-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
132 lines (126 loc) · 3.71 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: miniflux
namespace: miniflux
spec:
chart:
spec:
chart: app-template
version: 3.4.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
miniflux:
strategy: RollingUpdate
containers:
app:
image:
repository: ghcr.io/miniflux/miniflux
tag: 2.2.0@sha256:6af80564e67447512dc724474d7c882bb6f55e31b4453b93cceb3d6c0ee63a5a
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
DATABASE_URL:
secretKeyRef:
name: postgresql-app
key: uri
RUN_MIGRATIONS: "1"
CREATE_ADMIN: "0"
OAUTH2_PROVIDER: oidc
OAUTH2_CLIENT_ID: ${oauth2_client_id}
OAUTH2_CLIENT_SECRET: ${oauth2_client_secret}
OAUTH2_REDIRECT_URL: https://${app_url}/oauth2/oidc/callback
OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://${auth_host}/application/o/miniflux/
OAUTH2_USER_CREATION: "1"
METRICS_COLLECTOR: "1"
METRICS_ALLOWED_NETWORKS: 0.0.0.0/0
probes:
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
liveness:
enabled: true
readiness:
enabled: true
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
policy.gabe565.com/egress-ingress: "true"
policy.gabe565.com/egress-namespace: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
policy.gabe565.com/ingress-prometheus: "true"
service:
miniflux:
controller: miniflux
ports:
http:
port: 8080
ingress:
miniflux:
enabled: true
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: miniflux
port: http
tls: &tls
- secretName: ${certificate_name}
hosts:
- ${app_url}
metrics:
enabled: true
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
return 404;
hosts:
- host: ${app_url}
paths:
- path: /metrics
pathType: Exact
service:
identifier: miniflux
port: http
tls: *tls
redirect:
enabled: true
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
access_by_lua_block {
if ngx.var.cookie_MinifluxUserSessionID == nil then
return ngx.redirect("/oauth2/oidc/redirect")
end
}
hosts:
- host: ${app_url}
paths:
- path: /
pathType: Exact
service:
identifier: miniflux
port: http
tls: *tls
serviceMonitor:
main:
enabled: true
serviceName: miniflux
endpoints:
- port: http
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s