chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,922 @@
|
||||
global:
|
||||
imageRegistry: ""
|
||||
imagePullSecrets: []
|
||||
storageClass: ""
|
||||
security:
|
||||
# Required when using bitnami legacy images
|
||||
allowInsecureImages: true
|
||||
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
# Secrets configuration
|
||||
# IMPORTANT: The default values below are for TESTING ONLY and should NOT be used in production
|
||||
# For production deployments:
|
||||
# 1. Generate new secrets using: openssl rand -hex 16
|
||||
# 2. Override these values in your values.yaml or use external secret management
|
||||
# 3. Each secret must be exactly 32 hex characters (16 bytes)
|
||||
secrets:
|
||||
# Enable/disable creation of secrets
|
||||
# Set to false to use external secret management (Vault, Infisical, External Secrets, etc.)
|
||||
# When disabled, you can also use extraEnvVars and podAnnotations for secret injection
|
||||
enabled: true
|
||||
|
||||
# Name of existing secret to use instead of creating one
|
||||
# If empty, a secret will be created with the values below
|
||||
# The secret must contain the following keys:
|
||||
# - SESSION_SECRET
|
||||
# - MAGIC_LINK_SECRET
|
||||
# - ENCRYPTION_KEY
|
||||
# - MANAGED_WORKER_SECRET
|
||||
existingSecret: ""
|
||||
|
||||
# Session secret for user authentication (32 hex chars)
|
||||
sessionSecret: "2818143646516f6fffd707b36f334bbb"
|
||||
# Magic link secret for passwordless login (32 hex chars)
|
||||
magicLinkSecret: "44da78b7bbb0dfe709cf38931d25dcdd"
|
||||
# Encryption key for sensitive data (32 hex chars)
|
||||
encryptionKey: "f686147ab967943ebbe9ed3b496e465a"
|
||||
# Worker secret for managed worker authentication (32 hex chars)
|
||||
managedWorkerSecret: "447c29678f9eaf289e9c4b70d3dd8a7f"
|
||||
# Object store credentials moved to s3.auth and s3.external section
|
||||
|
||||
# Webapp configuration
|
||||
webapp:
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: triggerdotdev/trigger.dev
|
||||
tag: "" # Defaults to Chart.appVersion when empty
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Init container for shared directory setup
|
||||
volumePermissions:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: busybox
|
||||
tag: "1.35"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Sidecar for token syncing
|
||||
tokenSyncer:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnamilegacy/kubectl
|
||||
tag: "1.28"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Origin configuration
|
||||
appOrigin: "http://localhost:3040"
|
||||
loginOrigin: "http://localhost:3040"
|
||||
apiOrigin: "http://localhost:3040"
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 3030
|
||||
targetPort: 3000
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
# podSecurityContext:
|
||||
# fsGroup: 1000
|
||||
|
||||
# securityContext:
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
||||
topologySpreadConstraints: []
|
||||
|
||||
logLevel: "info"
|
||||
gracefulShutdownTimeout: 1000
|
||||
|
||||
# Bootstrap configuration
|
||||
bootstrap:
|
||||
enabled: true
|
||||
workerGroupName: "bootstrap"
|
||||
workerTokenPath: "/home/node/shared/worker_token"
|
||||
|
||||
# Limits
|
||||
limits:
|
||||
taskPayloadOffloadThreshold: 524288 # 512KB
|
||||
taskPayloadMaximumSize: 3145728 # 3MB
|
||||
batchTaskPayloadMaximumSize: 1000000 # 1MB
|
||||
taskRunMetadataMaximumSize: 262144 # 256KB
|
||||
defaultEnvExecutionConcurrencyLimit: 100
|
||||
defaultOrgExecutionConcurrencyLimit: 300
|
||||
|
||||
# Resources
|
||||
resources:
|
||||
{}
|
||||
# Example resource configuration:
|
||||
# limits:
|
||||
# cpu: 1000m
|
||||
# memory: 2Gi
|
||||
# requests:
|
||||
# cpu: 500m
|
||||
# memory: 1Gi
|
||||
|
||||
# Connectivity check configuration
|
||||
connectivityCheck:
|
||||
postgres: true # Set to false to disable DATABASE_HOST env var (overrides postgres.external.connectivityCheck)
|
||||
|
||||
# Extra environment variables for webapp
|
||||
extraEnvVars:
|
||||
[]
|
||||
# - name: CUSTOM_VAR
|
||||
# value: "custom-value"
|
||||
# - name: SECRET_VAR
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: my-secret
|
||||
# key: secret-key
|
||||
#
|
||||
# Example: PostgreSQL SSL with custom CA certificate
|
||||
# - name: NODE_EXTRA_CA_CERTS
|
||||
# value: "/etc/ssl/certs/postgres-ca.crt"
|
||||
|
||||
# Extra volumes for the webapp pod
|
||||
extraVolumes:
|
||||
[]
|
||||
# - name: config-volume
|
||||
# configMap:
|
||||
# name: my-config
|
||||
# - name: secret-volume
|
||||
# secret:
|
||||
# secretName: my-secret
|
||||
#
|
||||
# Example: PostgreSQL SSL CA certificate volume
|
||||
# - name: postgres-ca-cert
|
||||
# secret:
|
||||
# secretName: postgres-ca-secret
|
||||
# items:
|
||||
# - key: ca.crt
|
||||
# path: postgres-ca.crt
|
||||
|
||||
# Extra volume mounts for the webapp container
|
||||
extraVolumeMounts:
|
||||
[]
|
||||
# - name: config-volume
|
||||
# mountPath: /etc/config
|
||||
# readOnly: true
|
||||
# - name: secret-volume
|
||||
# mountPath: /etc/secrets
|
||||
# readOnly: true
|
||||
#
|
||||
# Example: PostgreSQL SSL CA certificate mount
|
||||
# - name: postgres-ca-cert
|
||||
# mountPath: /etc/ssl/certs
|
||||
# readOnly: true
|
||||
|
||||
# ServiceMonitor for Prometheus monitoring
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
interval: "30s"
|
||||
path: "/metrics"
|
||||
labels: {}
|
||||
basicAuth: {}
|
||||
|
||||
# Health probe configuration
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 60
|
||||
successThreshold: 1
|
||||
|
||||
clickhouse:
|
||||
logLevel: "info" # one of: log, error, warn, info, debug
|
||||
runReplication:
|
||||
logLevel: "info" # one of: log, error, warn, info, debug
|
||||
|
||||
# ServiceAccount configuration
|
||||
serviceAccount:
|
||||
create: true
|
||||
# Name of the ServiceAccount to use. Required when create is false - otherwise
|
||||
# the token-syncer RoleBinding would bind to the namespace's "default" SA.
|
||||
name: ""
|
||||
# Annotations to add to the ServiceAccount (e.g. eks.amazonaws.com/role-arn for IRSA)
|
||||
annotations: {}
|
||||
|
||||
# Observability configuration (OTel)
|
||||
observability:
|
||||
tracing:
|
||||
exporterUrl: ""
|
||||
exporterAuthHeaders: ""
|
||||
loggingEnabled: "0"
|
||||
samplingRate: "20"
|
||||
instrumentPrismaEnabled: "0"
|
||||
disabled: "0"
|
||||
logging:
|
||||
exporterUrl: ""
|
||||
# Log auth headers are currently set to tracing.exporterAuthHeaders
|
||||
metrics:
|
||||
exporterUrl: ""
|
||||
exporterAuthHeaders: ""
|
||||
exporterEnabled: "0"
|
||||
exporterIntervalMs: 30000
|
||||
|
||||
# Webapp ingress configuration
|
||||
ingress:
|
||||
enabled: false
|
||||
className: "traefik"
|
||||
# Custom annotations for the ingress resource
|
||||
# Note: The following annotation keys are reserved and will be automatically set:
|
||||
# - cert-manager.io/cluster-issuer (when certManager.enabled is true)
|
||||
# - external-dns.alpha.kubernetes.io/hostname (when externalDns.enabled is true)
|
||||
# - external-dns.alpha.kubernetes.io/ttl (when externalDns.enabled is true)
|
||||
annotations: {}
|
||||
certManager:
|
||||
enabled: false
|
||||
clusterIssuer: "letsencrypt-prod"
|
||||
externalDns:
|
||||
enabled: false
|
||||
hostname: ""
|
||||
ttl: "300"
|
||||
hosts:
|
||||
- host: trigger.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
[]
|
||||
# - secretName: trigger-tls
|
||||
# hosts:
|
||||
# - trigger.local
|
||||
|
||||
# Supervisor configuration
|
||||
supervisor:
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: triggerdotdev/supervisor
|
||||
tag: "" # Defaults to Chart.appVersion when empty
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
# podSecurityContext:
|
||||
# fsGroup: 1000
|
||||
|
||||
# securityContext:
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
workload: 3000
|
||||
metrics: 9088
|
||||
resources: {}
|
||||
config:
|
||||
kubernetes:
|
||||
forceEnabled: true
|
||||
namespace: "" # Default: uses release namespace
|
||||
workerNodetypeLabel: "" # When set, runs will only be scheduled on nodes with "nodetype=<label>"
|
||||
ephemeralStorageSizeLimit: "" # Default: 10Gi
|
||||
ephemeralStorageSizeRequest: "" # Default: 2Gi´
|
||||
podCleaner:
|
||||
enabled: true
|
||||
batchSize: 100
|
||||
intervalMs: 10000 # 10 seconds´
|
||||
failedPodHandler:
|
||||
enabled: true
|
||||
reconnectIntervalMs: 1000
|
||||
workloadApi:
|
||||
enabled: true
|
||||
protocol: "http"
|
||||
portExternal: 3000
|
||||
portInternal: 3000
|
||||
hostInternal: "0.0.0.0"
|
||||
dequeue:
|
||||
enabled: true
|
||||
intervalMs: 250
|
||||
maxRunCount: 100
|
||||
idleIntervalMs: 500
|
||||
runner:
|
||||
heartbeatIntervalSeconds: 30
|
||||
snapshotPollIntervalSeconds: 30
|
||||
metrics:
|
||||
enabled: true
|
||||
collectDefaults: true
|
||||
host: "0.0.0.0"
|
||||
port: 9088
|
||||
debug: false
|
||||
# RBAC configuration
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: ""
|
||||
annotations: {}
|
||||
rbac:
|
||||
create: true
|
||||
# Namespace-scoped permissions for pod management
|
||||
role:
|
||||
name: ""
|
||||
# Extra environment variables for Supervisor
|
||||
extraEnvVars:
|
||||
[]
|
||||
# - name: CUSTOM_VAR
|
||||
# value: "custom-value"
|
||||
|
||||
# ServiceMonitor for Prometheus monitoring
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
interval: "30s"
|
||||
path: "/metrics"
|
||||
labels: {}
|
||||
basicAuth: {}
|
||||
|
||||
# Health probe configuration
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 60
|
||||
successThreshold: 1
|
||||
|
||||
# Bootstrap configuration
|
||||
# When enabled: reads token from shared file, otherwise uses workerToken config
|
||||
bootstrap:
|
||||
enabled: true
|
||||
workerTokenPath: "/home/node/shared/worker_token"
|
||||
workerToken:
|
||||
# Direct value (not recommended for production)
|
||||
value: ""
|
||||
# Secret reference
|
||||
secret:
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
# PostgreSQL configuration
|
||||
# Subchart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
||||
postgres:
|
||||
deploy: true
|
||||
|
||||
image:
|
||||
# Use bitnami legacy repo
|
||||
repository: bitnamilegacy/postgresql
|
||||
# image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r12
|
||||
|
||||
# Bitnami PostgreSQL chart configuration (when deploy: true)
|
||||
auth:
|
||||
enablePostgresUser: true
|
||||
postgresPassword: "postgres"
|
||||
username: "postgres"
|
||||
password: "postgres"
|
||||
database: "main"
|
||||
|
||||
primary:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
resourcesPreset: "small"
|
||||
resources: {}
|
||||
configuration: |
|
||||
listen_addresses = '*'
|
||||
wal_level = logical
|
||||
|
||||
# Custom connection settings
|
||||
connection:
|
||||
schema: "public"
|
||||
sslMode: "disable" # Use "require" or "verify-full" for production with custom CA
|
||||
|
||||
# External PostgreSQL connection (when deploy: false)
|
||||
external:
|
||||
# Database URL configuration - simplified approach using URLs instead of individual parameters
|
||||
databaseUrl: "" # Full PostgreSQL connection URL (e.g., postgresql://user:pass@host:port/db?schema=public&sslmode=prefer)
|
||||
directUrl: "" # Optional: Direct URL for migrations (if not set, databaseUrl will be used)
|
||||
#
|
||||
# Optional: Connectivity check configuration during webapp startup
|
||||
connectivityCheck:
|
||||
host: "" # Optional: hostname:port for wait-for-it script (e.g., "postgres.example.com:5432")
|
||||
#
|
||||
# Secure credential management
|
||||
existingSecret: "" # Name of existing secret containing DATABASE_URL
|
||||
secretKeys:
|
||||
databaseUrlKey: "postgres-database-url" # Key in existing secret containing complete DATABASE_URL
|
||||
directUrlKey: "postgres-direct-url" # Key in existing secret containing direct URL (optional)
|
||||
#
|
||||
# Example: For SSL connections with custom CA (e.g., AWS RDS):
|
||||
# 1. Set connection.sslMode to "require" or "verify-full"
|
||||
# 2. Create a secret with your CA certificate:
|
||||
# kubectl create secret generic postgres-ca-secret --from-file=ca.crt=/path/to/rds-ca-cert.pem
|
||||
# 3. Configure extraVolumes, extraVolumeMounts, and extraEnvVars (see webapp section above)
|
||||
|
||||
# Redis configuration
|
||||
# Subchart: https://github.com/bitnami/charts/tree/main/bitnami/redis
|
||||
redis:
|
||||
deploy: true
|
||||
|
||||
image:
|
||||
# Use bitnami legacy repo
|
||||
repository: bitnamilegacy/redis
|
||||
# image: docker.io/bitnamilegacy/redis:8.0.2-debian-12-r4
|
||||
|
||||
# Bitnami Redis chart configuration (when deploy: true)
|
||||
auth:
|
||||
enabled: false
|
||||
|
||||
# Single-node configuration (disable replica)
|
||||
architecture: standalone
|
||||
|
||||
master:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 5Gi
|
||||
resources: {}
|
||||
|
||||
# External Redis connection (when deploy: false)
|
||||
external:
|
||||
host: ""
|
||||
port: 6379
|
||||
password: "" # Optional - ignored if existingSecret is set
|
||||
tls:
|
||||
enabled: false # Set to true for Redis instances requiring TLS (e.g., AWS ElastiCache)
|
||||
#
|
||||
# Secure credential management
|
||||
existingSecret: "" # Name of existing secret containing password
|
||||
existingSecretPasswordKey: "redis-password" # Key in existing secret containing password
|
||||
|
||||
# Electric configuration
|
||||
electric:
|
||||
deploy: true
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: electricsql/electric
|
||||
tag: "1.2.4"
|
||||
pullPolicy: IfNotPresent
|
||||
config:
|
||||
insecure: true
|
||||
usageReporting: false
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
# podSecurityContext:
|
||||
# fsGroup: 1000
|
||||
|
||||
# securityContext:
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
targetPort: 3000
|
||||
resources: {}
|
||||
|
||||
# Health probe configuration
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 60
|
||||
successThreshold: 1
|
||||
|
||||
# External Electric connection (when deploy: false)
|
||||
external:
|
||||
url: "" # For example: "http://electric:3000"
|
||||
|
||||
# Extra environment variables for Electric
|
||||
extraEnvVars:
|
||||
[]
|
||||
# - name: CUSTOM_VAR
|
||||
# value: "custom-value"
|
||||
|
||||
# S2 (realtime streams v2)
|
||||
# s2-lite is the open-source, self-hostable S2 server (https://s2.dev). It backs
|
||||
# realtime streams v2, which power AI-agent token streaming and run streams. When
|
||||
# enabled, the webapp defaults to v2; set `defaultStreamVersion: v1` to fall back
|
||||
# to the Redis-backed v1 streams. Disable entirely with `deploy: false` and no
|
||||
# external endpoint.
|
||||
s2:
|
||||
deploy: true
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: s2-streamstore/s2
|
||||
tag: "latest"
|
||||
# Pinning by digest is strongly recommended for reproducible deployments
|
||||
digest: "sha256:d6ded5ca7dd619fa7c946f06e39a98f9c95c6883c8bb884e5eaa129f232c920c"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Which stream protocol version the webapp defaults to when a client doesn't pin one.
|
||||
# Only takes effect while S2 is enabled (deploy: true or an external endpoint set);
|
||||
# with S2 fully disabled the webapp always falls back to v1.
|
||||
defaultStreamVersion: "v2"
|
||||
|
||||
# Basin that holds realtime streams. Created on startup from the init config.
|
||||
# Must be at least 8 characters.
|
||||
basin: "trigger-realtime"
|
||||
|
||||
# s2-lite needs no authentication; skip minting per-stream access tokens.
|
||||
# Set to false when pointing at a hosted S2 that requires a token.
|
||||
skipAccessTokens: true
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
# s2-lite is distroless and runs as uid 65532. fsGroup makes the persistent
|
||||
# volume writable by that user without running the container as root.
|
||||
podSecurityContext:
|
||||
fsGroup: 65532
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
runAsGroup: 65532
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
# High container port so s2-lite can bind as the non-root image user (65532)
|
||||
# without needing CAP_NET_BIND_SERVICE for a privileged port
|
||||
targetPort: 8080
|
||||
|
||||
# Persistent storage for the SlateDB-backed stream data
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 5Gi
|
||||
accessMode: ReadWriteOnce
|
||||
storageClass: ""
|
||||
retain: false
|
||||
|
||||
resources: {}
|
||||
|
||||
# Health probe configuration (distroless image → TCP probes, no shell/HTTP tooling)
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
|
||||
# External S2 connection (when deploy: false). Point at a hosted S2 basin, e.g.
|
||||
# "https://<basin>.b.aws.s2.dev/v1", set skipAccessTokens: false above, and
|
||||
# supply an access token either inline or via an existing secret.
|
||||
external:
|
||||
endpoint: ""
|
||||
accessToken: ""
|
||||
existingSecret: ""
|
||||
existingSecretAccessTokenKey: "access-token"
|
||||
|
||||
# ClickHouse configuration
|
||||
# Subchart: https://github.com/bitnami/charts/tree/main/bitnami/clickhouse
|
||||
clickhouse:
|
||||
deploy: true
|
||||
|
||||
image:
|
||||
# Use bitnami legacy repo
|
||||
repository: bitnamilegacy/clickhouse
|
||||
# image: docker.io/bitnamilegacy/clickhouse:25.7.5-debian-12-r0
|
||||
|
||||
# TLS/Secure connection configuration
|
||||
secure: false # Set to true to use HTTPS and secure connections
|
||||
|
||||
# Bitnami ClickHouse chart configuration (when deploy: true)
|
||||
auth:
|
||||
username: "default"
|
||||
password: "password"
|
||||
|
||||
# Single-node configuration (disable clustering for dev/test)
|
||||
keeper:
|
||||
enabled: false
|
||||
|
||||
shards: 1
|
||||
replicaCount: 1
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
|
||||
## ClickHouse resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
resourcesPreset: "xlarge"
|
||||
resources: {}
|
||||
|
||||
# External ClickHouse connection (when deploy: false)
|
||||
external:
|
||||
host: ""
|
||||
httpPort: 8123
|
||||
nativePort: 9000
|
||||
username: ""
|
||||
password: "" # Optional - ignored if existingSecret is set
|
||||
secure: false # Set to true for external secure connections
|
||||
#
|
||||
# Secure credential management
|
||||
existingSecret: "" # Name of existing secret containing password
|
||||
existingSecretKey: "clickhouse-password" # Key in existing secret containing password
|
||||
|
||||
# ClickHouse configuration override
|
||||
# These defaults are based on official recommendations for systems with <16GB RAM:
|
||||
# https://clickhouse.com/docs/operations/tips
|
||||
configdFiles:
|
||||
override.xml: |
|
||||
<clickhouse>
|
||||
<logger>
|
||||
<level>warning</level>
|
||||
</logger>
|
||||
<!-- Official recommendations for systems with <16GB RAM -->
|
||||
<mark_cache_size>524288000</mark_cache_size> <!-- 500MB -->
|
||||
<concurrent_threads_soft_limit_num>1</concurrent_threads_soft_limit_num>
|
||||
<profiles>
|
||||
<default>
|
||||
<max_block_size>8192</max_block_size>
|
||||
<max_download_threads>1</max_download_threads>
|
||||
<input_format_parallel_parsing>0</input_format_parallel_parsing>
|
||||
<output_format_parallel_formatting>0</output_format_parallel_formatting>
|
||||
</default>
|
||||
</profiles>
|
||||
</clickhouse>
|
||||
|
||||
# S3-compatible object storage configuration
|
||||
# Subchart: https://github.com/bitnami/charts/tree/main/bitnami/minio
|
||||
s3:
|
||||
# Set to false to use external S3-compatible storage
|
||||
# Set to true to deploy internal MinIO (default)
|
||||
deploy: true
|
||||
|
||||
image:
|
||||
# Use bitnami legacy repo
|
||||
repository: bitnamilegacy/minio
|
||||
# image: docker.io/bitnamilegacy/minio:2025.6.13-debian-12-r0
|
||||
|
||||
# MinIO Console (Browser UI) configuration
|
||||
console:
|
||||
image:
|
||||
repository: bitnamilegacy/minio-object-browser
|
||||
# image: docker.io/bitnamilegacy/minio-object-browser:2025.1.10-debian-12-r1
|
||||
|
||||
# Bitnami MinIO chart configuration (when deploy: true)
|
||||
# MinIO provides S3-compatible storage when deployed internally
|
||||
auth:
|
||||
rootUser: "admin"
|
||||
rootPassword: "very-safe-password"
|
||||
# Webapp credentials for S3 access (defaults to root credentials if not specified)
|
||||
accessKeyId: "" # Defaults to rootUser if empty
|
||||
secretAccessKey: "" # Defaults to rootPassword if empty
|
||||
# Existing secret support for webapp credentials
|
||||
existingSecret: "" # If set, accessKeyId/secretAccessKey will be ignored
|
||||
accessKeyIdSecretKey: "access-key-id" # Key in existingSecret containing access key ID
|
||||
secretAccessKeySecretKey: "secret-access-key" # Key in existingSecret containing secret access key
|
||||
|
||||
# The required "packets" bucket is created by default.
|
||||
defaultBuckets: "packets"
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
resources: {}
|
||||
|
||||
# External S3 connection (when deploy: false)
|
||||
external:
|
||||
endpoint: "" # e.g., "https://s3.amazonaws.com" or "https://your-minio.com:9000"
|
||||
accessKeyId: "admin" # Default for internal MinIO - change for production
|
||||
secretAccessKey: "very-safe-password" # Default for internal MinIO - change for production
|
||||
#
|
||||
# Secure credential management
|
||||
existingSecret: "" # Name of existing secret containing S3 credentials
|
||||
existingSecretAccessKeyIdKey: "access-key-id" # Key in existing secret containing access key ID
|
||||
existingSecretSecretAccessKeyKey: "secret-access-key" # Key in existing secret containing secret access key
|
||||
#
|
||||
# Multi-provider support (optional)
|
||||
# To use multiple S3-compatible providers (e.g., S3 + R2), set defaultProtocol and configure named providers
|
||||
# via extraEnvVars. For example:
|
||||
# - OBJECT_STORE_DEFAULT_PROTOCOL=s3 # Protocol to use for new uploads
|
||||
# - OBJECT_STORE_S3_BASE_URL=https://s3.amazonaws.com
|
||||
# - OBJECT_STORE_S3_ACCESS_KEY_ID=...
|
||||
# - OBJECT_STORE_S3_SECRET_ACCESS_KEY=...
|
||||
# - OBJECT_STORE_R2_BASE_URL=https://...r2.cloudflarestorage.com
|
||||
# - OBJECT_STORE_R2_ACCESS_KEY_ID=...
|
||||
# - OBJECT_STORE_R2_SECRET_ACCESS_KEY=...
|
||||
# See documentation for migration guide: https://trigger.dev/docs/self-hosting/env/webapp
|
||||
|
||||
# Docker Registry configuration
|
||||
registry:
|
||||
# EXPERIMENTAL - requires ingress/TLS setup or additional cluster configuration. Configure `external` details instead.
|
||||
deploy: false
|
||||
|
||||
# This will be used when deploy: true
|
||||
host: "registry.example.com"
|
||||
|
||||
# Docker repository namespace for deployed images, will be part of the image ref
|
||||
repositoryNamespace: "trigger"
|
||||
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: registry
|
||||
tag: "2"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
auth:
|
||||
enabled: true
|
||||
username: "registry-user"
|
||||
password: "very-secure-indeed"
|
||||
|
||||
# External Registry connection (when deploy: false)
|
||||
external:
|
||||
host: "localhost:5001"
|
||||
auth:
|
||||
enabled: false
|
||||
username: ""
|
||||
password: ""
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
# podSecurityContext:
|
||||
# fsGroup: 1000
|
||||
|
||||
# securityContext:
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
# Persistence configuration (Bitnami-style)
|
||||
persistence:
|
||||
enabled: true
|
||||
# Name to assign the volume
|
||||
volumeName: "data"
|
||||
# Name of an existing PVC to use
|
||||
existingClaim: ""
|
||||
# The path the volume will be mounted at
|
||||
mountPath: "/var/lib/registry"
|
||||
# The subdirectory of the volume to mount to
|
||||
subPath: ""
|
||||
# PVC Storage Class for Registry data volume
|
||||
storageClass: ""
|
||||
# PVC Access Mode for Registry volume
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
# PVC Storage Request for Registry volume
|
||||
size: 10Gi
|
||||
# Annotations for the PVC
|
||||
annotations: {}
|
||||
# Labels for the PVC
|
||||
labels: {}
|
||||
# Selector to match an existing Persistent Volume
|
||||
selector: {}
|
||||
# Custom PVC data source
|
||||
dataSource: {}
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
resources: {}
|
||||
|
||||
# Health probe configuration
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 5
|
||||
successThreshold: 1
|
||||
startupProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 60
|
||||
successThreshold: 1
|
||||
|
||||
# Extra environment variables for Registry
|
||||
extraEnvVars:
|
||||
[]
|
||||
# - name: CUSTOM_VAR
|
||||
# value: "custom-value"
|
||||
|
||||
# Registry ingress configuration
|
||||
ingress:
|
||||
enabled: false
|
||||
className: "traefik"
|
||||
# Custom annotations for the ingress resource
|
||||
# Note: The following annotation keys are reserved and will be automatically set:
|
||||
# - cert-manager.io/cluster-issuer (when certManager.enabled is true)
|
||||
# - external-dns.alpha.kubernetes.io/hostname (when externalDns.enabled is true)
|
||||
# - external-dns.alpha.kubernetes.io/ttl (when externalDns.enabled is true)
|
||||
annotations: {}
|
||||
certManager:
|
||||
enabled: false
|
||||
clusterIssuer: "letsencrypt-prod"
|
||||
externalDns:
|
||||
enabled: false
|
||||
hostname: ""
|
||||
ttl: "300"
|
||||
hosts:
|
||||
- host: registry.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
[]
|
||||
# - secretName: registry-tls
|
||||
# hosts:
|
||||
# - registry.local
|
||||
|
||||
# Shared persistent volumes
|
||||
persistence:
|
||||
# This is used for the worker token file
|
||||
shared:
|
||||
enabled: true
|
||||
size: 5Mi
|
||||
accessMode: ReadWriteOnce
|
||||
# accessMode: ReadWriteMany # Use for cross-node deployment (requires compatible storage class)
|
||||
storageClass: ""
|
||||
retain: true # Prevents deletion on uninstall
|
||||
|
||||
# Telemetry configuration
|
||||
telemetry:
|
||||
enabled: true
|
||||
|
||||
# Extra Kubernetes manifests
|
||||
# This allows you to add additional Kubernetes resources that will be deployed with the chart
|
||||
extraManifests:
|
||||
[]
|
||||
# - apiVersion: v1
|
||||
# kind: ConfigMap
|
||||
# metadata:
|
||||
# name: my-config
|
||||
# data:
|
||||
# key: value
|
||||
# - apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: my-app
|
||||
# spec:
|
||||
# replicas: 1
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app: my-app
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app: my-app
|
||||
# spec:
|
||||
# containers:
|
||||
# - name: my-container
|
||||
# image: nginx:latest
|
||||
Reference in New Issue
Block a user