-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
94 lines (90 loc) · 3.03 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.2.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: prowlarr
namespace: prowlarr
spec:
chart:
spec:
chart: app-template
version: 3.2.1
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
prowlarr:
containers:
app:
image:
repository: ghcr.io/onedr0p/prowlarr
tag: 1.19.0.4568@sha256:fa2d6968b50c4b15ea80bf32ef6ccaf0b7190f71e6c53cc35ae1d2c97ba8f124
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
probes:
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
liveness:
enabled: true
readiness:
enabled: true
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
policy.gabe565.com/egress-qbittorrent: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
service:
prowlarr:
controller: prowlarr
ports:
http:
port: 9696
persistence:
config:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
ingress:
prowlarr:
enabled: true
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: prowlarr
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,Authorization
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</body>' '<link rel="stylesheet" href="${theme_park}/base/prowlarr/overseerr.css"></body>';