trigger.dev/hosting/k8s/helm/values-production-example.yaml at 76772b95e45b0f48d2f93d99ab30a9acfd6da451 · triggerdotdev/trigger.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# Production values example for Trigger.dev v4 Helm chart
# Copy this file and customize for your production deployment

# REQUIRED: Generate your own secrets using: openssl rand -hex 16
secrets:
  sessionSecret: "YOUR_32_CHAR_HEX_SECRET_HERE_001"
  magicLinkSecret: "YOUR_32_CHAR_HEX_SECRET_HERE_002"
  encryptionKey: "YOUR_32_CHAR_HEX_SECRET_HERE_003"
  managedWorkerSecret: "YOUR_32_CHAR_HEX_SECRET_HERE_004"

# Production webapp configuration
webapp:
  # Origin configuration
  appOrigin: "https://trigger.example.com"
  loginOrigin: "https://trigger.example.com"
  apiOrigin: "https://trigger.example.com"

  # Production ingress
  ingress:
    enabled: true
    className: "nginx"
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
    hosts:
      - host: trigger.example.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: trigger-tls
        hosts:
          - trigger.example.com

  resources:
    limits:
      cpu: 2000m
      memory: 4Gi
    requests:
      cpu: 1000m
      memory: 2Gi

# Production PostgreSQL (or use external)
postgres:
  primary:
    persistence:
      enabled: true
      size: 100Gi
      storageClass: "fast-ssd"
    resources:
      limits:
        cpu: 1000m
        memory: 2Gi
      requests:
        cpu: 500m
        memory: 1Gi

# Production Redis (or use external)
redis:
  master:
    persistence:
      enabled: true
      size: 20Gi
      storageClass: "fast-ssd"
    resources:
      limits:
        cpu: 500m
        memory: 1Gi
      requests:
        cpu: 250m
        memory: 512Mi

# Production ClickHouse
clickhouse:
  # Set to true to enable TLS/secure connections in production
  secure: true
  persistence:
    enabled: true
    size: 100Gi
    storageClass: "fast-ssd"
  # ClickHouse can be very resource intensive, so we recommend setting limits and requests accordingly
  # Note: not doing this can cause OOM crashes which will cause issues across many different
  resources:
    limits:
      cpu: 4000m
      memory: 16Gi
    requests:
      cpu: 2000m
      memory: 8Gi

# Production S3-compatible object storage
s3:
  auth:
    rootUser: "admin"
    rootPassword: "your-strong-s3-password"
    # Webapp credentials for S3 access (can be different from root)
    accessKeyId: "your-access-key"
    secretAccessKey: "your-secret-key"
  persistence:
    enabled: true
    size: 500Gi
    storageClass: "standard"

# Production Registry
registry:
  repositoryNamespace: "mycompany" # Docker repository namespace for deployed images, will be part of the image ref
  auth:
    username: "registry-user"
    password: "your-strong-registry-password"
  persistence:
    enabled: true
    size: 100Gi
    storageClass: "standard"

  # Production ingress
  ingress:
    enabled: true
    className: "nginx"
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
    hosts:
      - host: registry.example.com
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: registry-tls
        hosts:
          - registry.example.com

# Production Supervisor (Kubernetes worker orchestrator)
supervisor:
  resources:
    limits:
      cpu: 500m
      memory: 1Gi
    requests:
      cpu: 250m
      memory: 512Mi
# Example: Use external PostgreSQL instead
# postgres:
#   deploy: false
#   connection:
#     sslMode: "require"  # Use 'require' or 'verify-full' for production
#   external:
#     # Database URL configuration - simplified approach using URLs
#     databaseUrl: "postgresql://trigger_user:your-db-password@your-postgres-host.rds.amazonaws.com:5432/trigger?schema=public&sslmode=require"
#     directUrl: ""  # Optional: Direct URL for migrations (if not set, databaseUrl will be used)
#     #
#     # Optional: Connectivity check configuration during webapp startup
#     connectivityCheck:
#       host: "your-postgres-host.rds.amazonaws.com:5432"
#     #
#     # Secure credential management (recommended for production)
#     # existingSecret: "postgres-credentials"  # Name of existing secret containing DATABASE_URL
#     # secretKeys:
#     #   databaseUrlKey: "postgres-database-url"  # Key in existing secret
#     #   directUrlKey: "postgres-direct-url"  # Key in existing secret (optional)

# Example: Use external Redis instead
# redis:
#   deploy: false
#   external:
#     host: "your-redis-cluster.cache.amazonaws.com"
#     port: 6379
#     password: "your-redis-password"  # Optional - ignored if existingSecret is set
#     tls:
#       enabled: true  # Set to true for Redis instances requiring TLS (e.g., AWS ElastiCache)
#     #
#     # Secure credential management (recommended for production)
#     # existingSecret: "redis-credentials"  # Name of existing secret containing password
#     # existingSecretPasswordKey: "redis-password"  # Key in existing secret containing password

# Example: Use external ClickHouse instead
# clickhouse:
#   deploy: false
#   external:
#     host: "your-clickhouse-host.cloud.provider.com"
#     httpPort: 8443  # Use 8443 for HTTPS
#     nativePort: 9440  # Use 9440 for secure native connections
#     username: "trigger_user"
#     password: "your-clickhouse-password"  # Optional - ignored if existingSecret is set
#     secure: true  # Use true for TLS/secure connections
#     #
#     # Secure credential management (recommended for production)
#     # existingSecret: "clickhouse-credentials"  # Name of existing secret containing password
#     # existingSecretKey: "clickhouse-password"  # Key in existing secret containing password

# Example: Use external S3-compatible storage instead
# s3:
#   deploy: false
#   external:
#     endpoint: "https://s3.amazonaws.com"  # or your S3-compatible endpoint
#     accessKeyId: "your-access-key"
#     secretAccessKey: "your-secret-key"
#     #
#     # Secure credential management (recommended for production)
#     # existingSecret: "s3-credentials"  # Name of existing secret containing S3 credentials
#     # existingSecretAccessKeyIdKey: "access-key-id"  # Key in existing secret containing access key ID
#     # existingSecretSecretAccessKeyKey: "secret-access-key"  # Key in existing secret containing secret access key