2828 containerPort : {{ .Values.service.port }}
2929 protocol : TCP
3030 env :
31+ # ---- Core ------------------------------------------------------
3132 - name : NODE_ENV
3233 value : {{ .Values.config.nodeEnv | quote }}
3334 - name : PORT
3839 value : {{ .Values.config.corsOrigin | quote }}
3940 - name : JWT_EXPIRY
4041 value : {{ .Values.config.jwtExpiry | quote }}
42+ {{- if .Values.config.appUrl }}
43+ - name : APP_URL
44+ value : {{ .Values.config.appUrl | quote }}
45+ {{- end }}
46+
47+ # ---- Database --------------------------------------------------
4148 - name : DATABASE_PROVIDER
4249 value : {{ .Values.database.provider | quote }}
50+ {{- if eq .Values.database.provider "pglite" }}
51+ - name : PGLITE_DATA_DIR
52+ value : {{ .Values.config.pgliteDataDir | quote }}
53+ {{- end }}
4354 {{- if eq .Values.database.provider "postgres" }}
4455 {{- if .Values.database.bundled.enabled }}
4556 - name : DATABASE_URL
@@ -54,11 +65,134 @@ spec:
5465 name : {{ .Values.database.external.existingSecret | default (printf "%s-db" (include "assessors-studio.fullname" .)) }}
5566 key : {{ .Values.database.external.existingSecretPasswordKey }}
5667 {{- end }}
68+
69+ # ---- Auth (JWT) ------------------------------------------------
5770 - name : JWT_SECRET
5871 valueFrom :
5972 secretKeyRef :
6073 name : {{ .Values.secrets.jwtSecretName | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
6174 key : {{ .Values.secrets.jwtSecretKey }}
75+
76+ # ---- Initial admin user ---------------------------------------
77+ - name : ADMIN_USERNAME
78+ value : {{ .Values.admin.username | quote }}
79+ - name : ADMIN_EMAIL
80+ value : {{ .Values.admin.email | quote }}
81+ {{- if .Values.admin.displayName }}
82+ - name : ADMIN_DISPLAY_NAME
83+ value : {{ .Values.admin.displayName | quote }}
84+ {{- end }}
85+ - name : ADMIN_PASSWORD
86+ valueFrom :
87+ secretKeyRef :
88+ name : {{ .Values.admin.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
89+ key : {{ .Values.admin.existingSecretPasswordKey }}
90+
91+ # ---- Evidence storage -----------------------------------------
92+ - name : STORAGE_PROVIDER
93+ value : {{ .Values.storage.provider | quote }}
94+ - name : UPLOAD_MAX_FILE_SIZE
95+ value : {{ .Values.storage.uploadMaxFileSize | quote }}
96+ {{- if eq .Values.storage.provider "s3" }}
97+ - name : S3_BUCKET
98+ value : {{ .Values.storage.s3.bucket | quote }}
99+ - name : S3_REGION
100+ value : {{ .Values.storage.s3.region | quote }}
101+ {{- if .Values.storage.s3.endpoint }}
102+ - name : S3_ENDPOINT
103+ value : {{ .Values.storage.s3.endpoint | quote }}
104+ {{- end }}
105+ - name : S3_FORCE_PATH_STYLE
106+ value : {{ .Values.storage.s3.forcePathStyle | quote }}
107+ - name : S3_ACCESS_KEY_ID
108+ valueFrom :
109+ secretKeyRef :
110+ name : {{ .Values.storage.s3.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
111+ key : {{ .Values.storage.s3.existingSecretAccessKeyIdKey }}
112+ - name : S3_SECRET_ACCESS_KEY
113+ valueFrom :
114+ secretKeyRef :
115+ name : {{ .Values.storage.s3.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
116+ key : {{ .Values.storage.s3.existingSecretSecretAccessKeyKey }}
117+ {{- end }}
118+
119+ # ---- Webhook channel ------------------------------------------
120+ - name : WEBHOOK_ENABLED
121+ value : {{ .Values.notifications.webhook.enabled | quote }}
122+ - name : WEBHOOK_TIMEOUT
123+ value : {{ .Values.notifications.webhook.timeout | quote }}
124+ - name : WEBHOOK_MAX_RETRIES
125+ value : {{ .Values.notifications.webhook.maxRetries | quote }}
126+ - name : WEBHOOK_DELIVERY_RETENTION_DAYS
127+ value : {{ .Values.notifications.webhook.deliveryRetentionDays | quote }}
128+
129+ # ---- SMTP channel ---------------------------------------------
130+ - name : SMTP_ENABLED
131+ value : {{ .Values.notifications.smtp.enabled | quote }}
132+ {{- if .Values.notifications.smtp.enabled }}
133+ - name : SMTP_HOST
134+ value : {{ .Values.notifications.smtp.host | quote }}
135+ - name : SMTP_PORT
136+ value : {{ .Values.notifications.smtp.port | quote }}
137+ - name : SMTP_SECURE
138+ value : {{ .Values.notifications.smtp.secure | quote }}
139+ {{- if .Values.notifications.smtp.user }}
140+ - name : SMTP_USER
141+ value : {{ .Values.notifications.smtp.user | quote }}
142+ - name : SMTP_PASS
143+ valueFrom :
144+ secretKeyRef :
145+ name : {{ .Values.notifications.smtp.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
146+ key : {{ .Values.notifications.smtp.existingSecretPasswordKey }}
147+ {{- end }}
148+ {{- if .Values.notifications.smtp.from }}
149+ - name : SMTP_FROM
150+ value : {{ .Values.notifications.smtp.from | quote }}
151+ {{- end }}
152+ - name : SMTP_TLS_REJECT_UNAUTHORIZED
153+ value : {{ .Values.notifications.smtp.tlsRejectUnauthorized | quote }}
154+ {{- end }}
155+
156+ # ---- Chat channels --------------------------------------------
157+ - name : SLACK_ENABLED
158+ value : {{ .Values.notifications.chat.slackEnabled | quote }}
159+ - name : TEAMS_ENABLED
160+ value : {{ .Values.notifications.chat.teamsEnabled | quote }}
161+ - name : MATTERMOST_ENABLED
162+ value : {{ .Values.notifications.chat.mattermostEnabled | quote }}
163+ - name : CHAT_TIMEOUT
164+ value : {{ .Values.notifications.chat.timeout | quote }}
165+ - name : CHAT_DELIVERY_RETENTION_DAYS
166+ value : {{ .Values.notifications.chat.deliveryRetentionDays | quote }}
167+
168+ # ---- Prometheus metrics ---------------------------------------
169+ - name : METRICS_ENABLED
170+ value : {{ .Values.metrics.enabled | quote }}
171+ {{- if .Values.metrics.enabled }}
172+ - name : METRICS_PREFIX
173+ value : {{ .Values.metrics.prefix | quote }}
174+ - name : METRICS_DOMAIN_REFRESH_INTERVAL
175+ value : {{ .Values.metrics.domainRefreshInterval | quote }}
176+ {{- if or .Values.metrics.existingSecret .Values.metrics.token }}
177+ - name : METRICS_TOKEN
178+ valueFrom :
179+ secretKeyRef :
180+ name : {{ .Values.metrics.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
181+ key : {{ .Values.metrics.existingSecretTokenKey }}
182+ {{- end }}
183+ {{- end }}
184+
185+ # ---- Encryption at rest ---------------------------------------
186+ - name : REQUIRE_ENCRYPTION
187+ value : {{ .Values.encryption.require | quote }}
188+ {{- if or .Values.encryption.existingSecret .Values.encryption.masterKey }}
189+ - name : MASTER_ENCRYPTION_KEY
190+ valueFrom :
191+ secretKeyRef :
192+ name : {{ .Values.encryption.existingSecret | default (printf "%s-secrets" (include "assessors-studio.fullname" .)) }}
193+ key : {{ .Values.encryption.existingSecretMasterKeyKey }}
194+ {{- end }}
195+
62196 {{- with .Values.securityContext }}
63197 securityContext :
64198 {{- toYaml . | nindent 12 }}
0 commit comments