--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: sabnzbd spec: interval: 30m chart: spec: chart: app-template version: 3.1.0 sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: retries: 3 strategy: rollback dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - name: volsync namespace: volsync-system values: controllers: sabnzbd: annotations: reloader.stakater.com/auto: "true" containers: app: image: repository: ghcr.io/onedr0p/sabnzbd tag: 4.2.3@sha256:da0b03dabd606e8328d772cd53bbdeaac5e787ad19e3cc0533525d1be27f5261 env: TZ: America/Chicago SABNZBD__PORT: &port 80 SABNZBD__HOST_WHITELIST_ENTRIES: >- sabnzbd, sabnzbd.default, sabnzbd.default.svc, sabnzbd.default.svc.cluster, sabnzbd.default.svc.cluster.local, sabz.jahanson.tech, sabnzbd.jahanson.tech envFrom: - secretRef: name: sabnzbd-secret probes: liveness: &probes enabled: true custom: true spec: httpGet: path: /api?mode=version port: *port initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 readiness: *probes startup: enabled: false securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: ["ALL"] } resources: requests: cpu: 100m limits: memory: 8Gi pod: securityContext: runAsUser: 568 runAsGroup: 568 runAsNonRoot: true fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [10000] service: app: controller: sabnzbd ports: http: port: *port ingress: app: enabled: true className: internal-nginx hosts: - host: &host sabz.jahanson.tech paths: - path: / service: identifier: app port: http tls: - hosts: - *host persistence: config: enabled: true existingClaim: sabnzbd tmp: type: emptyDir media: type: nfs server: 10.1.1.11 path: /volume1/Media globalMounts: - path: /data/nas-media