-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
132 lines (128 loc) · 4.15 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.5.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: change-detection
namespace: change-detection
spec:
chart:
spec:
chart: app-template
version: 3.5.1
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
change-detection:
containers:
app:
image:
repository: ghcr.io/dgtlmoon/changedetection.io
tag: 0.47.06@sha256:6e9dcf4abc1cfb0b1eeba6b6ff52a4b6f790110d6cdc8b7942c6cecf34e56265
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
BASE_URL: https://${app_url}
PLAYWRIGHT_DRIVER_URL: ws://change-detection-browserless:3000/chromium?token=${browser_token}&blockAds=true&launch={"stealth":true}
probes:
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
liveness:
enabled: true
readiness:
enabled: true
securityContext:
runAsUser: 65534
runAsGroup: 65534
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities: { drop: [ALL] }
pod:
labels:
policy.gabe565.com/egress-namespace: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
terminationGracePeriodSeconds: 1
browserless:
containers:
app:
image:
repository: ghcr.io/browserless/chromium
tag: v2.23.0@sha256:98e8cd2137ec120cc11cade720c5546f2d1cda2fb426bf59c0b722e563d0dbd9
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
DEBUG: "browserless*,-*:trace,-*:verbose"
ENABLE_DEBUGGER: "false"
TOKEN: ${browser_token}
TIMEOUT: "60000"
securityContext:
runAsUser: 999
runAsGroup: 999
allowPrivilegeEscalation: false
capabilities: { drop: [ALL] }
pod:
labels:
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-namespace: "true"
defaultPodOptions:
securityContext:
runAsNonRoot: true
seccompProfile: { type: RuntimeDefault }
service:
change-detection:
controller: change-detection
ports:
http:
port: 5000
browserless:
controller: browserless
ports:
http:
port: 3000
persistence:
data:
enabled: true
storageClass: longhorn-ssd
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
change-detection:
app:
- path: /datastore
tmp:
enabled: true
type: emptyDir
ingress:
change-detection:
enabled: true
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: change-detection
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}