diff --git a/README.md b/README.md index 507196c..8759932 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,7 @@ minio: - **First Bucket Name**: The first bucket in the `buckets` list should match the `fullnameOverride` to ensure consistent bucket naming conventions. - **Ingress Configuration**: Make sure the `hosts` in the ingress section match your MinIO endpoint URL. + ## Storage Recommendation We **strongly recommend** using either **Amazon S3** or **MinIO** for object storage when deploying Lago. These solutions provide reliable, scalable storage that can be accessed by multiple pods without encountering issues. diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 7b900cc..13f06aa 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -73,12 +73,171 @@ spec: containers: - args: ["bundle", "exec", "rails", "s", "-b", "::"] env: + - name: RAILS_ENV + value: {{ .Values.api.rails.env }} + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: databaseUrl + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: redisUrl + - name: LAGO_REDIS_CACHE_URL + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: redisUrl + - name: LAGO_PDF_URL + {{- $pdfHost := printf "%s-pdf-svc.%s" .Release.Name .Release.Namespace}} + value: {{ printf "http://%s:%v" $pdfHost .Values.pdf.service.port | quote }} + - name: LAGO_API_URL + value: {{ required "apiUrl value is required" .Values.apiUrl | quote }} + - name: LAGO_FRONT_URL + value: {{ required "frontUrl value is required" .Values.frontUrl | quote }} + - name: LAGO_SIDEKIQ_WEB + value: {{ .Values.api.sidekiqWeb.enabled | quote }} + - name: RAILS_LOG_TO_STDOUT + value: {{ .Values.api.rails.logStdout | quote }} + - name: LAGO_RSA_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: rsaPrivateKey + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: secretKeyBase + - name: ENCRYPTION_DETERMINISTIC_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: encryptionDeterministicKey + - name: ENCRYPTION_KEY_DERIVATION_SALT + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: encryptionKeyDerivationSalt + - name: ENCRYPTION_PRIMARY_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: encryptionPrimaryKey + - name: LAGO_DISABLE_SEGMENT + value: {{ not .Values.global.segment.enabled | quote }} + - name: LAGO_DISABLE_SIGNUP + value: {{ not .Values.global.signup.enabled | quote }} + - name: DATABASE_POOL + value: {{ mul .Values.api.rails.maxThreads .Values.api.rails.webConcurrency | quote }} + - name: RAILS_MAX_THREADS + value: {{ .Values.api.rails.maxThreads | quote }} + - name: RAILS_MIN_THREADS + value: "0" + - name: SIDEKIQ_EVENTS + value: "true" + - name: WEB_CONCURRENCY + value: {{ .Values.api.rails.webConcurrency | quote }} + - name: LAGO_LOG_LEVEL + value: {{ .Values.api.rails.logLevel | quote }} {{- with .Values.api.extraEnv }} {{- range $key, $value := . }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} {{- end }} + {{ if .Values.global.license }} + - name: LAGO_LICENSE + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: license + {{ end }} + {{ if or .Values.global.s3.enabled .Values.minio.enabled }} + - name: LAGO_USE_AWS_S3 + value: "true" + {{- if .Values.minio.enabled }} + - name: LAGO_AWS_S3_PATH_STYLE + value: "true" + {{- end }} + {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} + - name: LAGO_AWS_S3_ENDPOINT + value: {{ if .Values.minio.enabled }} + {{ .Values.minio.endpoint | quote }} + {{ else }} + {{ .Values.global.s3.endpoint | quote }} + {{ end }} + {{ end }} + {{ if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} + - name: LAGO_AWS_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio + {{ else }} + {{ include "secret-path" . }} + {{ end }} + key: {{ if .Values.minio.enabled }} + rootUser + {{ else }} + awsS3AccessKeyId + {{ end }} + {{ end }} + {{ if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} + - name: LAGO_AWS_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio + {{ else }} + {{ include "secret-path" . }} + {{ end }} + key: {{ if .Values.minio.enabled }} + rootPassword + {{ else }} + awsS3SecretAccessKey + {{ end }} + {{ end }} + - name: LAGO_AWS_S3_BUCKET + value: {{ if .Values.minio.enabled }} + {{ (index .Values.minio.buckets 0).name | quote }} + {{ else }} + {{ .Values.global.s3.bucket | quote }} + {{ end }} + - name: LAGO_AWS_S3_REGION + value: {{ if .Values.global.s3.enabled }} + {{ .Values.global.s3.region | quote }} + {{ else if .Values.minio.enabled }} + {{ default "us-east-1" .Values.minio.region | quote }} + {{ end }} + {{ end }} + {{ if .Values.global.smtp.enabled }} + - name: LAGO_FROM_EMAIL + value: {{ .Values.global.smtp.fromEmail }} + - name: LAGO_SMTP_ADDRESS + value: {{ .Values.global.smtp.address }} + - name: LAGO_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: smtpUsername + - name: LAGO_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: smtpPassword + - name: LAGO_SMTP_PORT + value: "{{ .Values.global.smtp.port }}" + {{ end }} + {{ if .Values.global.newRelic.enabled }} + - name: NEW_RELIC_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: newRelicKey + {{ end }} image: getlago/api:v{{ .Values.version }} name: {{ .Release.Name }}-api ports: