284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
235 lines
5.6 KiB
YAML
235 lines
5.6 KiB
YAML
# Default values for temporal-worker.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# Enable/disable the temporal worker deployment
|
|
enabled: true
|
|
|
|
# Image configuration
|
|
image:
|
|
repository: "" # Set to your container registry and image name
|
|
tag: latest
|
|
pullPolicy: Always
|
|
is_private: true
|
|
credentials: "" # Set to your registry credentials secret name
|
|
|
|
# Number of replicas
|
|
replicaCount: 2
|
|
|
|
# Rolling update configuration
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
|
|
# Service configuration
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
# Temporal configuration
|
|
temporal:
|
|
# Address of the Temporal frontend service
|
|
address: temporal-frontend.temporal.svc.cluster.local:7233
|
|
# Temporal namespace to use
|
|
namespace: default
|
|
# Task queue name (comma-separated for multiple queues)
|
|
taskQueue: tenant-workflows,portal-domain-workflows,email-domain-workflows
|
|
# Maximum concurrent activity executions
|
|
maxConcurrentActivityExecutions: 10
|
|
# Maximum concurrent workflow task executions
|
|
maxConcurrentWorkflowTaskExecutions: 10
|
|
|
|
# NM Store configuration
|
|
nm_store:
|
|
baseUrl: "" # Set to your NM Store service URL
|
|
|
|
# Logging configuration
|
|
logLevel: info
|
|
|
|
# Encryption configuration (should match main application)
|
|
encryption:
|
|
saltBytes: "12"
|
|
iterations: "10000"
|
|
keyLength: "64"
|
|
algorithm: sha512
|
|
|
|
# Vault configuration for secret management
|
|
vault:
|
|
enabled: false # Enable in production
|
|
role: temporal-worker
|
|
secretPath: secret/data/app/temporal-worker
|
|
sharedSecretPath: secret/data/app/shared
|
|
|
|
# Local secrets (used when Vault is disabled)
|
|
# IMPORTANT: Change these in production!
|
|
secrets:
|
|
internalApiSharedSecret: "change-me-in-production"
|
|
algaAuthKey: "change-me-in-production"
|
|
nextauthSecret: "change-me-in-production"
|
|
|
|
# Service Account configuration
|
|
serviceAccount:
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# Automatically mount service account token
|
|
automountServiceAccountToken: true
|
|
|
|
# Resource limits and requests
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
|
|
# Horizontal Pod Autoscaler configuration
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 2
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 80
|
|
behavior:
|
|
scaleDown:
|
|
stabilizationWindowSeconds: 300
|
|
policies:
|
|
- type: Percent
|
|
value: 10
|
|
periodSeconds: 60
|
|
- type: Pods
|
|
value: 1
|
|
periodSeconds: 60
|
|
scaleUp:
|
|
stabilizationWindowSeconds: 60
|
|
policies:
|
|
- type: Percent
|
|
value: 100
|
|
periodSeconds: 60
|
|
- type: Pods
|
|
value: 2
|
|
periodSeconds: 60
|
|
|
|
# Pod Disruption Budget configuration
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|
|
|
|
# Health check probe configuration
|
|
livenessProbe:
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 30
|
|
timeoutSeconds: 10
|
|
failureThreshold: 3
|
|
successThreshold: 1
|
|
|
|
readinessProbe:
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
successThreshold: 1
|
|
|
|
# Pod annotations
|
|
podAnnotations: {}
|
|
|
|
# Pod security context
|
|
podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
# Security context
|
|
securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
# Node selector for pod assignment
|
|
nodeSelector: {}
|
|
|
|
# Tolerations for pod assignment
|
|
tolerations: []
|
|
|
|
# Affinity rules for pod assignment
|
|
affinity: {}
|
|
|
|
# Additional environment variables
|
|
extraEnv: []
|
|
# - name: EXTRA_VAR
|
|
# value: "extra-value"
|
|
|
|
# Auth configuration
|
|
auth:
|
|
nextauthSecretSecret:
|
|
name: ""
|
|
key: NEXTAUTH_SECRET
|
|
|
|
# Portal domain management configuration
|
|
portalDomain:
|
|
# Namespace where TLS certificates are issued (source secrets)
|
|
certificateNamespace: "" # Set to your certificate namespace
|
|
# Namespace where gateway resources (and replicated TLS secrets) live when secret replication is enabled
|
|
gatewayNamespace: ""
|
|
# Whether to create RBAC bindings that allow the worker to sync TLS secrets
|
|
secretReplicationEnabled: false
|
|
# Optional base VirtualService reference (<namespace>/<name>) for portal-domain workflows.
|
|
# Leave empty when portal-domain routing is not managed in this environment.
|
|
baseVirtualService: ""
|
|
|
|
# Additional volumes
|
|
extraVolumes: []
|
|
# - name: extra-volume
|
|
# configMap:
|
|
# name: extra-configmap
|
|
|
|
# Additional volume mounts
|
|
extraVolumeMounts: []
|
|
# - name: extra-volume
|
|
# mountPath: /extra
|
|
# readOnly: true
|
|
|
|
# Database configuration
|
|
# These values should be provided by the parent chart or overridden in production
|
|
db:
|
|
host: "postgresql.default.svc.cluster.local"
|
|
port: "5432"
|
|
serverDatabase: "app_server"
|
|
user: "app_user_pgbouncer"
|
|
# Secret references for passwords
|
|
serverPasswordSecret:
|
|
name: "db-secrets"
|
|
key: "pgbouncer-password"
|
|
adminPasswordSecret:
|
|
name: "db-secrets"
|
|
key: "admin-password"
|
|
|
|
# Email configuration
|
|
email:
|
|
resendApiKeySecret:
|
|
name: "app-secrets"
|
|
key: "RESEND_API_KEY"
|
|
|
|
# Stripe configuration (for billing integration during tenant creation)
|
|
stripe:
|
|
# Stripe API secret key - should be provided via Kubernetes secret
|
|
secretKeySecret:
|
|
name: "stripe-credentials"
|
|
key: "STRIPE_SECRET_KEY"
|
|
# Master billing tenant ID (organization tenant ID for billing operations)
|
|
masterBillingTenantId: "" # Should be set via override or secret
|
|
|
|
# Application configuration
|
|
applicationUrl: "" # Set to your application URL (e.g., https://example.com)
|
|
|
|
# Namespace override (optional)
|
|
namespace: ""
|
|
|
|
# Name overrides
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
# Pod labels
|
|
podLabels: {}
|