odoo-tower/instance-template-v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
instance-template-v3/values.yaml
git_admin 3a63da9609 Backups: pg_dump → S3 (MEGA S4); drop local PVC
2026-04-26 21:17:34 +03:00

114 lines
4.1 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# OdooSky v3 instance-template-v3 — default values.
#
# Per-tenant overlay repos override only the keys that differ from these
# defaults. Keep this file as the single source of truth for what an
# Odoo instance looks like by default; do not duplicate defaults in the
# overlay schema or in Tower-Go.
instance:
# Short slug used in K8s object names + as the Helm release name.
# Must be DNS-safe (lowercase, no underscores, <= 40 chars).
code: demo
# The full HTTPS hostname this instance answers on.
# Tenants live under *.tenants.odoosky.org (covered by wildcard DNS A).
domain: demo.tenants.odoosky.org
# Named size — looked up against the `sizes` table below to derive
# CPU / memory limits + Odoo workers. Per-tenant overlays only need
# `instance.size: medium` (etc); they don't have to know the numbers.
size: small
# The named-size table. Single source of truth for what each instance
# tier actually gets. Adjust here, ALL future instances pick up the
# new defaults on next reconcile. Existing instances keep their
# previously-rendered manifests until ArgoCD re-syncs.
#
# Anchored loosely on v2's tested defaults:
# tiny — dev/preview, 1 user
# small — 515 users, default
# medium — 1550 users
# large — 50150 users
sizes:
tiny:
odoo:
requests: { memory: 256Mi, cpu: 100m }
limits: { memory: 1Gi, cpu: "1" }
postgres:
requests: { memory: 128Mi, cpu: 50m }
limits: { memory: 256Mi, cpu: 500m }
small:
odoo:
requests: { memory: 512Mi, cpu: 250m }
limits: { memory: 2Gi, cpu: "2" }
postgres:
requests: { memory: 256Mi, cpu: 100m }
limits: { memory: 1Gi, cpu: "1" }
medium:
odoo:
requests: { memory: 1Gi, cpu: 500m }
limits: { memory: 4Gi, cpu: "4" }
postgres:
requests: { memory: 512Mi, cpu: 250m }
limits: { memory: 2Gi, cpu: "2" }
large:
odoo:
requests: { memory: 2Gi, cpu: "1" }
limits: { memory: 8Gi, cpu: "6" }
postgres:
requests: { memory: 1Gi, cpu: 500m }
limits: { memory: 4Gi, cpu: "3" }
odoo:
image: odoo
tag: "18.0"
# Filestore PVC size (Odoo's /var/lib/odoo).
filestoreSize: 10Gi
postgres:
image: postgres
tag: "16-alpine"
user: odoo
database: postgres
# If empty, the chart auto-generates on first install and re-reads
# the existing Secret on subsequent upgrades (lookup pattern).
password: ""
storage: 10Gi
backups:
enabled: true
# Cron schedule for the automatic backup job. Default 03:00 UTC
# daily — quiet hour for most timezones, non-business in EU/US/AS.
schedule: "0 3 * * *"
# How many dumps to retain in S3. The backup job prunes older
# objects matching the instance's prefix on every successful run.
retain: 7
# S3-compatible destination. The endpoint + region + bucket are
# NON-secret and live in this committed values.yaml; the AWS
# credentials live in a K8s Secret named by `credentialsSecret`,
# provisioned out-of-band by Tower's bootstrap script (which reads
# from OpenBao). The chart never sees access/secret keys directly.
s3:
endpoint: https://s3.eu-central-1.s4.mega.io
region: eu-central-1
bucket: odoosky-v3-backups
# Per-instance S3 key prefix. Each instance writes under its own
# code/ subdirectory inside the shared bucket.
prefix: "{{ .Values.instance.code }}"
# Name of the K8s Secret holding AWS_ACCESS_KEY_ID +
# AWS_SECRET_ACCESS_KEY. Mounted via envFrom on the backup Job.
credentialsSecret: s3-backup-creds
ingress:
# Traefik entrypoint name (set on the Traefik install in the
# `traefik` namespace).
entryPoint: websecure
# The pre-provisioned wildcard cert for *.tenants.odoosky.org —
# one Certificate resource issued ONCE in the chart's release
# namespace, then every instance's IngressRoute references the
# resulting Secret. Avoids Let's Encrypt's per-week certificate
# issuance ceiling (50/week/registered-domain) as we scale to
# many tenants.
#
# See infrastructure/cluster/wildcard-cert.yaml for the
# provisioning manifest.
tlsSecret: tenants-wildcard-tls
Reference in New Issue View Git Blame Copy Permalink