--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app atuin spec: interval: 30m chart: spec: chart: app-template version: 3.6.0 sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: strategy: rollback retries: 3 values: controllers: atuin: strategy: RollingUpdate annotations: reloader.stakater.com/auto: "true" containers: app: image: repository: ghcr.io/atuinsh/atuin tag: 18.4.0@sha256:8c6fa0aea944bf2a39665c9c69df1c2c0f9c05207bda5b942d450142285e3ee1 env: ATUIN_HOST: 0.0.0.0 ATUIN_PORT: &port 80 ATUIN_OPEN_REGISTRATION: "true" ATUIN_METRICS__ENABLE: "true" ATUIN_METRICS__HOST: 0.0.0.0 ATUIN_METRICS__PORT: &metricsPort 8080 ATUIN_TLS__ENABLE: "false" envFrom: - secretRef: name: atuin-secret args: ["server", "start"] probes: liveness: &probes enabled: true custom: true spec: httpGet: path: / port: *port initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 readiness: *probes securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: ["ALL"] } resources: requests: cpu: 10m limits: memory: 256Mi defaultPodOptions: securityContext: runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 seccompProfile: { type: RuntimeDefault } service: app: controller: atuin ports: http: primary: true port: *port metrics: port: *metricsPort serviceMonitor: app: serviceName: atuin endpoints: - port: metrics scheme: http path: /metrics interval: 1m scrapeTimeout: 10s ingress: app: annotations: external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/target: external.hsn.dev className: external-nginx hosts: - host: &host sh.hsn.dev paths: - path: / service: identifier: app port: http tls: - hosts: - *host persistence: config: type: emptyDir