oleks/cms-plugins
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
67b07634ae88fb50014aa5c17aa08c7dbf4ea47a
cms-plugins/deploy/helm/values.yaml
T
Oleks 67b07634ae initial scaffold: emdash catalog, helm chart, woodpecker pipeline, ddev 
- app/: Emdash scaffold (Astro 6, node target) with cmses/plugins/pages collections
- app/seed/seed.json: WordPress→Emdash parity for kotkanagrilli.fi (~30 entries)
- Dockerfile + docker/entrypoint.sh: multi-stage build, single PVC at /app/state
- deploy/helm/: chart mirroring emdash-kotkanagrilli (single-replica, sqlite, kotkan)
- deploy/fleet-overlay/: HelmRelease/source/image-automation templates for
  anton-helm-workloads (staging + production)
- .woodpecker/container.yaml: arm64 build, three OCI tags per push
  (immutable 0.1.<pipeline> + floating <branch> + <branch>-latest)
- .ddev/: local dev with nginx proxy to emdash on :4321
- README/DEPLOYMENT/ARCHITECTURE/CLAUDE: docs covering the three-repo
  pipeline (cms-plugins + anton-helm-workloads + Gitea OCI registry)
2026-05-20 11:19:00 +03:00

89 lines
2.3 KiB
YAML
Raw Blame History

# Defaults for the cms-plugins chart.
# Per-env overrides come from values-staging.yaml / values-production.yaml
# and from the FluxCD HelmRelease's `values:` block.
image:
repository: git.oleks.space/oleks/cms-plugins
tag: develop-latest
# The tag is a mutable floating pointer (CI retags <branch>-latest onto
# each new build), so kubelet must always re-pull — IfNotPresent would
# pin the node to whatever digest it cached first and never roll.
pullPolicy: Always
service:
port: 4321
ingress:
enabled: true
host: cms-plugins.kotkanagrilli.fi
# TLS terminates at the Caddy reverse-proxy at the cluster edge
# (matches the woodpecker / emdash-kotkanagrilli pattern). The
# Ingress object is plain — no inline TLS, no cert-manager Certificate.
className: kube-system-traefik
# SQLite is single-writer — pin to one node so the local-path PV is sticky.
# kotkan hosts the kotkanagrilli subdomain pool, matching the
# anton-helm-workloads convention (hello-kotkan, kotkanagrilli, etc.).
nodeSelector:
kubernetes.io/hostname: kotkan
tolerations: []
affinity: {}
persistence:
enabled: true
storageClass: local-path
size: 5Gi
# Mounted at /app/state. The image symlinks /app/data.db and /app/uploads
# into this volume, so a single PVC covers SQLite + uploaded media.
mountPath: /app/state
# Plain env values (non-secret).
env:
HOST: "0.0.0.0"
PORT: "4321"
NODE_ENV: production
DEPLOY_TARGET: node
STATE_DIR: /app/state
EMDASH_ALLOWED_ORIGINS: ""
# All secrets project from one Secret. Keys expected:
# - EMDASH_ENCRYPTION_KEY (required)
existingSecret: cms-plugins-secrets
imagePullSecrets:
- name: gitea-registry-creds
probes:
liveness:
# /_emdash/api/health requires auth (401 to unauthenticated requests),
# so kubelet probes fail and the pod gets killed. The site root is
# public and a 200 from it is a reasonable proxy for "the server is up".
path: /
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
readiness:
path: /
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: "1"
memory: 1Gi
podSecurityContext:
fsGroup: 1001
containerSecurityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
Reference in New Issue View Git Blame Copy Permalink