# Values for feature branch deployments (ephemeral dev environments) # Hostnames are overridden by CI pipeline via --set flags replicaCount: 1 image: repository: registry.global.bsf.tools/esv/bsf/bsf-integration/orchard/orchard-mvp pullPolicy: Always tag: "latest" # Overridden by CI imagePullSecrets: - name: orchard-pull-secret initContainer: image: repository: containers.global.bsf.tools/busybox tag: "1.36" pullPolicy: IfNotPresent serviceAccount: create: true automount: true annotations: {} name: "" # Auto-generated based on release name podAnnotations: {} podLabels: {} podSecurityContext: {} securityContext: readOnlyRootFilesystem: false runAsNonRoot: true runAsUser: 1000 service: type: ClusterIP port: 8080 # Ingress - hostnames overridden by CI pipeline ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt" nginx.ingress.kubernetes.io/proxy-body-size: "0" # Disable body size limit for uploads hosts: - host: orchard-dev.common.global.bsf.tools # Overridden by CI paths: - path: / pathType: Prefix tls: - secretName: orchard-tls # Overridden by CI hosts: - orchard-dev.common.global.bsf.tools # Overridden by CI # Lighter resources for ephemeral environments # Note: memory requests must equal limits per cluster policy resources: limits: cpu: 250m memory: 256Mi requests: cpu: 100m memory: 256Mi livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 5 periodSeconds: 5 autoscaling: enabled: false nodeSelector: {} tolerations: [] affinity: {} orchard: server: host: "0.0.0.0" port: 8080 database: host: "" port: 5432 user: orchard password: "" dbname: orchard sslmode: disable existingSecret: "" existingSecretPasswordKey: "password" s3: endpoint: "" region: us-east-1 bucket: orchard-artifacts accessKeyId: "" secretAccessKey: "" usePathStyle: true existingSecret: "" existingSecretAccessKeyKey: "access-key-id" existingSecretSecretKeyKey: "secret-access-key" download: mode: "presigned" presignedUrlExpiry: 3600 # Relaxed rate limits for dev/feature environments (allows integration tests to run) rateLimit: login: "1000/minute" # Default is 5/minute, relaxed for CI integration tests # PostgreSQL - ephemeral, no persistence postgresql: enabled: true image: registry: containers.global.bsf.tools repository: bitnami/postgresql tag: "15" pullPolicy: IfNotPresent auth: username: orchard password: orchard-password database: orchard primary: persistence: enabled: false # Resources with memory requests = limits per cluster policy resourcesPreset: "none" resources: limits: cpu: 250m memory: 256Mi requests: cpu: 100m memory: 256Mi # Volume permissions init container volumePermissions: resourcesPreset: "none" resources: limits: cpu: 50m memory: 64Mi requests: cpu: 10m memory: 64Mi # MinIO - ephemeral, no persistence minio: enabled: true image: registry: containers.global.bsf.tools repository: bitnami/minio tag: "latest" pullPolicy: IfNotPresent auth: rootUser: minioadmin rootPassword: minioadmin defaultBuckets: "orchard-artifacts" persistence: enabled: false # Resources with memory requests = limits per cluster policy resourcesPreset: "none" # Disable preset to use explicit resources resources: limits: cpu: 250m memory: 256Mi requests: cpu: 100m memory: 256Mi # Init container resources defaultInitContainers: volumePermissions: resourcesPreset: "none" resources: limits: cpu: 50m memory: 64Mi requests: cpu: 10m memory: 64Mi # Provisioning job resources provisioning: resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 128Mi # MinIO ingress - hostname overridden by CI minioIngress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt" nginx.ingress.kubernetes.io/proxy-body-size: "0" host: "minio-dev.common.global.bsf.tools" # Overridden by CI tls: enabled: true secretName: minio-tls # Overridden by CI redis: enabled: false waitForDatabase: true global: security: allowInsecureImages: true