kubernetes/gabernetes/apps/scanservjs/app/helmrelease.yaml

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: scanservjs
  namespace: scanservjs
spec:
  chart:
    spec:
      chart: app-template
      version: 3.4.0
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        namespace: flux-system
        name: bjw-s
  interval: 1h
  driftDetection:
    mode: enabled
  values:
    controllers:
      scanservjs:
        containers:
          app:
            image:
              repository: sbs20/scanservjs
              tag: release-v3.0.3@sha256:dad1fd6e9a98957d324499e822a3019cc43d6557e314635c82665baf576b960e
              pullPolicy: IfNotPresent
            command: [node, /usr/lib/scanservjs/server/server.js]
            env:
              TZ: America/Chicago
            probes:
              startup:
                enabled: true
                spec:
                  failureThreshold: 30
                  periodSeconds: 5
              liveness:
                enabled: true
              readiness:
                enabled: true
            securityContext:
              readOnlyRootFilesystem: true
        pod:
          terminationGracePeriodSeconds: 1
          labels:
            policy.gabe565.com/egress-nodes: "true"
            policy.gabe565.com/egress-world: "true"
            policy.gabe565.com/ingress-ingress: "true"
          securityContext:
            runAsUser: 1026
            runAsGroup: 100
            fsGroup: 100
            fsGroupChangePolicy: OnRootMismatch

    persistence:
      config:
        enabled: true
        retain: true
        storageClass: longhorn-ssd
        accessMode: ReadWriteOnce
        size: 1Gi
        globalMounts:
          - path: /etc/scanservjs
            subPath: config
          - path: /var/lib/scanservjs
            subPath: data
      output:
        enabled: true
        type: nfs
        server: 192.168.1.240
        path: /volume1/documents/Scans
        globalMounts:
          - path: /var/lib/scanservjs/output
      sane:
        enabled: true
        type: configMap
        name: scanservjs-sane
        globalMounts:
          - path: /etc/sane.d/net.conf
            subPath: net.conf
      tmp:
        enabled: true
        type: emptyDir
        globalMounts:
          - path: /tmp

    service:
      scanservjs:
        controller: scanservjs
        ports:
          http:
            port: 8080

    ingress:
      scanservjs:
        enabled: true
        hosts:
          - host: ${app_url}
            paths:
              - path: /
                service:
                  identifier: scanservjs
                  port: http
        tls:
          - secretName: ${certificate_name}
            hosts:
              - ${app_url}
        annotations:
          nginx.ingress.kubernetes.io/auth-url: |-
            http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
          nginx.ingress.kubernetes.io/auth-signin: |-
            /outpost.goauthentik.io/start
          nginx.ingress.kubernetes.io/auth-response-headers: |-
            Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
          nginx.ingress.kubernetes.io/auth-snippet: |
            proxy_set_header X-Forwarded-Host $http_host;
          nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
          nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"

    configMaps:
      sane:
        enabled: true
        data:
          net.conf: |
            192.168.1.245

    secrets:
      scantopl:
        enabled: true
        stringData:
          PLTOKEN: ${paperless_token}