production-values.yaml 1.68 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1 2 3
service:
  externalPort: 80
  internalPort: 80
Dominik Hebeler's avatar
Dominik Hebeler committed
4
hpa:
Dominik Hebeler's avatar
Dominik Hebeler committed
5
  enabled: true
Dominik Hebeler's avatar
Dominik Hebeler committed
6
  minReplicas: 5
7
  maxReplicas: 100
8 9 10 11 12 13 14
resources:
  limits:
    cpu: 500m
    memory: 1Gi
  requests:
    cpu: 500m
    memory: 1Gi
Dominik Hebeler's avatar
Dominik Hebeler committed
15 16
podDisruptionBudget:
  enabled: true
17
  minAvailable: 4
Dominik Hebeler's avatar
Dominik Hebeler committed
18
  maxUnavailable:
19 20 21 22
podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/path: /metrics
  prometheus.io/port: "80"
Dominik Hebeler's avatar
Dominik Hebeler committed
23
deploymentApiVersion: apps/v1
Dominik Hebeler's avatar
Dominik Hebeler committed
24 25
ingress:
  annotations:
Dominik Hebeler's avatar
Dominik Hebeler committed
26
    cert-manager.io/cluster-issuer: letsencrypt-prod
Dominik Hebeler's avatar
Dominik Hebeler committed
27
    nginx.ingress.kubernetes.io/configuration-snippet: |
Dominik Hebeler's avatar
Dominik Hebeler committed
28
      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self'; base-uri; manifest-src; plugin-types; report-uri; report-to";
Dominik Hebeler's avatar
Dominik Hebeler committed
29 30 31 32
      more_set_headers "X-Frame-Options: DENY";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "ReferrerPolicy: origin";
      more_set_headers "X-XSS-Protection: 1; mode=block";
Dominik Hebeler's avatar
Dominik Hebeler committed
33 34 35 36 37 38 39 40
      if ($host = "www.metager.de") {
          return 301 https://metager.de$request_uri;
      }
      if ($host = "www.metager.org") {
          return 301 https://metager.org$request_uri;
      }
      if ($host = "www.metager.es") {
          return 301 https://metager.es$request_uri;
41 42 43
      }
      if ($host = "klassik.metager.org") {
          return 301 https://metager.de$request_uri;
Dominik Hebeler's avatar
Dominik Hebeler committed
44
      }