Ingress (api.peikarband.ir -> port 8000)
apiEnabled: true
apiAnnotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.tls: "true"
apiHosts:
- host: api.peikarband.ir
paths:
- path: /
pathType: Prefix
apiTls:
- secretName: peikarband-api-tls
hosts:
- api.peikarband.ir
postgresql:
enabled: false # Using SQLite for now
external:
host: "postgres-prod.default.svc.cluster.local"
port: "5432"
database: "peikarband_prod"
usernameSecret:
name: "peikarband-prod-secrets"
key: "db-username"
passwordSecret:
name: "peikarband-prod-secrets"
key: "db-password"
redis:
enabled: false # Not used yet
external:
host: "redis-prod.default.svc.cluster.local"
port: "6379"
passwordSecret:
name: "peikarband-prod-secrets"
key: "redis-password"
# Override readiness probe for production
# Reflex startup time: 30-60 seconds (per deployment checklist)
# Using /ping endpoint (simpler, faster response)
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 60 # Allow Reflex to fully start (30-60s expected)
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6 # Allow 6 failures = 60s grace period
# Override liveness probe
# Using /live endpoint which is specifically designed for liveness checks
livenessProbe:
httpGet:
path: /live
port: 8000
initialDelaySeconds: 90 # More time for liveness (after readiness)
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
configMap:
data:
APP_NAME: "peikarband"
LOG_LEVEL: "warning"
ENVIRONMENT: "prod"
podDisruptionBudget:
enabled: false
minAvailable: 1
networkPolicy:
enabled: true
monitoring:
serviceMonitor:
enabled: true
interval: 30s
scrapeTimeout: 10s
Reference in New Issue View Git Blame Copy Permalink