--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: piped spec: chart: spec: chart: app-template version: 3.5.1 interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system interval: 30m values: defaultPodOptions: automountServiceAccountToken: false securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" controllers: backend: strategy: RollingUpdate annotations: secret.reloader.stakater.com/reload: piped-secret containers: app: image: repository: 1337kavin/piped tag: latest@sha256:18e77857414236edc7245bebb3fb8ab3ac49c44bd76701bfce24f6ba0170d4b8 probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault frontend: strategy: RollingUpdate containers: app: image: repository: ghcr.io/bjw-s-labs/piped-frontend tag: 2024.11.4@sha256:0e413986606f39cdc6afa0379feca912d4a4abbdcbe67b408c9fbe19fbabd10f env: BACKEND_HOSTNAME: piped-api.hsn.dev probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 32Mi limits: memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true ytproxy: strategy: RollingUpdate containers: app: image: repository: 1337kavin/piped-proxy tag: latest@sha256:450ed89bc04f419de764c4caec44496c23d7ea949d67113d76c38a1e08aeaf96 command: - /app/piped-proxy probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault service: backend: controller: backend ports: http: port: 8080 frontend: controller: frontend ports: http: port: 8080 ytproxy: controller: ytproxy ports: http: port: 8080 ingress: backend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-api.hsn.dev paths: - path: / service: identifier: backend port: http frontend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped.hsn.dev paths: - path: / service: identifier: frontend port: http ytproxy: className: "internal-nginx" annotations: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-proxy.jahanson.tech paths: - path: / service: identifier: ytproxy port: http persistence: config: type: secret name: piped-secret advancedMounts: backend: app: - path: /app/config.properties subPath: config.properties readOnly: true