95 lines
2.4 KiB
YAML
95 lines
2.4 KiB
YAML
# Production overrides for veylant-proxy Helm chart.
|
|
# Apply with: helm upgrade veylant-proxy-blue deploy/helm/veylant-proxy \
|
|
# -f deploy/helm/veylant-proxy/values-production.yaml \
|
|
# -f deploy/helm/veylant-proxy/values-blue.yaml \
|
|
# --set image.tag=$IMAGE_TAG
|
|
|
|
# 3 replicas — 1 per Availability Zone (eu-west-3a/3b/3c).
|
|
replicaCount: 3
|
|
|
|
# Deployment slot (overridden at deploy time by values-blue.yaml / values-green.yaml).
|
|
slot: blue
|
|
|
|
image:
|
|
repository: ghcr.io/veylant/ia-gateway
|
|
pullPolicy: IfNotPresent
|
|
tag: "" # Set via --set image.tag=$GITHUB_SHA
|
|
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8090
|
|
|
|
# Production resource profile — tuned for t3.medium nodes.
|
|
resources:
|
|
requests:
|
|
cpu: 250m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 512Mi
|
|
|
|
# HPA enabled for production — scales between 3 and 15 replicas.
|
|
autoscaling:
|
|
enabled: true
|
|
minReplicas: 3
|
|
maxReplicas: 15
|
|
targetCPUUtilizationPercentage: 70
|
|
targetMemoryUtilizationPercentage: 80
|
|
|
|
# Application configuration — production settings.
|
|
config:
|
|
server:
|
|
port: 8090
|
|
shutdown_timeout_seconds: 30
|
|
env: production
|
|
allowed_origins:
|
|
- "https://dashboard.veylant.ai"
|
|
log:
|
|
level: warn # Reduced verbosity in production; errors + warnings only
|
|
format: json
|
|
pii:
|
|
enabled: true
|
|
fail_open: false # PII failure blocks request in production
|
|
timeout_ms: 100
|
|
metrics:
|
|
enabled: true
|
|
path: /metrics
|
|
|
|
# Secret references — created via Vault Agent Injector annotations.
|
|
secrets:
|
|
openaiApiKeySecretName: veylant-proxy-secrets
|
|
openaiApiKeySecretKey: openai-api-key
|
|
databaseUrlSecretName: veylant-proxy-secrets
|
|
databaseUrlSecretKey: database-url
|
|
|
|
# Enable Prometheus ServiceMonitor for production scraping.
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
interval: 15s
|
|
path: /metrics
|
|
|
|
# Pod topology spread — ensure pods spread across AZs.
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: topology.kubernetes.io/zone
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: veylant-proxy
|
|
|
|
# Pod anti-affinity — avoid co-location on same node.
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: veylant-proxy
|
|
topologyKey: kubernetes.io/hostname
|