mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
7d1c1de22e
| datasource | package | from | to | | ---------- | ------------ | ----- | ----- | | helm | app-template | 1.3.2 | 1.4.0 |
120 lines
2.9 KiB
YAML
120 lines
2.9 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: &app authelia
|
|
namespace: default
|
|
spec:
|
|
interval: 15m
|
|
chart:
|
|
spec:
|
|
chart: app-template
|
|
version: 1.4.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: bjw-s
|
|
namespace: flux-system
|
|
maxHistory: 3
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
retries: 3
|
|
uninstall:
|
|
keepHistory: false
|
|
values:
|
|
controller:
|
|
replicas: 2
|
|
strategy: RollingUpdate
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
image:
|
|
repository: ghcr.io/authelia/authelia
|
|
tag: 4.37.5
|
|
envFrom:
|
|
- secretRef:
|
|
name: authelia-secret
|
|
enableServiceLinks: false
|
|
service:
|
|
main:
|
|
ports:
|
|
http:
|
|
port: &port 8888
|
|
metrics:
|
|
enabled: true
|
|
port: 8080
|
|
probes:
|
|
liveness: &probes
|
|
enabled: true
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
path: /api/health
|
|
port: *port
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
failureThreshold: 3
|
|
readiness: *probes
|
|
startup:
|
|
enabled: false
|
|
serviceMonitor:
|
|
main:
|
|
enabled: true
|
|
endpoints:
|
|
- port: metrics
|
|
scheme: http
|
|
path: /metrics
|
|
interval: 1m
|
|
scrapeTimeout: 10s
|
|
ingress:
|
|
main:
|
|
enabled: true
|
|
ingressClassName: "nginx"
|
|
annotations:
|
|
external-dns.home.arpa/enabled: "true"
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
add_header Cache-Control "no-store";
|
|
add_header Pragma "no-cache";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
hajimari.io/icon: mdi:shield-account
|
|
hosts:
|
|
- host: &host "auth.${SECRET_CLUSTER_DOMAIN}"
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- *host
|
|
podSecurityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
fsGroup: 568
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
type: configMap
|
|
name: authelia-configmap
|
|
subPath: configuration.yml
|
|
mountPath: /config/configuration.yml
|
|
readOnly: false
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: *app
|
|
resources:
|
|
requests:
|
|
cpu: 5m
|
|
memory: 10Mi
|
|
limits:
|
|
memory: 100Mi
|