From d968f2ae196ad7e1ac4e2fea6364c0fd0af18d04 Mon Sep 17 00:00:00 2001 From: Richard Tomik Date: Sat, 5 Apr 2025 22:56:22 +0200 Subject: [PATCH] Released v 0.0.2 fixed issue with deployment on kubernetes. --- charts/recipya/Chart.yaml | 2 +- charts/recipya/readme.md | 140 +++++++++++++----- .../templates/configmap-init-script.yaml | 73 +++++++++ charts/recipya/templates/configmap.yaml | 77 ---------- charts/recipya/templates/deployment.yaml | 75 ++++++++-- charts/recipya/templates/ingress.yaml | 6 +- charts/recipya/templates/pvc.yaml | 7 +- charts/recipya/templates/secret.yaml | 13 +- charts/recipya/values.yaml | 86 +++++------ 9 files changed, 301 insertions(+), 178 deletions(-) create mode 100644 charts/recipya/templates/configmap-init-script.yaml delete mode 100644 charts/recipya/templates/configmap.yaml diff --git a/charts/recipya/Chart.yaml b/charts/recipya/Chart.yaml index 8ad3a92..7ee5c94 100644 --- a/charts/recipya/Chart.yaml +++ b/charts/recipya/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: recipya description: A Helm chart for Recipya recipe manager application type: application -version: 0.0.1 +version: 0.0.2 appVersion: "v1.2.2" maintainers: - name: Richard Tomik diff --git a/charts/recipya/readme.md b/charts/recipya/readme.md index b48974b..162c621 100644 --- a/charts/recipya/readme.md +++ b/charts/recipya/readme.md @@ -25,12 +25,28 @@ The command deploys Recipya on the Kubernetes cluster in the default configurati ## Uninstalling the Chart -To uninstall/delete the `my-recipya` deployment: +To uninstall/delete the `recipya` deployment: ```bash helm uninstall recipya -n recipya ``` +## Important Configuration Notes + +### Server URL + +When deploying with an ingress, it's **critical** to set `config.server.url` to match your ingress URL (including https if you're using TLS). This ensures that redirects after login work correctly: + +```yaml +config: + server: + url: "https://your-recipya-domain.com" +``` + +### Ingress Configuration + +This chart includes optimized ingress configurations for Traefik, with support for WebSockets and proper security headers. If you're using a different ingress controller, you may need to adjust annotations accordingly. + ## Parameters ### Global parameters @@ -48,24 +64,22 @@ helm uninstall recipya -n recipya | Name | Description | Value | |-----------------------------------------|--------------------------------------------------|-----------| | `podSecurityContext.fsGroup` | Group ID for the Recipya container | `1000` | -| `containerSecurityContext.runAsUser` | User ID for the Recipya container | `1000` | -| `containerSecurityContext.runAsGroup` | Group ID for the Recipya container | `1000` | -| `containerSecurityContext.runAsNonRoot` | Run containers as non-root | `true` | +| `containerSecurityContext` | Security context for the container | `{}` | ### Recipya configuration parameters -| Name | Description | Value | -|-----------------------------------------|-------------------------------------------------------|----------------| -| `config.server.port` | Server port | `8078` | -| `config.server.autologin` | Whether to login automatically | `false` | -| `config.server.is_demo` | Whether the app is a demo version | `false` | -| `config.server.is_prod` | Whether the app is in production | `false` | -| `config.server.no_signups` | Whether to disable user account registrations | `false` | -| `config.server.url` | Base URL for the application | `http://0.0.0.0` | -| `config.email.address` | The email address for SendGrid | `""` | -| `config.email.sendgrid` | SendGrid API key | `""` | -| `config.documentIntelligence.endpoint` | Azure Document Intelligence endpoint | `""` | -| `config.documentIntelligence.key` | Azure Document Intelligence key | `""` | +| Name | Description | Value | +|-----------------------------------------|-------------------------------------------------------|---------------------| +| `config.server.port` | Server port | `8078` | +| `config.server.autologin` | Whether to login automatically | `false` | +| `config.server.is_demo` | Whether the app is a demo version | `false` | +| `config.server.is_prod` | Whether the app is in production | `false` | +| `config.server.no_signups` | Whether to disable user account registrations | `false` | +| `config.server.url` | Base URL for the application | `http://0.0.0.0` | +| `config.email.address` | The email address for SendGrid | `""` | +| `config.email.sendgrid` | SendGrid API key | `""` | +| `config.documentIntelligence.endpoint` | Azure Document Intelligence endpoint | `""` | +| `config.documentIntelligence.key` | Azure Document Intelligence key | `""` | ### Service parameters @@ -76,30 +90,88 @@ helm uninstall recipya -n recipya ### Ingress parameters -| Name | Description | Value | -|--------------------------|--------------------------------------------------|-------------| -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.className` | IngressClass that will be used | `""` | -| `ingress.hosts[0].host` | Default host for the ingress resource | `chart-example.local` | -| `ingress.tls` | Create TLS Secret | `[]` | +| Name | Description | Value | +|-------------------------------|--------------------------------------------------|------------------------| +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.className` | IngressClass that will be used | `"traefik"` | +| `ingress.annotations` | Additional ingress annotations | See values.yaml | +| `ingress.hosts[0].host` | Default host for the ingress resource | `chart-example.local` | +| `ingress.tls` | TLS configuration | `[]` | ### Persistence parameters -| Name | Description | Value | -|--------------------------------------|------------------------------------------|-----------| -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request | `1Gi` | -| `persistence.storageClass` | Storage class of backing PVC | `""` | +| Name | Description | Value | +|--------------------------------------|------------------------------------------|------------------| +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request | `1Gi` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | ### Resource parameters -| Name | Description | Value | -|--------------------------|------------------------------------------|-----------| -| `resources.limits.cpu` | CPU limit | `500m` | -| `resources.limits.memory`| Memory limit | `512Mi` | -| `resources.requests.cpu` | CPU request | `100m` | -| `resources.requests.memory` | Memory request | `128Mi` | +| Name | Description | Value | +|-------------------------------|------------------------------------------|-----------| +| `resources.limits.cpu` | CPU limit | `500m` | +| `resources.limits.memory` | Memory limit | `512Mi` | +| `resources.requests.cpu` | CPU request | `100m` | +| `resources.requests.memory` | Memory request | `128Mi` | + +### Probe parameters + +| Name | Description | Value | +|--------------------------------------|--------------------------------------------|-----------| +| `probes.liveness.enabled` | Enable liveness probe | `true` | +| `probes.liveness.path` | Path for liveness probe | `/` | +| `probes.readiness.enabled` | Enable readiness probe | `true` | +| `probes.readiness.path` | Path for readiness probe | `/` | + +## Traefik Ingress Configuration + +The chart includes specially configured middlewares for Traefik to ensure proper functioning of Recipya: + +```yaml +ingress: + enabled: true + className: "traefik" + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: recipya-recipya-headers@kubernetescrd + traefik.ingress.kubernetes.io/service.sticky: "true" + traefik.ingress.kubernetes.io/session-cookie-name: "recipya_session" + hosts: + - host: recipya.example.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - recipya.example.com +``` + +This configuration includes: + +1. Custom Content Security Policy allowing essential scripts from unpkg.com +2. Sticky sessions for maintaining authentication +3. Proper headers for proxy operation + +## Content Security Policy Configuration + +The chart includes a custom middleware that configures the proper Content Security Policy for Recipya. This is particularly important as the application requires access to external scripts from unpkg.com: + +```yaml +contentSecurityPolicy: >- + default-src 'self'; + script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://unpkg.com; + style-src 'self' 'unsafe-inline'; + img-src 'self' data: blob:; + font-src 'self' data:; + connect-src 'self' ws: wss: *; + worker-src 'self' blob:; + frame-src 'self'; + media-src 'self' blob:; + object-src 'none'; + form-action 'self'; +``` ## Using Existing Secrets diff --git a/charts/recipya/templates/configmap-init-script.yaml b/charts/recipya/templates/configmap-init-script.yaml new file mode 100644 index 0000000..546eb87 --- /dev/null +++ b/charts/recipya/templates/configmap-init-script.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "recipya.fullname" . }}-init-script + labels: + {{- include "recipya.labels" . | nindent 4 }} +data: + init.sh: | + #!/bin/sh + set -e + + CONFIG_DIR="/home/recipya/.config/Recipya" + CONFIG_FILE="$CONFIG_DIR/config.json" + TARGET_PORT={{ .Values.config.server.port }} + + echo "Starting initialization with port $TARGET_PORT..." + + # Create directories if they don't exist + mkdir -p $CONFIG_DIR/Backup + mkdir -p $CONFIG_DIR/Database + mkdir -p $CONFIG_DIR/Images + mkdir -p $CONFIG_DIR/Logs + mkdir -p $CONFIG_DIR/Videos + + echo "Directories created." + + # Create config.json if it doesn't exist or update the existing one + if [ -f "$CONFIG_FILE" ]; then + echo "Found existing config.json, updating port to $TARGET_PORT" + # Use jq to modify the port in the existing config file + TMP_FILE=$(mktemp) + cat $CONFIG_FILE | jq ".server.port = $TARGET_PORT" > $TMP_FILE + mv $TMP_FILE $CONFIG_FILE + else + echo "Creating new config.json with port $TARGET_PORT" + # Create a new config.json with default values and the specified port + cat > $CONFIG_FILE << EOF + { + "email": { + "from": "{{ .Values.config.email.address | default "" }}", + "sendGridAPIKey": "{{ .Values.config.email.sendgrid | default "" }}" + }, + "integrations": { + "azureDocumentIntelligence": { + "endpoint": "{{ .Values.config.documentIntelligence.endpoint | default "" }}", + "key": "{{ .Values.config.documentIntelligence.key | default "" }}" + } + }, + "server": { + "autologin": {{ .Values.config.server.autologin }}, + "bypassGuide": false, + "isDemo": {{ .Values.config.server.is_demo }}, + "noSignups": {{ .Values.config.server.no_signups }}, + "isProduction": {{ .Values.config.server.is_prod }}, + "port": $TARGET_PORT, + "url": "{{ .Values.config.server.url }}" + } + } + EOF + fi + + # Set permissions using numeric IDs + echo "Setting permissions..." + chmod -R 755 $CONFIG_DIR + find $CONFIG_DIR -type f -exec chmod 644 {} \; + find $CONFIG_DIR -type d -exec chmod 755 {} \; + + # Change ownership by numeric ID + echo "Changing ownership to 1000:1000..." + chown -R 1000:1000 $CONFIG_DIR + + echo "Configuration completed successfully." + ls -la $CONFIG_DIR \ No newline at end of file diff --git a/charts/recipya/templates/configmap.yaml b/charts/recipya/templates/configmap.yaml deleted file mode 100644 index bf6257c..0000000 --- a/charts/recipya/templates/configmap.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "donetick.fullname" . }}-configmap - labels: - {{- include "donetick.labels" . | nindent 4 }} -data: - selfhosted.yaml: | - name: {{ .Values.config.name | quote }} - is_done_tick_dot_com: {{ .Values.config.is_done_tick_dot_com }} - is_user_creation_disabled: {{ .Values.config.is_user_creation_disabled }} - telegram: - token: {{ .Values.config.telegram.token | default "" | quote }} - pushover: - token: {{ .Values.config.pushover.token | default "" | quote }} - database: - type: {{ .Values.config.database.type | default "sqlite" | quote }} - migration: {{ .Values.config.database.migration }} - {{- if .Values.config.database.migration_skip }} - migration_skip: {{ .Values.config.database.migration_skip }} - {{- end }} - {{- if .Values.config.database.migration_retry }} - migration_retry: {{ .Values.config.database.migration_retry }} - {{- end }} - {{- if eq .Values.config.database.type "postgres" }} - {{- if not .Values.config.database.existingSecret }} - host: {{ .Values.config.database.host | quote }} - port: {{ .Values.config.database.port }} - user: {{ .Values.config.database.user | quote }} - password: {{ .Values.config.database.password | quote }} - name: {{ .Values.config.database.name | quote }} - {{- else }} - # Database credentials will be injected via environment variables from Secret - {{- end }} - {{- end }} - jwt: - {{- if .Values.config.jwt.existingSecret }} - # Secret will be injected from Secret - {{- else }} - secret: {{ .Values.config.jwt.secret | quote }} - {{- end }} - session_time: {{ .Values.config.jwt.session_time | quote }} - max_refresh: {{ .Values.config.jwt.max_refresh | quote }} - server: - port: {{ .Values.config.server.port }} - read_timeout: {{ .Values.config.server.read_timeout | quote }} - write_timeout: {{ .Values.config.server.write_timeout | quote }} - rate_period: {{ .Values.config.server.rate_period | quote }} - rate_limit: {{ .Values.config.server.rate_limit }} - cors_allow_origins: - {{- range .Values.config.server.cors_allow_origins }} - - {{ . | quote }} - {{- end }} - serve_frontend: {{ .Values.config.server.serve_frontend }} - scheduler_jobs: - due_job: {{ .Values.config.scheduler_jobs.due_job | quote }} - overdue_job: {{ .Values.config.scheduler_jobs.overdue_job | quote }} - pre_due_job: {{ .Values.config.scheduler_jobs.pre_due_job | quote }} - email: - host: {{ .Values.config.email.host | default "" | quote }} - port: {{ .Values.config.email.port | default "" | quote }} - key: {{ .Values.config.email.key | default "" | quote }} - email: {{ .Values.config.email.email | default "" | quote }} - appHost: {{ .Values.config.email.appHost | default "" | quote }} - oauth2: - {{- if .Values.config.oauth2.existingSecret }} - client_id: $DT_OAUTH2_CLIENT_ID - client_secret: $DT_OAUTH2_CLIENT_SECRET - {{- else }} - client_id: {{ .Values.config.oauth2.client_id | default "" | quote }} - client_secret: {{ .Values.config.oauth2.client_secret | default "" | quote }} - {{- end }} - auth_url: {{ .Values.config.oauth2.auth_url | default "" | quote }} - token_url: {{ .Values.config.oauth2.token_url | default "" | quote }} - user_info_url: {{ .Values.config.oauth2.user_info_url | default "" | quote }} - redirect_url: {{ .Values.config.oauth2.redirect_url | default "" | quote }} - name: {{ .Values.config.oauth2.name | default "" | quote }} \ No newline at end of file diff --git a/charts/recipya/templates/deployment.yaml b/charts/recipya/templates/deployment.yaml index 22fe8d8..1f8b209 100644 --- a/charts/recipya/templates/deployment.yaml +++ b/charts/recipya/templates/deployment.yaml @@ -5,8 +5,8 @@ metadata: labels: {{- include "recipya.labels" . | nindent 4 }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/init-script: {{ include (print $.Template.BasePath "/configmap-init-script.yaml") . | sha256sum }} spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} @@ -31,12 +31,48 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + # Set security context for the pod securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + fsGroup: 1000 + + # Init container to configure the application + initContainers: + - name: init-config + image: alpine:3.18 + command: ["/bin/sh", "-c"] + args: + - | + echo "Installing jq..." + apk add --no-cache jq + echo "Running initialization script..." + /scripts/init.sh + securityContext: + runAsUser: 0 # Run as root to modify config files + runAsGroup: 0 + volumeMounts: + - name: data + mountPath: /home/recipya/.config/Recipya + - name: init-script + mountPath: /scripts + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + + # Main application container containers: - name: {{ .Chart.Name }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.startupArgs }} @@ -47,7 +83,7 @@ spec: {{- end }} ports: - name: http - containerPort: {{ .Values.config.server.port }} + containerPort: {{ .Values.service.port }} protocol: TCP {{- if .Values.probes.liveness.enabled }} livenessProbe: @@ -72,8 +108,9 @@ spec: successThreshold: {{ .Values.probes.readiness.successThreshold }} {{- end }} env: - - name: RECIPYA_SERVER_PORT - value: {{ .Values.config.server.port | quote }} + # Critical environment variables for proper directory structure + - name: HOME + value: "/home/recipya" - name: RECIPYA_SERVER_URL value: {{ .Values.config.server.url | quote }} - name: RECIPYA_SERVER_AUTOLOGIN @@ -97,16 +134,22 @@ spec: name: {{ .Values.config.email.existingSecret }} key: {{ .Values.config.email.sendgridKey }} {{- else }} + {{- if .Values.config.email.address }} - name: RECIPYA_EMAIL valueFrom: secretKeyRef: name: {{ include "recipya.fullname" . }}-secrets key: {{ .Values.config.email.addressKey }} + optional: true + {{- end }} + {{- if .Values.config.email.sendgrid }} - name: RECIPYA_EMAIL_SENDGRID valueFrom: secretKeyRef: name: {{ include "recipya.fullname" . }}-secrets key: {{ .Values.config.email.sendgridKey }} + optional: true + {{- end }} {{- end }} {{- if .Values.config.documentIntelligence.existingSecret }} @@ -121,16 +164,22 @@ spec: name: {{ .Values.config.documentIntelligence.existingSecret }} key: {{ .Values.config.documentIntelligence.keyKey }} {{- else }} + {{- if .Values.config.documentIntelligence.endpoint }} - name: RECIPYA_DI_ENDPOINT valueFrom: secretKeyRef: name: {{ include "recipya.fullname" . }}-secrets key: {{ .Values.config.documentIntelligence.endpointKey }} + optional: true + {{- end }} + {{- if .Values.config.documentIntelligence.key }} - name: RECIPYA_DI_KEY valueFrom: secretKeyRef: name: {{ include "recipya.fullname" . }}-secrets key: {{ .Values.config.documentIntelligence.keyKey }} + optional: true + {{- end }} {{- end }} {{- range .Values.env }} @@ -145,26 +194,24 @@ spec: volumeMounts: - name: data mountPath: /home/recipya/.config/Recipya - {{- if not .Values.containerSecurityContext.readOnlyRootFilesystem }} - - name: tmp - mountPath: /tmp - {{- end }} {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} + volumes: - name: data persistentVolumeClaim: claimName: {{ include "recipya.fullname" . }}-data - {{- if not .Values.containerSecurityContext.readOnlyRootFilesystem }} - - name: tmp - emptyDir: {} - {{- end }} + - name: init-script + configMap: + name: {{ include "recipya.fullname" . }}-init-script + defaultMode: 0755 {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/recipya/templates/ingress.yaml b/charts/recipya/templates/ingress.yaml index 65d0761..ff19b42 100644 --- a/charts/recipya/templates/ingress.yaml +++ b/charts/recipya/templates/ingress.yaml @@ -2,9 +2,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "donetick.fullname" . }} + name: {{ include "recipya.fullname" . }} labels: - {{- include "donetick.labels" . | nindent 4 }} + {{- include "recipya.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -35,7 +35,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ include "donetick.fullname" $ }} + name: {{ include "recipya.fullname" $ }} port: number: {{ $.Values.service.port }} {{- end }} diff --git a/charts/recipya/templates/pvc.yaml b/charts/recipya/templates/pvc.yaml index 6593f37..55a1c0c 100644 --- a/charts/recipya/templates/pvc.yaml +++ b/charts/recipya/templates/pvc.yaml @@ -5,10 +5,13 @@ metadata: name: {{ include "recipya.fullname" . }}-data labels: {{- include "recipya.labels" . | nindent 4 }} - {{- with .Values.persistence.annotations }} annotations: + {{- if .Values.persistence.retain }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.persistence.annotations }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} diff --git a/charts/recipya/templates/secret.yaml b/charts/recipya/templates/secret.yaml index c5024b1..f0afc7b 100644 --- a/charts/recipya/templates/secret.yaml +++ b/charts/recipya/templates/secret.yaml @@ -1,3 +1,5 @@ +{{- $createSecret := or (and (not .Values.config.email.existingSecret) (or .Values.config.email.address .Values.config.email.sendgrid)) (and (not .Values.config.documentIntelligence.existingSecret) (or .Values.config.documentIntelligence.endpoint .Values.config.documentIntelligence.key)) -}} +{{- if $createSecret }} apiVersion: v1 kind: Secret metadata: @@ -7,11 +9,20 @@ metadata: type: Opaque data: {{- if not .Values.config.email.existingSecret }} + {{- if .Values.config.email.address }} {{ .Values.config.email.addressKey }}: {{ .Values.config.email.address | b64enc }} + {{- end }} + {{- if .Values.config.email.sendgrid }} {{ .Values.config.email.sendgridKey }}: {{ .Values.config.email.sendgrid | b64enc }} {{- end }} + {{- end }} {{- if not .Values.config.documentIntelligence.existingSecret }} + {{- if .Values.config.documentIntelligence.endpoint }} {{ .Values.config.documentIntelligence.endpointKey }}: {{ .Values.config.documentIntelligence.endpoint | b64enc }} + {{- end }} + {{- if .Values.config.documentIntelligence.key }} {{ .Values.config.documentIntelligence.keyKey }}: {{ .Values.config.documentIntelligence.key | b64enc }} - {{- end }} \ No newline at end of file + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/recipya/values.yaml b/charts/recipya/values.yaml index a294496..708d01f 100644 --- a/charts/recipya/values.yaml +++ b/charts/recipya/values.yaml @@ -19,45 +19,63 @@ fullnameOverride: "" podSecurityContext: fsGroup: 1000 -# Security context for the container -containerSecurityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 +containerSecurityContext: {} # Service configuration service: type: ClusterIP port: 8078 +# Recipya configuration +config: + email: + address: "" + sendgrid: "" + existingSecret: "" + addressKey: "email" + sendgridKey: "sendgrid" + + documentIntelligence: + endpoint: "" + key: "" + existingSecret: "" + endpointKey: "di_endpoint" + keyKey: "di_key" + + server: + port: 8078 + autologin: false + is_demo: false + is_prod: true + no_signups: false + url: "http://0.0.0.0" + # Ingress configuration ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + enabled: true + className: "traefik" + annotations: [] + # traefik.ingress.kubernetes.io/router.entrypoints: websecure + # traefik.ingress.kubernetes.io/router.middlewares: default-recipya-headers@kubernetescrd hosts: - - host: chart-example.local + - host: recipya. paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local + # Persistent volume claim persistence: enabled: true accessMode: ReadWriteOnce - size: 1Gi - # storageClass: "" + size: 5Gi + storageClass: "" annotations: {} + retain: true # Resource limits and requests resources: @@ -99,41 +117,17 @@ extraVolumes: [] probes: liveness: enabled: true - path: /health - initialDelaySeconds: 10 + path: / + initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 readiness: enabled: true - path: /health - initialDelaySeconds: 10 + path: / + initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 - -# Recipya configuration -config: - email: - address: "" - sendgrid: "" - existingSecret: "" - addressKey: "email" - sendgridKey: "sendgrid" - - documentIntelligence: - endpoint: "" - key: "" - existingSecret: "" - endpointKey: "di_endpoint" - keyKey: "di_key" - - server: - port: 8078 - autologin: false - is_demo: false - is_prod: false - no_signups: false - url: "http://0.0.0.0" \ No newline at end of file