production-values.yaml 2.7 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
2
postgresql:
  enabled: false
Dominik Hebeler's avatar
Dominik Hebeler committed
3
4
5
service:
  externalPort: 80
  internalPort: 80
Dominik Hebeler's avatar
Dominik Hebeler committed
6
hpa:
Dominik Hebeler's avatar
Dominik Hebeler committed
7
  enabled: true
Dominik Hebeler's avatar
Dominik Hebeler committed
8
  minReplicas: 3
9
  maxReplicas: 100
Dominik Hebeler's avatar
Dominik Hebeler committed
10
11
podDisruptionBudget:
  enabled: true
Dominik Hebeler's avatar
Dominik Hebeler committed
12
13
  minAvailable: 3
  maxUnavailable:
14
15
16
17
podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/path: /metrics
  prometheus.io/port: "80"
Dominik Hebeler's avatar
Dominik Hebeler committed
18
deploymentApiVersion: apps/v1
19
20
21
resources:
  requests:
  limits:
Dominik Hebeler's avatar
Dominik Hebeler committed
22
resourcesPhpfpm: 
23
24
25
26
  requests:
    cpu: 500m
    memory: 500M
  limits:
Dominik Hebeler's avatar
Dominik Hebeler committed
27
resourcesNginx: 
28
29
30
31
  requests:
    cpu: 100m
    memory: 100M
  limits:
Dominik Hebeler's avatar
Dominik Hebeler committed
32
resourcesRedis: 
33
34
35
36
  requests:
    cpu: 100m
    memory: 1Gi
  limits:
Dominik Hebeler's avatar
Dominik Hebeler committed
37
resourcesFetcher: 
38
39
40
41
  requests:
    cpu: 500m
    memory: 100M
  limits:
42
43
44
45
resources:
  requests:
    cpu: 500m
    memory: 500M
Dominik Hebeler's avatar
Dominik Hebeler committed
46
ingress:
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
  tls:
    enabled: true
    custom:
      tls:
      - hosts:
        - metager.de
        - www.metager.de
        secretName: metager-de-tls
      - hosts:
        - metager.org
        - www.metager.org
        - klassik.metager.org
        secretName: metager-org-tls
      - hosts:
        - metager.es
        - www.metager.es
        secretName: production-auto-deploy-tls
Dominik Hebeler's avatar
Dominik Hebeler committed
64
  annotations:
Dominik Hebeler's avatar
Dominik Hebeler committed
65
    cert-manager.io/cluster-issuer: letsencrypt-prod
Dominik Hebeler's avatar
Dominik Hebeler committed
66
67
    nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
    nginx.ingress.kubernetes.io/proxy-body-size: "30m"
Dominik Hebeler's avatar
Dominik Hebeler committed
68
    nginx.ingress.kubernetes.io/configuration-snippet: |
69
      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
Dominik Hebeler's avatar
Dominik Hebeler committed
70
      more_set_headers "X-Frame-Options: sameorigin";
Dominik Hebeler's avatar
Dominik Hebeler committed
71
72
73
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "ReferrerPolicy: origin";
      more_set_headers "X-XSS-Protection: 1; mode=block";
74
      more_set_headers "Permissions-Policy: interest-cohort=()";
75
76
77
      if ($arg_out = "results-with-style") {
        more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
      }
Dominik Hebeler's avatar
Dominik Hebeler committed
78
79
80
81
82
83
84
85
      if ($host = "www.metager.de") {
          return 301 https://metager.de$request_uri;
      }
      if ($host = "www.metager.org") {
          return 301 https://metager.org$request_uri;
      }
      if ($host = "www.metager.es") {
          return 301 https://metager.es$request_uri;
86
87
88
      }
      if ($host = "klassik.metager.org") {
          return 301 https://metager.de$request_uri;
Dominik Hebeler's avatar
Dominik Hebeler committed
89
      }