alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 13 Packages Projects Releases Wiki Activity
PSA/helm/README.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

52 lines
2.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

helm template sebastian sebastian_helm
helm install sebastian . --create-namespace --kubeconfig ~/.kube/config-hv-dev -n msp
helm list
helm upgrade sebastian --kubeconfig ~/.kube/config-dev . -n msp
---
sudo helm template sebastian helm -f values.draft.yaml > deployment.yaml
Istio/Vault networking
- The chart sets `traffic.sidecar.istio.io/excludeOutboundPorts: "8200"` by default when you enable Vault annotations, so Vault Agent can reach Vault without Envoy during init.
- You can fine-tune via values:
- `istio.sidecar.excludeOutboundPorts` (list, default ["8200"]) bypass Envoy for these ports.
- `istio.sidecar.excludeOutboundIPRanges` (string CIDRs) optionally bypass by IP ranges.
- `istio.sidecar.includeOutboundIPRanges` (string CIDRs) optionally restrict Envoy egress ranges.
Upgrade example
- `helm upgrade sebastian . -n msp -f values.yaml`
## Istio Gateway + VirtualService (optional)
Enable Istio-managed ingress when you terminate TLS upstream (e.g., Cloudflare) and send HTTP to the cluster.
1) Label the namespace for injection:
- kubectl label ns msp istio-injection=enabled --overwrite
- or: kubectl label ns msp istio.io/rev=default --overwrite
2) Enable the templates and set hosts:
helm upgrade --install sebastian . -n msp \
--set istio.enabled=true \
--set istio.gateway.selector.istio=ingress \
--set istio.hosts={sebastian.9minds.ai,green-sebastian.9minds.ai,blue-sebastian.9minds.ai,istio.9minds.ai} \
--set istio.routes.default.service=sebastian-green \
--set istio.routes.default.port=3000 \
--set istio.routes.green.host=green-sebastian.9minds.ai \
--set istio.routes.green.service=sebastian-green \
--set istio.routes.green.port=3000 \
--set istio.routes.blue.host=blue-sebastian.9minds.ai \
--set istio.routes.blue.service=sebastian-blue \
--set istio.routes.blue.port=3000
Notes:
- Only HTTP (port 80) is exposed by the Gateway. Terminate TLS at your reverse
proxy (e.g., Cloudflare) and target the origin URL:
http://istio-ingress.istio-system.svc.cluster.local:80
- The default apex host routes to green. Adjust to your needs.
Reference in New Issue View Git Blame Copy Permalink