skuser
/
chart-aex


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
							# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
# ECR pulls are authenticated via the node IAM role (or IRSA on the service account),
# so no imagePullSecrets entry is required for the ECR repositories below.
imagePullSecrets: []
# This is to override the chart name.
nameOverride: ""
fullnameOverride: ""

# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
  # Specifies whether a service account should be created.
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account.
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template.
  name: ""

# Pod-level security context shared by every component (component-level overrides win).
podSecurityContext:
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault

# Container-level security context shared by every component (component-level overrides win).
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL

# RDS endpoint host:port consumed by the backend Secret below.
# Replace `aex.<...>.rds.amazonaws.com` with the actual RDS writer endpoint.
rds:
  host: skinc-aiagent-dev-main-postgresql.cn8yeeaaa1s1.ap-northeast-2.rds.amazonaws.com
  port: 5432
  database: aiagtmpn_dev

# Components served by this chart. Each entry produces its own Deployment, Service, and (optional) HPA.
# The Ingress below references components by key (e.g. `frontend`, `backend`).
components:
  # Frontend (aex_ft) — serves all traffic that does not match /api.
  frontend:
    # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
    replicaCount: 1
    # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
    image:
      repository: 406005162200.dkr.ecr.ap-northeast-2.amazonaws.com/aex/ft
      # This sets the pull policy for images.
      pullPolicy: IfNotPresent
      # Overrides the image tag whose default is the chart appVersion.
      tag: "0.0.0c"
    # nginx in the frontend image listens on 8080 (see sk_private_front/docker/nginx.conf).
    # Service exposes port 80 and targets the named container port `http` → 8080.
    containerPort: 8080
    # This is for setting Kubernetes Annotations to a Pod.
    podAnnotations: {}
    # This is for setting Kubernetes Labels to a Pod.
    podLabels: {}
    # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
    service:
      type: ClusterIP
      port: 80
    # readOnlyRootFilesystem requires writable mounts for nginx cache and pid file.
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
          - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      runAsUser: 101
      runAsGroup: 101
    # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
    livenessProbe:
      httpGet:
        path: /
        port: http
    readinessProbe:
      httpGet:
        path: /
        port: http
    # Minimal requests so the scheduler can place the pod; no limits to keep the test deploy permissive.
    resources:
      requests:
        cpu: 50m
        memory: 64Mi
    # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
    autoscaling:
      enabled: false
      minReplicas: 1
      maxReplicas: 100
      targetCPUUtilizationPercentage: 80
      # targetMemoryUtilizationPercentage: 80
    # Writable scratch dirs required because the rootfs is read-only.
    # /run is needed because the upstream nginx.conf writes its pid file there
    # (the Dockerfile's sed targets /var/run/... and misses the actual /run/...).
    volumes:
      - name: nginx-cache
        emptyDir: {}
      - name: nginx-tmp
        emptyDir: {}
      - name: nginx-run
        emptyDir: {}
    volumeMounts:
      - name: nginx-cache
        mountPath: /var/cache/nginx
      - name: nginx-tmp
        mountPath: /tmp
      - name: nginx-run
        mountPath: /run

  # Backend (aex_bn) — serves traffic under /api.
  backend:
    replicaCount: 1
    image:
      repository: 406005162200.dkr.ecr.ap-northeast-2.amazonaws.com/aex/bn
      pullPolicy: IfNotPresent
      tag: "0.0.0c"
    containerPort: 8000
    podAnnotations: {}
    podLabels: {}
    service:
      type: ClusterIP
      port: 8000
    # uvicorn user `app` is uid/gid 1000 in sk_private/docker/dockerfile.
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
          - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
    livenessProbe:
      httpGet:
        path: /health
        port: http
    readinessProbe:
      httpGet:
        path: /health
        port: http
    resources:
      requests:
        cpu: 100m
        memory: 256Mi
    autoscaling:
      enabled: false
      minReplicas: 1
      maxReplicas: 100
      targetCPUUtilizationPercentage: 80
    # /tmp scratch for read-only rootfs (Python may write caches/temp files).
    volumes:
      - name: tmp
        emptyDir: {}
    volumeMounts:
      - name: tmp
        mountPath: /tmp
    # Pull configuration from the Secret rendered below.
    envFrom:
      - secretRef:
          name: '{{ include "chart.componentFullname" (dict "root" $ "name" "backend") }}'
      - configMapRef:
          name: '{{ include "chart.componentFullname" (dict "root" $ "name" "backend") }}-config'
    # Secret consumed by the backend; rendered as <release>-<chart>-backend.
    configMap:
      data:
        APP_LOG_LEVEL: DEBUG
    # APP_DATABASE_URL points at the AWS RDS endpoint configured under .Values.rds.
    secret:
      stringData:
        APP_DATABASE_URL: 'postgresql+asyncpg://aex_dev:qct6mjpiqo@{{ $.Values.rds.host }}:{{ $.Values.rds.port }}/{{ $.Values.rds.database }}'
        APP_DATABASE_SCHEMA: aex_sch

# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
# AWS Load Balancer Controller provisions an ALB from this resource.
ingressBackend:
  enabled: true
  className: alb-custom
  annotations:
    # alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group.name: "appl"
    alb.ingress.kubernetes.io/load-balancer-name: skinc-inc-lb-dev-test-2
    alb.ingress.kubernetes.io/target-type: "ip"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-path: /health
    alb.ingress.kubernetes.io/healthcheck-port: "8000"
  hosts:
    # host를 비우면 ALB가 모든 Host 헤더에 대해 매칭 → ALB DNS로 직접 접속 가능.
    # 운영 단계에서는 실제 도메인(예: aex.example.com)을 넣고 Route53 ALIAS 등록 권장.
    - host: "aex.dev.skinc.co.kr"
      paths:
        - path: /api
          pathType: Prefix
          component: backend
  tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #     - chart-example.local
ingressFrontend:
  enabled: true
  className: alb-custom
  annotations:
    # alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/group.name: "appl"
    alb.ingress.kubernetes.io/load-balancer-name: skinc-inc-lb-dev-test-2
    alb.ingress.kubernetes.io/target-type: "ip"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/healthcheck-port: "80"
  hosts:
    # host를 비우면 ALB가 모든 Host 헤더에 대해 매칭 → ALB DNS로 직접 접속 가능.
    # 운영 단계에서는 실제 도메인(예: aex.example.com)을 넣고 Route53 ALIAS 등록 권장.
    - host: "aex.dev.skinc.co.kr"
      paths:
        - path: /
          pathType: Prefix
          component: frontend
  tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #     - chart-example.local

# -- Expose the services via gateway-api HTTPRoute
# Disabled — routing is handled by the ALB Ingress above.
httpRoute:
  enabled: false
  annotations: {}
  parentRefs:
    - name: gateway
      sectionName: http
  hostnames:
    - aex.sk-inc.local
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /api
      backendRefs:
        - component: backend
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - component: frontend

nodeSelector: {}

tolerations: []

affinity: {}