# Default values for orchard replicaCount: 1 image: repository: registry.global.bsf.tools/esv/bsf/bsf-integration/orchard/orchard-mvp pullPolicy: Always tag: "latest" # Defaults to chart appVersion imagePullSecrets: - name: orchard-pull-secret # Init container image (used for wait-for-db, wait-for-minio) initContainer: image: repository: containers.global.bsf.tools/busybox tag: "1.36" pullPolicy: IfNotPresent serviceAccount: create: true automount: true annotations: {} name: "orchard" podAnnotations: {} podLabels: {} podSecurityContext: {} securityContext: readOnlyRootFilesystem: false # Python needs to write __pycache__ runAsNonRoot: true runAsUser: 1000 service: type: ClusterIP port: 8080 ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt" hosts: - host: orchard-dev.common.global.bsf.tools paths: - path: / pathType: Prefix tls: - secretName: orchard-tls hosts: - orchard-dev.common.global.bsf.tools resources: limits: cpu: 500m memory: 768Mi requests: cpu: 500m memory: 768Mi livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 5 periodSeconds: 5 autoscaling: enabled: false minReplicas: 1 maxReplicas: 10 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # Orchard server configuration orchard: server: host: "0.0.0.0" port: 8080 # Database configuration (used when postgresql.enabled is false) database: host: "" port: 5432 user: orchard password: "" dbname: orchard sslmode: disable existingSecret: "" existingSecretPasswordKey: "password" # S3 configuration (used when minio.enabled is false) s3: endpoint: "" region: us-east-1 bucket: orchard-artifacts accessKeyId: "" secretAccessKey: "" usePathStyle: true existingSecret: "" existingSecretAccessKeyKey: "access-key-id" existingSecretSecretKeyKey: "secret-access-key" # Download configuration download: mode: "presigned" # presigned, redirect, or proxy presignedUrlExpiry: 3600 # Presigned URL expiry in seconds # PyPI Cache Worker settings pypiCache: workers: 2 # Number of concurrent cache workers (reduced to limit memory usage) maxDepth: 10 # Maximum recursion depth for dependency caching maxAttempts: 3 # Maximum retry attempts for failed cache tasks # Authentication settings auth: # Option 1: Plain admin password (creates K8s secret) adminPassword: "" # Option 2: Use existing K8s secret (must have 'admin-password' key) existingSecret: "" # Option 3: AWS Secrets Manager # secretsManager: # enabled: false # secretArn: "" # Secret must have 'admin_password' field # PostgreSQL subchart configuration postgresql: enabled: true image: registry: containers.global.bsf.tools repository: bitnami/postgresql tag: "15" pullPolicy: IfNotPresent auth: username: orchard password: orchard-password database: orchard primary: persistence: enabled: false size: 10Gi # MinIO subchart configuration minio: enabled: true image: registry: containers.global.bsf.tools repository: bitnami/minio tag: "latest" pullPolicy: IfNotPresent auth: rootUser: minioadmin rootPassword: minioadmin defaultBuckets: "orchard-artifacts" persistence: enabled: false size: 50Gi # MinIO external ingress for presigned URL access (separate from subchart ingress) minioIngress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt" nginx.ingress.kubernetes.io/proxy-body-size: "0" # Disable body size limit for uploads host: "minio-orch-dev.common.global.bsf.tools" tls: enabled: true secretName: minio-tls # Redis subchart configuration (for future caching) redis: enabled: false image: registry: containers.global.bsf.tools repository: bitnami/redis tag: "7.2" pullPolicy: IfNotPresent auth: enabled: true password: redis-password architecture: standalone master: persistence: enabled: true size: 1Gi # Wait for database before starting (SQLAlchemy creates tables on startup) waitForDatabase: true global: security: allowInsecureImages: true