--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: piped spec: chart: spec: chart: app-template version: 3.5.1 interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system interval: 30m values: defaultPodOptions: automountServiceAccountToken: false securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" controllers: backend: strategy: RollingUpdate annotations: secret.reloader.stakater.com/reload: piped-secret containers: app: image: repository: 1337kavin/piped tag: latest@sha256:e9938cdda0745c4986d4add0f255777d3989849b851f290d94a4ab2b21c25384 probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault frontend: strategy: RollingUpdate containers: app: image: repository: ghcr.io/bjw-s-labs/piped-frontend tag: 2024.10.23@sha256:e748027a405268ffc5b6fe67bc6b716fb7d8ebea3bc0553e03fe2ee141cc47a8 env: BACKEND_HOSTNAME: piped-api.hsn.dev probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 32Mi limits: memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true ytproxy: strategy: RollingUpdate containers: app: image: repository: 1337kavin/piped-proxy tag: latest@sha256:1d97d5a7c7e464c1b43eca485723962af85b038e1c614fd35ab50b1b6cbdc3ba command: - /app/piped-proxy probes: liveness: enabled: true readiness: enabled: true resources: requests: cpu: 10m memory: 500Mi limits: memory: 2000Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault service: backend: controller: backend ports: http: port: 8080 frontend: controller: frontend ports: http: port: 8080 ytproxy: controller: ytproxy ports: http: port: 8080 ingress: backend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-api.hsn.dev paths: - path: / service: identifier: backend port: http frontend: className: "external-nginx" annotations: external-dns.alpha.kubernetes.io/target: external.hsn.dev external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped.hsn.dev paths: - path: / service: identifier: frontend port: http ytproxy: className: "internal-nginx" annotations: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "https://piped.hsn.dev, https://piped-api.hsn.dev, https://piped-proxy.jahanson.tech" hosts: - host: piped-proxy.jahanson.tech paths: - path: / service: identifier: ytproxy port: http persistence: config: type: secret name: piped-secret advancedMounts: backend: app: - path: /app/config.properties subPath: config.properties readOnly: true