mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-30 23:45:25 +02:00
135 lines
3.6 KiB
YAML
135 lines
3.6 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: &app gatus
|
|
spec:
|
|
interval: 1h
|
|
chartRef:
|
|
kind: OCIRepository
|
|
name: app-template
|
|
install:
|
|
remediation:
|
|
retries: -1
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
retries: 3
|
|
values:
|
|
controllers:
|
|
gatus:
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
initContainers:
|
|
init-config:
|
|
image:
|
|
repository: ghcr.io/home-operations/k8s-sidecar
|
|
tag: 1.30.9@sha256:74d65c3def9276b24b5bfe41f8efb773174e7a1ecf3c9b5a31bd02cfdee232c9
|
|
env:
|
|
FOLDER: /config
|
|
LABEL: gatus.io/enabled
|
|
NAMESPACE: ALL
|
|
RESOURCE: both
|
|
UNIQUE_FILENAMES: true
|
|
METHOD: WATCH
|
|
restartPolicy: Always
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
limits:
|
|
memory: 128Mi
|
|
containers:
|
|
app:
|
|
image:
|
|
repository: ghcr.io/twin/gatus
|
|
tag: v5.23.2@sha256:041514059279f102d8e549a7c7c9f813ae9a0bf505c6d7c37aea9201af0bec3a
|
|
env:
|
|
TZ: ${TIMEZONE}
|
|
GATUS_CONFIG_PATH: /config
|
|
GATUS_DELAY_START_SECONDS: 5
|
|
GATUS_WEB_PORT: &port 8080
|
|
envFrom:
|
|
- secretRef:
|
|
name: gatus-secret
|
|
probes:
|
|
liveness: &probes
|
|
enabled: true
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
path: /health
|
|
port: *port
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
failureThreshold: 3
|
|
readiness: *probes
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities: { drop: ["ALL"] }
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
defaultPodOptions:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
seccompProfile: { type: RuntimeDefault }
|
|
service:
|
|
app:
|
|
controller: *app
|
|
ports:
|
|
http:
|
|
port: *port
|
|
serviceAccount:
|
|
gatus: {}
|
|
serviceMonitor:
|
|
app:
|
|
serviceName: *app
|
|
enabled: true
|
|
endpoints:
|
|
- port: http
|
|
route:
|
|
app:
|
|
hostnames: ["status.${SECRET_EXTERNAL_DOMAIN}"]
|
|
parentRefs:
|
|
- name: external
|
|
namespace: network
|
|
sectionName: https
|
|
rules:
|
|
- backendRefs:
|
|
- name: *app
|
|
port: *port
|
|
rbac:
|
|
roles:
|
|
gatus:
|
|
type: ClusterRole
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["configmaps", "secrets"]
|
|
verbs: ["get", "watch", "list"]
|
|
bindings:
|
|
gatus:
|
|
type: ClusterRoleBinding
|
|
roleRef:
|
|
identifier: *app
|
|
subjects:
|
|
- identifier: gatus
|
|
persistence:
|
|
config:
|
|
existingClaim: *app
|
|
config-file:
|
|
type: configMap
|
|
name: "{{ .Release.Name }}-configmap"
|
|
globalMounts:
|
|
- path: /config/config.yaml
|
|
subPath: config.yaml
|
|
readOnly: true
|