-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
133 lines (128 loc) · 3.81 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: scanservjs
namespace: scanservjs
spec:
chart:
spec:
chart: app-template
version: 3.4.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
scanservjs:
containers:
app:
image:
repository: sbs20/scanservjs
tag: release-v3.0.3@sha256:dad1fd6e9a98957d324499e822a3019cc43d6557e314635c82665baf576b960e
pullPolicy: IfNotPresent
command: [node, /usr/lib/scanservjs/server/server.js]
env:
TZ: America/Chicago
probes:
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
liveness:
enabled: true
readiness:
enabled: true
securityContext:
readOnlyRootFilesystem: true
pod:
terminationGracePeriodSeconds: 1
labels:
policy.gabe565.com/egress-nodes: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
securityContext:
runAsUser: 1026
runAsGroup: 100
fsGroup: 100
fsGroupChangePolicy: OnRootMismatch
persistence:
config:
enabled: true
retain: true
storageClass: longhorn-ssd
accessMode: ReadWriteOnce
size: 1Gi
globalMounts:
- path: /etc/scanservjs
subPath: config
- path: /var/lib/scanservjs
subPath: data
output:
enabled: true
type: nfs
server: 192.168.1.240
path: /volume1/documents/Scans
globalMounts:
- path: /var/lib/scanservjs/output
sane:
enabled: true
type: configMap
name: scanservjs-sane
globalMounts:
- path: /etc/sane.d/net.conf
subPath: net.conf
tmp:
enabled: true
type: emptyDir
globalMounts:
- path: /tmp
service:
scanservjs:
controller: scanservjs
ports:
http:
port: 8080
ingress:
scanservjs:
enabled: true
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: scanservjs
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
configMaps:
sane:
enabled: true
data:
net.conf: |
192.168.1.245
secrets:
scantopl:
enabled: true
stringData:
PLTOKEN: ${paperless_token}