--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app redlib namespace: default spec: interval: 30m chart: spec: chart: app-template version: 3.5.1 sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: retries: 3 uninstall: keepHistory: false values: defaultPodOptions: securityContext: runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true controllers: redlib: annotations: reloader.stakater.com/auto: "true" containers: app: image: repository: quay.io/redlib/redlib tag: latest@sha256:645a98c118cd65e9910fb0268d7d7a4db2d01af4abfaa271b60eb278de7706d5 env: REDLIB_DEFAULT_SHOW_NSFW: on REDLIB_DEFAULT_WIDE: on REDLIB_DEFAULT_USE_HLS: on REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION: on envFrom: - secretRef: name: redlib-secret resources: requests: cpu: 5m memory: 50Mi limits: memory: 250Mi probes: liveness: &probes enabled: true custom: true spec: httpGet: path: /settings port: &port 8080 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 readiness: *probes startup: enabled: false securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL service: app: controller: *app ports: http: port: *port ingress: app: enabled: true className: external-nginx annotations: external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/target: external.hsn.dev hosts: - host: &host red.hsn.dev paths: - path: / service: identifier: app port: http tls: - hosts: - *host