apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: sonarr namespace: download spec: interval: 5m chart: spec: chart: app-template version: 1.3.x sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: image: repository: ghcr.io/onedr0p/sonarr-develop tag: rolling # Metrics sidecar sidecars: exportarr: image: ghcr.io/onedr0p/exportarr:latest args: - sonarr ports: - name: metrics containerPort: 9000 env: - name: URL value: "http://localhost" - name: CONFIG value: "/config/config.xml" - name: PORT value: 9000 - name: ENABLE_ADDITIONAL_METRICS value: "true" - name: ENABLE_UNKNOWN_QUEUE_ITEMS value: "true" volumeMounts: - name: config mountPath: /config readOnly: true securityContext: runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch env: TZ: America/New_York service: main: labels: app: sonarr-service ports: http: port: 8989 metrics: enabled: true port: 9000 protocol: HTTP probes: liveness: enabled: true custom: true spec: httpGet: path: /ping port: 8989 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 startup: enabled: false ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "sonarr.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls persistence: config: enabled: true type: hostPath hostPath: /mnt/MainPool/Kubernetes/sonarr mountPath: /config storage: enabled: true type: hostPath hostPath: /mnt/MainPool/Media mountPath: /storage podSecurityContext: runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch resources: requests: cpu: 2m memory: 350Mi limits: memory: 2500Mi