--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app atuin spec: interval: 1h chartRef: kind: OCIRepository name: app-template install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: strategy: rollback retries: 3 values: controllers: atuin: annotations: reloader.stakater.com/auto: "true" containers: app: image: repository: ghcr.io/onedr0p/atuin-server-sqlite tag: v18.3.0@sha256:9d8e8b983d8a8113d87a72111b158552d49ad050ef98ebfe3e7bdd12a5207466 env: ATUIN_HOST: 0.0.0.0 ATUIN_PORT: &port 8080 ATUIN_OPEN_REGISTRATION: "true" args: [server, start] probes: liveness: &probes enabled: true custom: true spec: httpGet: path: / port: *port initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 readiness: *probes securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: [ALL] } resources: requests: cpu: 10m limits: memory: 256Mi defaultPodOptions: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch seccompProfile: { type: RuntimeDefault } service: app: controller: *app ports: http: port: *port # route: # app: # hostnames: ["sh.${SECRET_EXTERNAL_DOMAIN}"] # parentRefs: # - name: internal # namespace: network # sectionName: https # rules: # - backendRefs: # - name: app # port: *port ingress: app: enabled: true className: internal hosts: - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: identifier: app port: http tls: - hosts: - *host persistence: config: existingClaim: atuin