alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 13 Packages Projects Releases Wiki Activity
PSA/helm
History
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00
..
templates
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
.gitignore
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
.helmignore
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
Chart.yaml
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
LICENSE
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
README.md
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00
values.yaml
Initial import of AlgaPSA codebase from PSA server
2026-06-22 16:12:17 -05:00

README.md

helm template sebastian sebastian_helm

helm install sebastian . --create-namespace --kubeconfig ~/.kube/config-hv-dev -n msp

helm list

helm upgrade sebastian --kubeconfig ~/.kube/config-dev . -n msp

sudo helm template sebastian helm -f values.draft.yaml > deployment.yaml

Istio/Vault networking

  • The chart sets traffic.sidecar.istio.io/excludeOutboundPorts: "8200" by default when you enable Vault annotations, so Vault Agent can reach Vault without Envoy during init.
  • You can fine-tune via values:
    • istio.sidecar.excludeOutboundPorts (list, default ["8200"]) bypass Envoy for these ports.
    • istio.sidecar.excludeOutboundIPRanges (string CIDRs) optionally bypass by IP ranges.
    • istio.sidecar.includeOutboundIPRanges (string CIDRs) optionally restrict Envoy egress ranges.

Upgrade example

  • helm upgrade sebastian . -n msp -f values.yaml

Istio Gateway + VirtualService (optional)

Enable Istio-managed ingress when you terminate TLS upstream (e.g., Cloudflare) and send HTTP to the cluster.

  1. Label the namespace for injection:

    • kubectl label ns msp istio-injection=enabled --overwrite
    • or: kubectl label ns msp istio.io/rev=default --overwrite

  2. Enable the templates and set hosts:

    helm upgrade --install sebastian . -n msp
    --set istio.enabled=true
    --set istio.gateway.selector.istio=ingress
    --set istio.hosts={sebastian.9minds.ai,green-sebastian.9minds.ai,blue-sebastian.9minds.ai,istio.9minds.ai}
    --set istio.routes.default.service=sebastian-green
    --set istio.routes.default.port=3000
    --set istio.routes.green.host=green-sebastian.9minds.ai
    --set istio.routes.green.service=sebastian-green
    --set istio.routes.green.port=3000
    --set istio.routes.blue.host=blue-sebastian.9minds.ai
    --set istio.routes.blue.service=sebastian-blue
    --set istio.routes.blue.port=3000

Notes: