generated from onedr0p/cluster-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
helmrelease.yaml
133 lines (133 loc) · 3.43 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kopia
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.2.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
kopia:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/kopia/kopia
tag: 0.17.0@sha256:ffe26ae1df2757c42852dce62a381e3fc790e49b02370e2635bb6d0bf2aef7ef
env:
TZ: America/New_York
envFrom:
- secretRef:
name: kopia-secret
args:
- server
- start
- --insecure
- --address
- 0.0.0.0:80
- --override-hostname
- osiris.286k.co
- --override-username
- twitlin
- --without-password
- --metrics-listen-addr
- 0.0.0.0:8080
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 6
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 100m
limits:
memory: 2Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [10000]
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: kopia
ports:
http:
port: 80
metrics:
port: 8080
serviceMonitor:
app:
serviceName: kopia
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
ingress:
main:
className: internal
hosts:
- host: "{{ .Release.Name }}.286k.co"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config-file:
type: secret
name: kopia-repository-secret
globalMounts:
- path: /app/config/repository.config
subPath: repository.config
readOnly: true
cache:
type: emptyDir
globalMounts:
- path: /app/cache
logs:
type: emptyDir
globalMounts:
- path: /app/logs
media:
type: hostPath
hostPath: /pluto
hostPathType: Directory
globalMounts:
- path: /pluto
readOnly: true