c29e039d71
Some checks failed
CD - Build & Deploy / build-and-push (push) Has been cancelled
CD - Build & Deploy / package-helm (push) Has been cancelled
CD - Build & Deploy / deploy-staging (push) Has been cancelled
CD - Build & Deploy / deploy-production (push) Has been cancelled
CD - Build & Deploy / release (push) Has been cancelled
CI / test (3.11) (push) Has been cancelled
CI / test (3.12) (push) Has been cancelled
CI / security (push) Has been cancelled
ci/woodpecker/push/woodpecker Pipeline failed
Changes: - Add API_URL, FRONTEND_PORT, BACKEND_PORT env vars to deployment - Construct DATABASE_URL from PostgreSQL connection params - Construct REDIS_URL from Redis connection params (with/without password) - Add reflex.apiUrl config to values files: * Default: http://localhost:8000 * Staging: https://staging.peikarband.ir * Production: https://peikarband.ir - Add ENVIRONMENT to configMap This ensures rxconfig.py gets proper environment-specific configuration without hardcoding values. The app now works correctly in all environments (dev, staging, production) with appropriate URLs and settings.
208 lines
3.8 KiB
YAML
208 lines
3.8 KiB
YAML
# Default values for peikarband
|
|
# This is a YAML-formatted file.
|
|
|
|
replicaCount: 2
|
|
|
|
image:
|
|
repository: hub.peikarband.ir/peikarband/landing # Match CI/CD registry
|
|
pullPolicy: IfNotPresent
|
|
tag: "latest"
|
|
|
|
imagePullSecrets:
|
|
- name: hub-registry-secret # Match hub.peikarband.ir registry
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
create: true
|
|
annotations: {}
|
|
name: ""
|
|
|
|
podAnnotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "8000"
|
|
prometheus.io/path: "/metrics"
|
|
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: false
|
|
|
|
service:
|
|
type: ClusterIP
|
|
backend:
|
|
port: 8000
|
|
targetPort: 8000
|
|
frontend:
|
|
port: 3000
|
|
targetPort: 3000
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: "nginx"
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
hosts:
|
|
- host: peikarband.ir
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
- host: www.peikarband.ir
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: peikarband-tls
|
|
hosts:
|
|
- peikarband.ir
|
|
- www.peikarband.ir
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 512Mi
|
|
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- peikarband
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ping
|
|
port: 8000
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ping
|
|
port: 8000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
|
|
env:
|
|
- name: REFLEX_ENV
|
|
value: "production"
|
|
- name: PYTHONUNBUFFERED
|
|
value: "1"
|
|
|
|
envFrom: []
|
|
|
|
# Reflex-specific configuration
|
|
reflex:
|
|
apiUrl: "http://localhost:8000" # Override in production values
|
|
|
|
configMap:
|
|
data:
|
|
APP_NAME: "peikarband"
|
|
LOG_LEVEL: "info"
|
|
ENVIRONMENT: "production"
|
|
|
|
secretRef:
|
|
name: "peikarband-secrets"
|
|
|
|
postgresql:
|
|
enabled: false
|
|
external:
|
|
host: "postgres.default.svc.cluster.local"
|
|
port: "5432"
|
|
database: "peikarband"
|
|
usernameSecret:
|
|
name: "peikarband-secrets"
|
|
key: "db-username"
|
|
passwordSecret:
|
|
name: "peikarband-secrets"
|
|
key: "db-password"
|
|
|
|
redis:
|
|
enabled: false
|
|
external:
|
|
host: "redis.default.svc.cluster.local"
|
|
port: "6379"
|
|
passwordSecret:
|
|
name: "peikarband-secrets"
|
|
key: "redis-password"
|
|
|
|
persistence:
|
|
enabled: false
|
|
storageClass: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 10Gi
|
|
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|
|
|
|
networkPolicy:
|
|
enabled: true
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
name: ingress-nginx
|
|
ports:
|
|
- protocol: TCP
|
|
port: 8000
|
|
- protocol: TCP
|
|
port: 3000
|
|
egress:
|
|
- to:
|
|
- namespaceSelector: {}
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5432 # PostgreSQL
|
|
- protocol: TCP
|
|
port: 6379 # Redis
|
|
- protocol: TCP
|
|
port: 443 # HTTPS
|
|
- protocol: TCP
|
|
port: 80 # HTTP
|
|
- protocol: UDP
|
|
port: 53 # DNS
|
|
|
|
monitoring:
|
|
serviceMonitor:
|
|
enabled: false
|
|
interval: 30s
|
|
scrapeTimeout: 10s
|
|
|