Symfony-Azure-AKS-Helm-Deployment-Template/values.yaml at main · JamesFNGibbons/Symfony-Azure-AKS-Helm-Deployment-Template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# Copyright (C) 2024 James Gibbons <jgibbons@121digital.co.uk>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

replicaCount: 1

# Image pull secrets for private registries
imagePullSecrets: []
  # - name: ghcr-secret

# Azure Configuration (general Azure settings)
azure:
  tenantId: "<YOUR-AZURE-TENANT-ID>"  # Azure tenant ID (used for all Azure services)
  managedIdentityClientId: "<YOUR-MANAGED-IDENTITY-CLIENT-ID>"  # Managed identity for Workload Identity (used for Key Vault, Storage, Service Bus, etc.)

# Azure Key Vault Configuration
# This chart includes Azure Key Vault integration via Workload Identity
# Make sure you have:
# 1. Azure Key Vault with your secrets
# 2. Managed Identity configured in Azure
# 3. Workload Identity configured in your Kubernetes cluster
# 4. Federated identity credential linking the ServiceAccount to the Managed Identity
azureKeyVault:
  enabled: true
  keyVaultName: "<YOUR-KEY-VAULT-NAME>"  # Update with your Azure Key Vault name
  # Update this value (e.g., to current timestamp) to force secret refresh when Key Vault secrets change
  # Example: refreshToken: "20241210190000"
  refreshToken: ""
  secrets:
    # Map your Azure Key Vault secret names to Kubernetes secret keys
    # Format: keyVaultName is the secret name in Azure Key Vault
    #         kubernetesKey is the environment variable name in your pods
    - keyVaultName: "APP-SECRET"
      kubernetesKey: "APP_SECRET"
    - keyVaultName: "DB-PASSWORD"
      kubernetesKey: "DB_PASSWORD"
    - keyVaultName: "DB-NAME"
      kubernetesKey: "DB_NAME"
    - keyVaultName: "DB-USER"
      kubernetesKey: "DB_USER"
    - keyVaultName: "MAILER-DSN"
      kubernetesKey: "MAILER_DSN"
    - keyVaultName: "AWS-ACCESS-KEY-ID"
      kubernetesKey: "AWS_ACCESS_KEY_ID"
    - keyVaultName: "AWS-SECRET-ACCESS-KEY"
      kubernetesKey: "AWS_SECRET_ACCESS_KEY"
    # Add your custom secrets here
    # - keyVaultName: "YOUR-SECRET-NAME"
    #   kubernetesKey: "YOUR_ENV_VAR_NAME"

# MySQL configuration - KEEP THIS CA CERT (very important)
mysql:

  # MySQL CA certificate - KEEP THIS CA CERT (very important)
  # This is usually the same for most Azure MySQL instances, but check your Azure portal.
  caCert: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

deployments:
  php:
    replicas: 1
    image: "your-registry/your-app/php:latest"  # Update with your PHP image
    imagePullPolicy: Always

    # Resource requests and limits
    resources:
      requests:
        cpu: "100m"
        memory: "256Mi"
      limits:
        cpu: "500m"
        memory: "512Mi"

    env:
      # Symfony Core
      APP_ENV: "prod"  # Options: prod, dev, test
      APP_SECRET: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      APP_DEBUG: "0"

      # Database Configuration
      DB_HOST: "your-database-host.mysql.database.azure.com"  # Update with your database host
      DB_PORT: "3306"
      DB_NAME: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      DB_USER: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      DB_PASSWORD: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      MYSQL_CA_CERT: "/etc/ssl/certs/mysql-ca-cert.pem"
      MYSQL_SSL_VERIFY_SERVER_CERT: "true"

      # Mailer Configuration
      # For Azure Communication Services, use:
      # MAILER_DSN: "azure+api://ACS_RESOURCE_NAME:KEY@default"
      # For SMTP, use:
      # MAILER_DSN: "smtp://user:pass@smtp.example.com:587"
      # For local development with MailHog, use:
      # MAILER_DSN: "smtp://mailhog:1025"
      MAILER_DSN: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value

      # Default from address for all transactional emails
      MAILER_FROM: "noreply@example.com"  # Update with your default sender email
      MAILER_FROM_NAME: "My Symfony App"  # Update with your application name

      # Redis - Set to "REPLACED_BY_TEMPLATE" to use auto-generated service name, or set custom value
      REDIS_HOST: "REPLACED_BY_TEMPLATE"
      REDIS_PORT: "6379"

      # AWS S3 Configuration (optional - remove if not using S3)
      AWS_ACCESS_KEY_ID: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      AWS_SECRET_ACCESS_KEY: "_FROM_AZURE_KEYVAULT"  # Set to "_FROM_AZURE_KEYVAULT" to use Key Vault, or provide a value
      AWS_S3_REGION: "eu-west-1"  # Update with your S3 region
      AWS_S3_BUCKET: "your-bucket-name"  # Update with your S3 bucket name
      AWS_S3_ENDPOINT: ""  # Leave empty for AWS, or provide custom endpoint
      AWS_S3_URL: "https://your-bucket-name.s3.eu-west-1.amazonaws.com"  # Update with your S3 URL

      # Application specific
      DEST_HOME: "/var/www/app"

      DEFAULT_URI: "https://your-domain.com"  # Update with your application URL

      # Messenger Configuration
      MESSENGER_TRANSPORT_DSN: "doctrine://default?auto_setup=0"  # Uses Redis for transport

      # Add your custom environment variables here
      # EXAMPLE_API_KEY: "_FROM_AZURE_KEYVAULT"

  nginx:
    replicas: 1
    image: "your-registry/your-app/nginx:latest"  # Update with your Nginx image
    imagePullPolicy: Always

    # Resource requests and limits
    resources:
      requests:
        cpu: "100m"
        memory: "128Mi"
      limits:
        cpu: "250m"
        memory: "256Mi"

    ingress:
      enabled: true
      className: nginx
      host: "your-domain.com"  # Update with your domain
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: "/"
        cert-manager.io/cluster-issuer: letsencrypt-production  # Update with your cert-manager issuer
      tls:
        enabled: true
        secretName: symfony-app-tls  # Update with your TLS secret name

  redis:
    replicas: 1
    image: "redis:7-alpine"  # Using official Redis image, or update with your custom Redis image
    imagePullPolicy: Always

    # Resource requests and limits
    resources:
      requests:
        cpu: "50m"
        memory: "128Mi"
      limits:
        cpu: "200m"
        memory: "256Mi"