k3s-cluster/kubernetes/main/apps/download/autobrr/app/helm-release.yaml

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: autobrr
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 3.7.3
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system
  values:
    controllers:
      autobrr:
        initContainers:
          init-db:
            image:
              repository: ghcr.io/onedr0p/postgres-init
              tag: 16
            env:
              INIT_POSTGRES_DBNAME: &dbName autobrr
              INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
              INIT_POSTGRES_PORT: &dbPort "5432"
            envFrom: &envFrom
              - secretRef:
                  name: autobrr-secret
        containers:
          app:
            image:
              repository: ghcr.io/autobrr/autobrr
              tag: v1.60.0
            envFrom: *envFrom
            env:
              AUTOBRR__HOST: "0.0.0.0"
              AUTOBRR__PORT: &port 8080
              AUTOBRR__LOG_LEVEL: "TRACE"
              AUTOBRR__CHECK_FOR_UPDATES: false
              AUTOBRR__DATABASE_TYPE: postgres
              AUTOBRR__POSTGRES_HOST: *dbHost
              AUTOBRR__POSTGRES_PORT: *dbPort
              AUTOBRR__POSTGRES_DATABASE: *dbName
              AUTOBRR__OIDC_ENABLED: true
              AUTOBRR__OIDC_ISSUER: https://auth.${SECRET_NEW_DOMAIN}/application/o/autobrr/
              AUTOBRR__OIDC_REDIRECT_URL: https://autobrr.${SECRET_NEW_DOMAIN}/api/auth/oidc/callback
              AUTOBRR__OIDC_DISABLE_BUILT_IN_LOGIN: false
              AUTOBRR__METRICS_ENABLED: true
              AUTOBRR__METRICS_HOST: "0.0.0.0"
              AUTOBRR__METRICS_PORT: &metricsPort 8081
            probes:
              liveness: &probes
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /
                    port: *port
                  initialDelaySeconds: 0
                  periodSeconds: 10
                  timeoutSeconds: 1
                  failureThreshold: 3
              readiness: *probes
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: { drop: ["ALL"] }
            resources:
              requests:
                memory: 100Mi
              limits:
                memory: 4Gi
    defaultPodOptions:
      securityContext:
        runAsNonRoot: true
        runAsUser: 10000
        runAsGroup: 10000
        fsGroup: 10000
        fsGroupChangePolicy: OnRootMismatch
    service:
      app:
        controller: autobrr
        ports:
          http:
            port: *port
          metrics:
            port: *metricsPort
            protocol: HTTP
    ingress:
      app:
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          #traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
        - host: "autobrr.${SECRET_NEW_DOMAIN}"
          paths:
          - path: /
            service:
              identifier: app
              port: http
    persistence:
      # Autobrr is configured through environmental vars. This is being made to provide a place
      # for temporary log files
      config:
        type: emptyDir
        globalMounts:
          - path: /config