k3s-cluster/cluster/apps/default/mealie/helm-release.yaml

99 lines
2.5 KiB
YAML

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: mealie
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
# pod:
# securityContext:
# runAsNonRoot: true
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/mealie-recipes/mealie
tag: v1.7.0
env:
ALLOW_SIGNUP: true
PUID: 10000
PGID: 10000
TZ: ${SERVER_TIMEZONE}
MAX_WORKERS: 1
WEB_CONCURRENCY: 1
BASE_URL: &host meals.${SECRET_NEW_DOMAIN}
# database
DB_ENGINE: postgres
POSTGRES_USER: mealie
# specified in mealie-env
# POSTGRES_PASSWORD
POSTGRES_SERVER: postgresql.database
POSTGRES_PORT: 5432
POSTGRES_DB: mealie
# oidc
OIDC_AUTH_ENABLED: "True"
OIDC_SIGNUP_ENABLED: "True"
OIDC_ADMIN_GROUP: mealieAdmins
OIDC_AUTO_REDIRECT: "True"
OIDC_REMEMBER_ME: "True"
# specified in mealie-env
# OIDC_CONFIGURATION_URL
# OIDC_CLIENT_ID
envFrom:
- secretRef:
name: mealie-env
resources:
limits:
memory: 1Gi
service:
app:
controller: main
ports:
http:
port: 9000
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: *host
paths:
- path: /
service:
identifier: app
port: http
persistence:
data:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/Mealie
globalMounts:
- path: /app/data