diff --git a/helm/sim/examples/values-azure.yaml b/helm/sim/examples/values-azure.yaml index 982605fa7..a11b55adc 100644 --- a/helm/sim/examples/values-azure.yaml +++ b/helm/sim/examples/values-azure.yaml @@ -4,8 +4,9 @@ # Global configuration global: imageRegistry: "ghcr.io" - # Use "managed-csi-premium" for Premium SSD (requires Premium storage-capable VMs like Standard_DS*) - # Use "managed-csi" for Standard SSD (works with all VM types) + # Use "managed-csi-premium" for Premium SSD, "managed-csi" for Standard SSD + # IMPORTANT: For production, use a StorageClass with reclaimPolicy: Retain + # to protect database volumes from accidental deletion. storageClass: "managed-csi" # Main application diff --git a/helm/sim/examples/values-production.yaml b/helm/sim/examples/values-production.yaml index 794afa4ac..9874cb1a5 100644 --- a/helm/sim/examples/values-production.yaml +++ b/helm/sim/examples/values-production.yaml @@ -4,6 +4,7 @@ # Global configuration global: imageRegistry: "ghcr.io" + # For production, use a StorageClass with reclaimPolicy: Retain storageClass: "managed-csi-premium" # Main application diff --git a/helm/sim/templates/certificate-postgresql.yaml b/helm/sim/templates/certificate-postgresql.yaml index bbe390adf..84f507caf 100644 --- a/helm/sim/templates/certificate-postgresql.yaml +++ b/helm/sim/templates/certificate-postgresql.yaml @@ -11,12 +11,12 @@ spec: duration: {{ .Values.postgresql.tls.duration | default "87600h" }} # Default: 10 years renewBefore: {{ .Values.postgresql.tls.renewBefore | default "2160h" }} # Default: 90 days before expiry isCA: false - {{- if .Values.postgresql.tls.rotationPolicy }} - rotationPolicy: {{ .Values.postgresql.tls.rotationPolicy }} - {{- end }} privateKey: algorithm: {{ .Values.postgresql.tls.privateKey.algorithm | default "RSA" }} size: {{ .Values.postgresql.tls.privateKey.size | default 4096 }} + {{- if .Values.postgresql.tls.rotationPolicy }} + rotationPolicy: {{ .Values.postgresql.tls.rotationPolicy }} + {{- end }} usages: - server auth - client auth diff --git a/helm/sim/templates/configmap-branding.yaml b/helm/sim/templates/configmap-branding.yaml index 4e22d3a2b..ae05c4dd8 100644 --- a/helm/sim/templates/configmap-branding.yaml +++ b/helm/sim/templates/configmap-branding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.branding.enabled }} +{{- if and .Values.branding.enabled (or .Values.branding.files .Values.branding.binaryFiles) }} --- # Branding ConfigMap # Mounts custom branding assets (logos, CSS, etc.) into the application diff --git a/helm/sim/templates/deployment-app.yaml b/helm/sim/templates/deployment-app.yaml index 5362dd43e..31be48aa3 100644 --- a/helm/sim/templates/deployment-app.yaml +++ b/helm/sim/templates/deployment-app.yaml @@ -110,9 +110,10 @@ spec: {{- end }} {{- include "sim.resources" .Values.app | nindent 10 }} {{- include "sim.securityContext" .Values.app | nindent 10 }} - {{- if or .Values.branding.enabled .Values.extraVolumeMounts .Values.app.extraVolumeMounts }} + {{- $hasBranding := and .Values.branding.enabled (or .Values.branding.files .Values.branding.binaryFiles) }} + {{- if or $hasBranding .Values.extraVolumeMounts .Values.app.extraVolumeMounts }} volumeMounts: - {{- if .Values.branding.enabled }} + {{- if $hasBranding }} - name: branding mountPath: {{ .Values.branding.mountPath | default "/app/public/branding" }} readOnly: true @@ -124,9 +125,10 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if or .Values.branding.enabled .Values.extraVolumes .Values.app.extraVolumes }} + {{- $hasBranding := and .Values.branding.enabled (or .Values.branding.files .Values.branding.binaryFiles) }} + {{- if or $hasBranding .Values.extraVolumes .Values.app.extraVolumes }} volumes: - {{- if .Values.branding.enabled }} + {{- if $hasBranding }} - name: branding configMap: name: {{ include "sim.fullname" . }}-branding