# ── Replica count ───────────────────────────────────────────────────────────── replicaCount: 1 # ── Image ───────────────────────────────────────────────────────────────────── image: repository: errorlab # override with your registry, e.g. ghcr.io/dvirl/errorlab tag: master-5a3d738 pullPolicy: IfNotPresent imagePullSecrets: [] # ── Service ─────────────────────────────────────────────────────────────────── service: type: ClusterIP port: 80 # ── Ingress ─────────────────────────────────────────────────────────────────── ingress: enabled: true className: nginx # set to your ingress class (e.g. "nginx", "traefik") annotations: {} # cert-manager.io/cluster-issuer: letsencrypt-prod # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" hosts: - host: errorlab.lab # replace with your actual hostname paths: - path: / pathType: Prefix tls: [] # - secretName: errorlab-tls # hosts: # - errorlab.lab # ── Resources ───────────────────────────────────────────────────────────────── resources: requests: cpu: 10m memory: 32Mi limits: cpu: 100m memory: 64Mi # ── Pod settings ────────────────────────────────────────────────────────────── podAnnotations: {} podLabels: {} podSecurityContext: runAsNonRoot: true runAsUser: 101 # nginx user in nginx:alpine fsGroup: 101 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false # nginx needs to write to /var/cache/nginx capabilities: drop: - ALL # ── Probes ──────────────────────────────────────────────────────────────────── livenessProbe: httpGet: path: / port: http initialDelaySeconds: 5 periodSeconds: 20 readinessProbe: httpGet: path: / port: http initialDelaySeconds: 3 periodSeconds: 10 # ── Autoscaling (disabled by default for a static site) ─────────────────────── autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 # ── Misc ────────────────────────────────────────────────────────────────────── nameOverride: "" fullnameOverride: "" nodeSelector: {} tolerations: [] affinity: {}