# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: navidrome spec: interval: 5m chart: spec: chart: app-template version: 3.5.1 sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: controllers: navidrome: containers: app: image: repository: deluan/navidrome tag: 0.53.3 env: ND_SCANSCHEDULE: 1h ND_LOGLEVEL: info probes: liveness: &probes enabled: true custom: true spec: httpGet: path: / port: &port 4533 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 readiness: *probes startup: enabled: true spec: failureThreshold: 30 periodSeconds: 10 # securityContext: # allowPrivilegeEscalation: false # readOnlyRootFilesystem: true # capabilities: { drop: ["ALL"] } defaultPodOptions: securityContext: # runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch service: app: controller: navidrome ports: http: port: *port ingress: app: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure #className: external hosts: - host: "navidrome.${SECRET_NEW_DOMAIN}" paths: - path: / service: identifier: app port: http persistence: data: existingClaim: navidrome globalMounts: - path: /data cache: type: persistentVolumeClaim size: 15Gi retain: true storageClass: mainpool-hostpath accessMode: ReadWriteOnce globalMounts: - path: /data/cache music: type: hostPath hostPath: /mnt/MainPool/Media/Media/Music globalMounts: - path: /music readOnly: true