Simon Franken
f758aa2fcd
Add backend.oidc.iosRedirectUri (default: timetracker://oauth/callback) and backend.jwt.secret to values.yaml and wire them into the backend deployment as OIDC_IOS_REDIRECT_URI and JWT_SECRET env vars. Update NOTES.txt to surface both values post-install.
125 lines
2.7 KiB
YAML
125 lines
2.7 KiB
YAML
# Default values for timetracker
|
|
|
|
# External PostgreSQL Configuration
|
|
# PREREQUISITE: An existing PostgreSQL database must be provisioned before installing this chart.
|
|
postgresql:
|
|
host: "postgres"
|
|
port: 5432
|
|
database: "timetracker"
|
|
|
|
# Provide credentials either inline or from an existing secret.
|
|
# If auth.existingSecret is set, username and password are read from that
|
|
# secret using the keys "username" and "password". The inline auth.username
|
|
# and auth.password values are ignored in that case.
|
|
auth:
|
|
username: "timetracker"
|
|
password: "timetracker_password"
|
|
existingSecret: ""
|
|
|
|
# Backend Configuration
|
|
backend:
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: git.simon-franken.de/simonfranken/timetracker-backend
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 3001
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
# OIDC Configuration (REQUIRED - must be set)
|
|
oidc:
|
|
issuerUrl: ""
|
|
clientId: ""
|
|
# Redirect URI registered in the IDP for the iOS native app.
|
|
# Must match the custom URL scheme configured in the iOS app.
|
|
iosRedirectUri: "timetracker://oauth/callback"
|
|
|
|
# Session configuration
|
|
session:
|
|
secret: "change-this-secret-in-production"
|
|
|
|
# JWT configuration (for iOS Bearer token auth)
|
|
# jwt.secret is used to sign backend-issued JWTs for the iOS app.
|
|
# If left empty it falls back to session.secret.
|
|
# Set this to a dedicated secret in production.
|
|
jwt:
|
|
secret: ""
|
|
|
|
env:
|
|
nodeEnv: production
|
|
port: 3001
|
|
|
|
# Frontend Configuration
|
|
frontend:
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: git.simon-franken.de/simonfranken/timetracker-frontend
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
|
|
# Ingress Configuration
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
|
|
|
hosts:
|
|
- host: timetracker.local
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
service: frontend
|
|
port: 8080
|
|
- path: /api(/|$)(.*)
|
|
pathType: ImplementationSpecific
|
|
service: backend
|
|
port: 3001
|
|
|
|
tls:
|
|
enabled: false
|
|
secretName: timetracker-tls
|
|
|
|
# Image pull secrets
|
|
imagePullSecrets: []
|
|
|
|
# Pod annotations
|
|
podAnnotations: {}
|
|
|
|
# Pod security context
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
# Service account
|
|
serviceAccount:
|
|
create: true
|
|
annotations: {}
|
|
name: ""
|