142 lines
3.6 KiB
YAML
142 lines
3.6 KiB
YAML
# helmrelease.yaml
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: plane
|
|
namespace: plane
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: plane-ce
|
|
version: "1.4.1" # pin version, avoid 'stable'
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: plane
|
|
namespace: flux-system
|
|
interval: 12h
|
|
timeout: 10m
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
values:
|
|
planeVersion: "v1.2.1"
|
|
|
|
ingress:
|
|
enabled: true
|
|
appHost: "plane.lab.home.hrajfrisbee.cz"
|
|
minioHost: "plane-minio.lab.home.hrajfrisbee.cz"
|
|
rabbitmqHost: "plane-mq.lab.home.hrajfrisbee.cz" # optional
|
|
ingressClass: nginx
|
|
ingress_annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
nginx.ingress.kubernetes.io/auth-url: "https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/auth"
|
|
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/start?rd=$scheme://$host$escaped_request_uri"
|
|
nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-User,X-Auth-Request-Email,Authorization"
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
if ($request_uri ~* "^/uploads/") {
|
|
set $auth_request_uri "";
|
|
}
|
|
# nginx.ingress.kubernetes.io/proxy-body-size: "10m"
|
|
|
|
# PostgreSQL - local stateful or external
|
|
postgres:
|
|
local_setup: true
|
|
storageClass: freenas-iscsi
|
|
volumeSize: 10Gi
|
|
# assign_cluster_ip: false
|
|
# nodeSelector: {}
|
|
# tolerations: []
|
|
# affinity: {}
|
|
|
|
# Redis/Valkey
|
|
redis:
|
|
local_setup: true
|
|
storageClass: freenas-iscsi
|
|
volumeSize: 2Gi
|
|
|
|
# RabbitMQ
|
|
rabbitmq:
|
|
local_setup: true
|
|
storageClass: freenas-iscsi
|
|
volumeSize: 1Gi
|
|
|
|
# MinIO (S3-compatible storage)
|
|
minio:
|
|
local_setup: true
|
|
storageClass: freenas-iscsi
|
|
volumeSize: 10Gi
|
|
|
|
env:
|
|
# Database credentials (change these!)
|
|
pgdb_username: plane
|
|
pgdb_password: plane-not-so-secret # TODO: do this properly
|
|
pgdb_name: plane
|
|
|
|
# Application secret (MUST change - used for encryption)
|
|
secret_key: 6u8w9T8P9zolcTMTC1DnErasyHnE6QGyB77tCPPFC/mnbPykb6DfiMW6id3Qy+Ly
|
|
|
|
# Storage
|
|
docstore_bucket: uploads
|
|
doc_upload_size_limit: 5242880
|
|
|
|
# Optional: External services (when local_setup: false)
|
|
# pgdb_remote_url: "postgresql://user:pass@host:5432/plane"
|
|
# remote_redis_url: "redis://host:6379/"
|
|
# aws_access_key: ""
|
|
# aws_secret_access_key: ""
|
|
# aws_region: ""
|
|
# aws_s3_endpoint_url: ""
|
|
|
|
# Workload resources (adjust based on cluster capacity)
|
|
web:
|
|
replicas: 2
|
|
memoryLimit: 1000Mi
|
|
cpuLimit: 500m
|
|
memoryRequest: 128Mi
|
|
cpuRequest: 100m
|
|
|
|
api:
|
|
replicas: 2
|
|
memoryLimit: 1000Mi
|
|
cpuLimit: 500m
|
|
memoryRequest: 128Mi
|
|
cpuRequest: 100m
|
|
|
|
worker:
|
|
replicas: 1
|
|
memoryLimit: 1000Mi
|
|
cpuLimit: 500m
|
|
|
|
beatworker:
|
|
replicas: 1
|
|
memoryLimit: 500Mi
|
|
cpuLimit: 250m
|
|
|
|
space:
|
|
replicas: 1
|
|
memoryLimit: 500Mi
|
|
cpuLimit: 250m
|
|
|
|
admin:
|
|
replicas: 1
|
|
memoryLimit: 500Mi
|
|
cpuLimit: 250m
|
|
|
|
live:
|
|
replicas: 1
|
|
memoryLimit: 500Mi
|
|
cpuLimit: 250m
|
|
|
|
# TLS (requires cert-manager)
|
|
ssl:
|
|
createIssuer: false
|
|
generateCerts: true
|
|
issuer: letsencrypt-prod
|
|
# email: admin@example.com
|
|
# server: https://acme-v02.api.letsencrypt.org/directory
|
|
tls_secret_name: plane-tls # if using existing cert |