alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

change freshrss to app-template deployment

Browse Source
This commit is contained in:
Alex Lebens
2024-05-27 17:51:59 -05:00
parent 3cd83071da
commit 0a4d1734ef
3 changed files with 93 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/cl01tl/applications/freshrss/Chart.yaml
View File

@@ -5,9 +5,14 @@ sources:
- https://github.com/FreshRSS/FreshRSS
- https://github.com/alexlebens/helm-charts/tree/main/charts/hfreshrss
dependencies:
- name: freshrss
version: 0.0.3
repository: http://alexlebens.github.io/helm-charts
- name: app-template
alias: freshrss
repository: https://bjw-s.github.io/helm-charts/
version: 3.2.1
- name: app-template
alias: cloudflared
repository: https://bjw-s.github.io/helm-charts/
version: 3.2.1
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.1.0

25
clusters/cl01tl/applications/freshrss/templates/external-secret.yaml
View File

@@ -61,6 +61,31 @@ spec:
metadataPolicy: None
property: FRESHRSS_USER
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: freshrss-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/freshrss
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret

83
clusters/cl01tl/applications/freshrss/values.yaml
View File

@@ -1,28 +1,65 @@
freshrss:
deployment:
env:
TZ: US/Central
CRON_MIN: 13,43
OIDC_ENABLED: 1
OIDC_PROVIDER_METADATA_URL: https://authentik.alexlebens.net/application/o/freshrss/.well-known/openid-configuration
OIDC_X_FORWARDED_HEADERS: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
OIDC_SCOPES: openid email profile
OIDC_REMOTE_USER_CLAIM: preferred_username
envFrom:
- secretRef:
name: freshrss-oidc-secret
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
host: rss.alexlebens.net
controllers:
autosync:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freshrss/freshrss
tag: 1.23.1
pullPolicy: IfNotPresent
env:
- name: PGID
value: "568"
- name: PUID
value: "568"
- name: TZ
value: US/Central
- name: FRESHRSS_ENV
value: production
- name: CRON_MIN
value: 13,43
- name: OIDC_ENABLED
value: 1
- name: OIDC_PROVIDER_METADATA_URL
value: https://authentik.alexlebens.net/application/o/freshrss/.well-known/openid-configuration
- name: OIDC_X_FORWARDED_HEADERS
value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
- name: OIDC_SCOPES
value: openid email profile
- name: OIDC_REMOTE_USER_CLAIM
value: preferred_username
envFrom:
- secretRef:
name: freshrss-oidc-secret
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
service:
back:
controller: back
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
persistence:
config:
storageClassName: ceph-block
storageSize: 5Gi
back:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
back:
main:
- path: /config
readOnly: false
postgres-16-cluster:
mode: standalone
kubernetesClusterName: cl01tl