Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b5abc5958f | |||
| 458fbdac9d | |||
| 4a7058fd1e | |||
| 63df9a5aba |
@@ -2,5 +2,5 @@ apiVersion: v2
|
|||||||
name: pieced-threema-gateway
|
name: pieced-threema-gateway
|
||||||
description: PieCed IT central Threema Gateway relay
|
description: PieCed IT central Threema Gateway relay
|
||||||
type: application
|
type: application
|
||||||
version: 0.1.1
|
version: 0.1.5
|
||||||
appVersion: "0.1.1"
|
appVersion: "0.1.5"
|
||||||
|
|||||||
@@ -17,6 +17,10 @@ spec:
|
|||||||
app.kubernetes.io/name: pieced-threema-gateway
|
app.kubernetes.io/name: pieced-threema-gateway
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: pieced-threema-gateway
|
serviceAccountName: pieced-threema-gateway
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: relay
|
- name: relay
|
||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
|
|||||||
@@ -68,10 +68,17 @@ spec:
|
|||||||
- ports:
|
- ports:
|
||||||
- port: "443"
|
- port: "443"
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
# Postgres (same namespace)
|
# Postgres (same namespace).
|
||||||
|
#
|
||||||
|
# We match on the namespace label rather than `cnpg.io/cluster`
|
||||||
|
# because that CNPG label is not in Cilium's default identity-relevant
|
||||||
|
# label set in most installations — pods labelled that way still get a
|
||||||
|
# generic Cilium identity, so a matchLabels on it won't match anything.
|
||||||
|
# Restricting to port 5432 + same namespace is safe: the only thing
|
||||||
|
# listening on 5432 in this namespace is CNPG.
|
||||||
- toEndpoints:
|
- toEndpoints:
|
||||||
- matchLabels:
|
- matchLabels:
|
||||||
"cnpg.io/cluster": "pieced-threema-gateway-db"
|
"k8s:io.kubernetes.pod.namespace": {{ .Values.namespace | quote }}
|
||||||
toPorts:
|
toPorts:
|
||||||
- ports:
|
- ports:
|
||||||
- port: "5432"
|
- port: "5432"
|
||||||
|
|||||||
@@ -5,10 +5,16 @@
|
|||||||
namespace: threema-gateway
|
namespace: threema-gateway
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: git.c5ai.ch/pieced/pieced-threema-gateway
|
repository: registry.c5ai.ch/pieced/pieced-threema-gateway
|
||||||
tag: "0.1.1"
|
tag: "0.1.5"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
# Pull from registry.c5ai.ch — matches operator + portal pattern.
|
||||||
|
# The Secret must already exist in the namespace (one-shot copy from
|
||||||
|
# pieced-system on initial bootstrap; see README).
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: registry-creds
|
||||||
|
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
|
||||||
service:
|
service:
|
||||||
@@ -33,7 +39,11 @@ postgres:
|
|||||||
instances: 1
|
instances: 1
|
||||||
storage:
|
storage:
|
||||||
size: 5Gi
|
size: 5Gi
|
||||||
storageClass: longhorn-luks2
|
# Matches portal-db, litellm-pg, zitadel-pg, twenty-pg in pieced-gitops.
|
||||||
|
# The relay's `messages` log row payload is small (no message bodies,
|
||||||
|
# ~80 B per row), so 5Gi covers ~50 M messages — far beyond what a
|
||||||
|
# single tenant's billing window will need.
|
||||||
|
storageClass: longhorn
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
|||||||
Reference in New Issue
Block a user