--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: piped spec: chart: spec: chart: app-template version: 3.5.1 interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system interval: 30m values: defaultPodOptions: automountServiceAccountToken: false controllers: backend: strategy: RollingUpdate annotations: secret.reloader.stakater.com/reload: piped-secret pod: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" containers: app: image: repository: 1337kavin/piped tag: latest@sha256:e9938cdda0745c4986d4add0f255777d3989849b851f290d94a4ab2b21c25384 probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault frontend: strategy: RollingUpdate pod: securityContext: runAsUser: 101 runAsGroup: 101 fsGroup: 101 fsGroupChangePolicy: "OnRootMismatch" containers: app: image: repository: ghcr.io/bjw-s-labs/piped-frontend tag: latest@sha256:5c04473c5da8f55553c1673619cdb676fc6b55a4ad5887800cae652709308321 env: HTTP_PORT: 8080 HTTP_WORKERS: 4 BACKEND_HOSTNAME: piped-api.hsn.dev probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 32Mi limits: memory: 256Mi securityContext: allowPrivilegeEscalation: false ytproxy: strategy: RollingUpdate pod: securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" containers: app: image: repository: 1337kavin/piped-proxy tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59 command: - /app/piped-proxy probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault service: backend: controller: backend ports: http: port: 8080 frontend: controller: frontend ports: http: port: 8080 ytproxy: controller: ytproxy ports: http: port: 8080 ingress: backend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-api.hsn.dev paths: - path: / service: identifier: backend port: http frontend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped.hsn.dev paths: - path: / service: identifier: frontend port: http ytproxy: className: "internal-nginx" annotations: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-proxy.jahanson.tech paths: - path: / service: identifier: ytproxy port: http persistence: config: type: secret name: piped-secret advancedMounts: backend: app: - path: /app/config.properties subPath: config.properties readOnly: true