Skip to content

values.yaml

global:
  image:
    repository: registry.datasapience.ru/klmg/a2p/a2p # Change to your repository
    tag: 3.2.0 # Change to your version


service:
  enabled: true

  deploymentStrategy:
    type: Recreate

  replicas: 1

  name: a2p-server

  annotations:
    rollme: "{{ randAlphaNum 5 | quote }}"

  image:
    repository: "{{ .Values.global.image.repository }}"
    tag: "{{ .Values.global.image.tag }}"

  service:
    port: 8000

  ingress:
    enabled: true
    uriPrefix: /a2p/api(/|$)(.*)
    pathType: ImplementationSpecific
    host: "kolmogorov" # Change to your host
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /$2

  secrets:
    - name: a2p-server-secret
      data:   
        - name: A2P_ROOT_PATH
          value: /a2p/api
        - name: A2P_DB_URL
          value: "postgresql://postgres:postgres@a2p-postgresql:5432/postgres"
        - name: A2P_DB_SCHEMA
          value: "klmg_a2p"
        - name: A2P_CICD_PROVIDER
          value: "gitlab"  
        - name: A2P_CICD_HOST
          value: https://git
        - name: A2P_CICD_TOKEN
          value: yout-token
        - name: A2P_GITLAB_MANAGER_PROJECT_ID
          value: gitlab_project_id
        - name: TZ
          value: 'Europe/Moscow'
        - name: KEYCLOAK_URL
          value: https://keycloak/auth
        - name: KEYCLOAK_REALM
          value: dev
        - name: KEYCLOAK_CLIENT_ID
          value: kolmogorov
        - name: KEYCLOAK_CLIENT_SECRET
          value: ""
        - name: KEYCLOAK_ADMIN_USERNAME
          value: klmg
        - name: KEYCLOAK_ADMIN_PASSWORD
          value: klmg

  init:
    containers:
      db-init:
        image:
          repository: "{{ .Values.global.image.repository }}"
          tag: "{{ .Values.global.image.tag }}"
          pullPolicy: Always
        command:
          - "python"
        args:
          - "-m"
          - "a2p.services.migration.upgrade"
        resources:
          limits:
            cpu: 256m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 100Mi


  extra_vars:
    - secret: a2p-server-secret

  resources:
    limits:
      cpu: 1025m
      memory: 1024Mi
    requests:
      cpu: 256m
      memory: 100Mi

  command:
    - "gunicorn"
  args:
    - "a2p.services.api.app:app"
    - "--workers=2"
    - "--worker-class=uvicorn.workers.UvicornWorker"
    - "--bind=0.0.0.0:8000"
    - "--timeout=600"

  securityContext:
    runAsNonRoot: false

  serviceAccount:
    name: a2p-server
    enabled: true
    existing: False
    rules:
      - apiGroups: [""]       # "" indicates the core API group
        resources: ["events", "pods", "resourcequotas", "limitranges"]
        verbs: ["get", "list", "watch", "update", "patch", "create", "delete"]
      - apiGroups: ["kopf.dev"]
        resources: ["kopfpeerings", "kopfpeerings/status"]
        verbs: ["get", "list", "watch", "update", "patch","create","delete"]
      - apiGroups: ["a2p.dev"]
        resources: ["instance", "instance/status", "integration", "integration/status", "template", "template/status", "project", "project/status", "application", "application/status"]
        verbs: ["get", "list", "watch", "update", "patch","create","delete"]

  livenessProbe:
   httpGet:
     path: /health
     port: 8000

   initialDelaySeconds: 120
   periodSeconds: 60
   timeoutSeconds: 15


service-operator:
  enabled: true

  deploymentStrategy:
    type: Recreate

  replicas: 1

  name: a2p-operator

  annotations:
    rollme: "{{ randAlphaNum 5 | quote }}"

  image:
    repository: "{{ .Values.global.image.repository }}"
    tag: "{{ .Values.global.image.tag }}"

  ingress:
    enabled: false

  extra_vars:
    - secret: a2p-server-secret

  resources:
    limits:
      cpu: 1000m
      memory: 512Mi
    requests:
      cpu: 256m
      memory: 100Mi

  command:
    - "kopf"
  args:
    - "run"
    - "--namespace={{ .Release.Namespace }}"
    - "--peering=a2p"
    - "--module=a2p.services.operator.app"
    - "--liveness=http://0.0.0.0:8000/health"

  livenessProbe:
   httpGet:
     path: /health
     port: 8000

  service:
    port: 8000

  securityContext:
    runAsNonRoot: false

  serviceAccount:
    name: a2p-server
    enabled: true
    existing: true


postgresql:
  fullnameOverride: a2p-postgresql
  auth:
    postgresPassword: postgres
    username: postgres
    password: postgres
    database: postgres
  primary:
    service:
      type: NodePort
    persistence:
      size: 5Gi
    resources:
      limits:
        cpu: 1000m
        memory: 1024Mi
      requests:
        cpu: 100m
        memory: 100Mi
    initdb:
     scripts:
       init_schema.sh: |
         #!/bin/sh
         PGPASSWORD=postgres psql -U postgres -d postgres -c 'CREATE SCHEMA IF NOT EXISTS klmg_a2p'


gitlab-runner:
  enabled: true

  gitlabUrl: https://git
  runnerToken: token
  concurrent: 1

  imagePullSecrets:
    - name: regcred

  resources:
    limits:
      memory: 256Mi
      cpu: 200m
      ephemeral-storage: 512Mi
    requests:
      memory: 128Mi
      cpu: 100m
      ephemeral-storage: 256Mi

  serviceAccount:
    name: a2p-runner

  rbac:
    create: true
    rules:
      - resources: ["events"]
        verbs: ["list", "watch"]
      - resources: ["pods"]
        verbs: ["create","delete","get"]
      - apiGroups: [""]
        resources: ["pods/attach","pods/exec"]
        verbs: ["get","create","patch","delete"]
      - apiGroups: [""]
        resources: ["pods/log"]
        verbs: ["get","list"]
      - resources: ["secrets"]
        verbs: ["create","delete","get","update"]
      - resources: ["serviceaccounts"]
        verbs: ["get"]
      - resources: ["services"]
        verbs: ["create","get"]
      - apiGroups: ["a2p.dev"]
        resources: ["instance", "instance/status", "integration", "integration/status", "template", "template/status", "project", "project/status", "application", "application/status"]
        verbs: ["get", "list", "watch", "update", "patch","create","delete"]

  runners:
    serviceAccountName: a2p-runner
    config: |
      [[runners]]
        [runners.kubernetes]
          namespace = "{{.Release.Namespace}}"
          image = "alpine"
          pull_policy = ["always", "if-not-present", "never"]
          image_pull_secrets = ["regcred"]
          service_account = "a2p-runner"