mirror of
https://github.com/auricom/home-cluster.git
synced 2025-10-02 00:34:25 +02:00
113 lines
3.0 KiB
YAML
113 lines
3.0 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: &app calibre-web-automated
|
|
namespace: default
|
|
spec:
|
|
interval: 1h
|
|
chartRef:
|
|
kind: OCIRepository
|
|
name: app-template
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
strategy: rollback
|
|
retries: 3
|
|
values:
|
|
defaultPodOptions:
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
seccompProfile: { type: RuntimeDefault }
|
|
controllers:
|
|
${APP}:
|
|
containers:
|
|
app:
|
|
image:
|
|
repository: ghcr.io/crocodilestick/calibre-web-automated
|
|
tag: V3.1.4@sha256:577e846f104fd21453ef306eefb4a95dd95b3b9ddd2463a150944494284da0fd
|
|
env:
|
|
CACHE_DIR: /cache
|
|
# Skips/soft fail on privileged actions that shouldn't exist anyways
|
|
NETWORK_SHARE_MODE: true
|
|
S6_YES_I_WANT_A_WORLD_WRITABLE_RUN_BECAUSE_KUBERNETES: 1
|
|
S6_READ_ONLY_ROOT: 1
|
|
securityContext:
|
|
allowPrivilegeEscalation: true
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
add:
|
|
# S6
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
- FOWNER
|
|
- DAC_OVERRIDE
|
|
probes:
|
|
liveness: &probes
|
|
enabled: true
|
|
custom: true
|
|
spec:
|
|
httpGet:
|
|
port: &port 8083
|
|
path: /login
|
|
readiness: *probes
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 200Mi
|
|
limits:
|
|
memory: 600Mi
|
|
service:
|
|
app:
|
|
controller: *app
|
|
ports:
|
|
http:
|
|
port: *port
|
|
route:
|
|
app:
|
|
hostnames: ["calibre.${SECRET_EXTERNAL_DOMAIN}"]
|
|
parentRefs:
|
|
- name: internal
|
|
namespace: network
|
|
sectionName: https
|
|
rules:
|
|
- backendRefs:
|
|
- name: *app
|
|
port: *port
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
existingClaim: *app
|
|
globalMounts:
|
|
- path: /config
|
|
tmpfs:
|
|
type: emptyDir
|
|
globalMounts:
|
|
- path: /cache
|
|
subPath: cache
|
|
- path: /tmp
|
|
subPath: tmp
|
|
- path: /run
|
|
subPath: run
|
|
ingest:
|
|
type: nfs
|
|
server: &nas 192.168.9.10
|
|
path: /var/mnt/vol1/apps/calibre/ingest
|
|
globalMounts:
|
|
- path: /cwa-book-ingest
|
|
library:
|
|
type: nfs
|
|
server: *nas
|
|
path: /var/mnt/vol1/apps/calibre/library
|
|
globalMounts:
|
|
- path: /calibre-library
|