MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2026-05-16 04:48:12 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v3.3.17
maksit-certs-ui/src/helm/values.yaml
Maksym Sadovnychyy 23d143aabe (bugfix): ha mode replicas debug
2026-04-26 16:14:06 +02:00

269 lines
9.4 KiB
YAML
Raw Permalink Blame History

global:
imagePullSecrets: []
image:
# When non-empty, overrides every components.*.image.tag (see _helpers.tpl). Production/staging: pin to released
# semver (e.g. 3.3.13) and use pullPolicy Always or bump tag each release — do not rely on :latest + IfNotPresent alone.
# tag: "latest"
# pullPolicy: IfNotPresent
# Optional rollout tuning (see NOTES): pin a fixed pod annotation or add a nonce for frozen/git-rendered manifests.
# rollme: ""
# rolloutNonce: ""
nameOverride: ""
fullnameOverride: ""
# Server ConfigMap (appsettings.json); referenced from components.server.configMapFile when tpl: true
certsServerConfig:
allowedHosts: "*"
logging:
default: Information
microsoftAspNetCore: Warning
configuration:
certsUIEngineConfiguration:
# Add-only column sync after FluentMigrator (ALTER ADD IF NOT EXISTS; never DROP). Set false to disable.
autoSyncSchema: true
admin:
username: "admin"
jwt:
issuer: ""
audience: ""
expiresIn: 15
refreshTokenExpiresIn: 180
twoFactor:
label: "CertsUI"
issuer: "MaksIT.CertsUI"
algorithm: ""
digits: 6
period: 30
timeTolerance: 1
agent:
agentHostname: ""
agentPort: 5000
serviceToReload: haproxy
production: "https://acme-v02.api.letsencrypt.org/directory"
staging: "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeFolder: /acme
dataFolder: /data
# Server Secret (appsecrets.json); referenced from components.server.secretsFile when tpl: true
# Configuration:CertsUIEngineConfiguration:ConnectionString — same structural role as MaksIT.Vault VaultEngineConfiguration:ConnectionString.
certsServerSecrets:
authSecret: changeme-generate-a-long-random-string
authPepper: ""
agentKey: ""
adminPassword: changeme-generate-a-strong-password
certsUIEngineConfiguration:
connectionString: ""
# Client ConfigMap (config.js); referenced when tpl: true
certsClientRuntime:
apiUrl: "http://certs-ui.example.com/api"
components:
# Per-component replica count (minimum 1). Server uses RWO PVCs by default — use 1 unless
# your StorageClass supports ReadWriteMany and the app can share the volume (see NOTES.txt).
server:
replicaCount: 1
image:
registry: cr.maks-it.com
repository: certs-ui/server
tag: latest
pullPolicy: IfNotPresent
env:
- name: ASPNETCORE_ENVIRONMENT
value: Production
- name: ASPNETCORE_HTTP_PORTS
value: "5000"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
service:
enabled: true
type: ClusterIP
port: 5000
targetPort: 5000
# ClientIP affinity helps browsers hit the same server pod for multi-step ACME (primary holds orchestration).
sessionAffinity:
enabled: true
clientIPTimeoutSeconds: 10800
# Give kube-proxy / ingress time to stop sending new connections before SIGKILL (pairs with preStop).
terminationGracePeriodSeconds: 90
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 5"]
persistence:
storageClass: local-path
volumes:
- name: acme
mountPath: /acme
type: pvc
pvc:
create: true
keep: true
size: 50Mi
accessModes: [ReadWriteOnce]
- name: data
mountPath: /data
type: pvc
pvc:
create: true
keep: true
size: 50Mi
accessModes: [ReadWriteOnce]
secretsFile:
key: appsecrets.json
mountPath: /secrets/appsecrets.json
tpl: true
keep: true
existingSecret: ""
content: |
{
"Configuration": {
"CertsUIEngineConfiguration": {
"ConnectionString": {{ .Values.certsServerSecrets.certsUIEngineConfiguration.connectionString | toJson }},
"Admin": {
"Password": {{ .Values.certsServerSecrets.adminPassword | toJson }}
},
"JwtSettingsConfiguration": {
"JwtSecret": {{ .Values.certsServerSecrets.authSecret | toJson }},
"PasswordPepper": {{ .Values.certsServerSecrets.authPepper | toJson }}
},
"Agent": {
"AgentKey": {{ .Values.certsServerSecrets.agentKey | toJson }}
}
}
}
}
configMapFile:
key: appsettings.json
mountPath: /configMap/appsettings.json
tpl: true
keep: true
existingConfigMap: ""
content: |
{
"Logging": {
"LogLevel": {
"Default": {{ .Values.certsServerConfig.logging.default | toJson }},
"Microsoft.AspNetCore": {{ .Values.certsServerConfig.logging.microsoftAspNetCore | toJson }}
}
},
"AllowedHosts": {{ .Values.certsServerConfig.allowedHosts | toJson }},
"Configuration": {
"CertsUIEngineConfiguration": {
"AutoSyncSchema": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.autoSyncSchema }},
"Admin": {
"Username": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.admin.username | toJson }},
"Password": ""
},
"JwtSettingsConfiguration": {
"JwtSecret": "",
"Issuer": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.jwt.issuer | toJson }},
"Audience": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.jwt.audience | toJson }},
"ExpiresIn": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.jwt.expiresIn }},
"RefreshTokenExpiresIn": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.jwt.refreshTokenExpiresIn }},
"PasswordPepper": ""
},
"TwoFactorSettingsConfiguration": {
"Label": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.label | toJson }},
"Issuer": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.issuer | toJson }},
"Algorithm": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.algorithm | toJson }},
"Digits": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.digits }},
"Period": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.period }},
"TimeTolerance": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.twoFactor.timeTolerance }}
},
"Agent": {
"AgentHostname": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.agent.agentHostname | toJson }},
"AgentPort": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.agent.agentPort }},
"AgentKey": "",
"ServiceToReload": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.agent.serviceToReload | toJson }}
},
"Production": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.production | toJson }},
"Staging": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.staging | toJson }},
"AcmeFolder": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.acmeFolder | toJson }},
"DataFolder": {{ .Values.certsServerConfig.configuration.certsUIEngineConfiguration.dataFolder | toJson }}
}
}
}
livenessProbe:
httpGet:
path: /health/live
port: http
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health/ready
port: http
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 3
client:
replicaCount: 1
image:
registry: cr.maks-it.com
repository: certs-ui/client
tag: latest
pullPolicy: IfNotPresent
service:
enabled: true
type: ClusterIP
port: 5173
targetPort: 5173
configMapFile:
key: config.js
mountPath: /app/dist/config.js
tpl: true
keep: true
existingConfigMap: ""
content: |
window.RUNTIME_CONFIG = {
API_URL: {{ .Values.certsClientRuntime.apiUrl | toJson }}
};
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 5
resources: {}
reverseproxy:
replicaCount: 1
image:
registry: cr.maks-it.com
repository: certs-ui/reverseproxy
tag: latest
pullPolicy: IfNotPresent
env:
- name: ASPNETCORE_ENVIRONMENT
value: Production
- name: ASPNETCORE_HTTP_PORTS
value: "8080"
service:
enabled: true
type: ClusterIP
port: 8080
targetPort: 8080
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 15
periodSeconds: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 5
resources: {}
Reference in New Issue View Git Blame Copy Permalink