git.stella-ops.org/deploy/helm/stellaops/values-console.yaml

# Console (Angular SPA) values overlay
# Use: helm install stellaops . -f values-console.yaml

console:
  enabled: true
  image: registry.stella-ops.org/stellaops/console:2025.10.0-edge
  replicas: 1
  port: 8080

  # Backend API URL injected via config.json at startup
  apiBaseUrl: ""
  # Authority URL for OAuth/OIDC
  authorityUrl: ""
  # Tenant header name
  tenantHeader: "X-StellaOps-Tenant"

  # Resource limits (nginx is lightweight)
  resources:
    limits:
      cpu: "200m"
      memory: "128Mi"
    requests:
      cpu: "50m"
      memory: "64Mi"

  # Service configuration
  service:
    type: ClusterIP
    port: 80
    targetPort: 8080

  # Ingress configuration (enable for external access)
  ingress:
    enabled: false
    className: nginx
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: "10m"
    hosts:
      - host: console.local
        paths:
          - path: /
            pathType: Prefix
    tls: []

  # Health probes
  livenessProbe:
    httpGet:
      path: /
      port: 8080
    initialDelaySeconds: 10
    periodSeconds: 30
  readinessProbe:
    httpGet:
      path: /
      port: 8080
    initialDelaySeconds: 5
    periodSeconds: 10

  # Pod security context (non-root per DOCKER-44-001)
  securityContext:
    runAsNonRoot: true
    runAsUser: 101
    runAsGroup: 101
    fsGroup: 101

  # Container security context
  containerSecurityContext:
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
    capabilities:
      drop:
        - ALL

  # Volume mounts for nginx temp directories (RO rootfs)
  volumeMounts:
    - name: nginx-cache
      mountPath: /var/cache/nginx
    - name: nginx-run
      mountPath: /var/run
  volumes:
    - name: nginx-cache
      emptyDir: {}
    - name: nginx-run
      emptyDir: {}