220 lines
7.1 KiB
YAML
220 lines
7.1 KiB
YAML
freshrss:
|
|
controllers:
|
|
main:
|
|
type: deployment
|
|
replicas: 1
|
|
strategy: Recreate
|
|
revisionHistoryLimit: 3
|
|
initContainers:
|
|
init-download-extension-1:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
apk add --no-cache git;
|
|
cd /tmp;
|
|
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
|
|
cd cntools_FreshRssExtensions;
|
|
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
|
|
git checkout;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
|
|
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
init-download-extension-2:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
apk add --no-cache git;
|
|
cd /tmp;
|
|
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
|
|
cd Extensions;
|
|
git sparse-checkout set --no-cone /xExtension-ImageProxy;
|
|
git checkout;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
|
|
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
init-download-extension-3:
|
|
securityContext:
|
|
runAsUser: 0
|
|
image:
|
|
repository: alpine
|
|
tag: 3.22.1
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
cd /tmp;
|
|
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
|
|
tar -xvzf *.tar.gz;
|
|
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: freshrss/freshrss
|
|
tag: 1.26.3
|
|
pullPolicy: IfNotPresent
|
|
env:
|
|
- name: PGID
|
|
value: "568"
|
|
- name: PUID
|
|
value: "568"
|
|
- name: TZ
|
|
value: US/Central
|
|
- name: FRESHRSS_ENV
|
|
value: production
|
|
- name: CRON_MIN
|
|
value: 13,43
|
|
- name: BASE_URL
|
|
value: https://rss.alexlebens.dev
|
|
- name: DB_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: host
|
|
- name: DB_BASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: dbname
|
|
- name: DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: user
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: freshrss-postgresql-17-cluster-app
|
|
key: password
|
|
- name: FRESHRSS_INSTALL
|
|
value: |
|
|
--api-enabled
|
|
--base-url $(BASE_URL)
|
|
--db-base $(DB_BASE)
|
|
--db-host $(DB_HOST)
|
|
--db-password $(DB_PASSWORD)
|
|
--db-type pgsql
|
|
--db-user $(DB_USER)
|
|
--auth-type http_auth
|
|
--default-user admin
|
|
--language en
|
|
- name: FRESHRSS_USER
|
|
value: |
|
|
--api-password $(ADMIN_API_PASSWORD)
|
|
--email $(ADMIN_EMAIL)
|
|
--language en
|
|
--password $(ADMIN_PASSWORD)
|
|
--user admin
|
|
- name: OIDC_ENABLED
|
|
value: 1
|
|
- name: OIDC_PROVIDER_METADATA_URL
|
|
value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration
|
|
- name: OIDC_X_FORWARDED_HEADERS
|
|
value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
|
|
- name: OIDC_SCOPES
|
|
value: openid email profile
|
|
- name: OIDC_REMOTE_USER_CLAIM
|
|
value: preferred_username
|
|
envFrom:
|
|
- secretRef:
|
|
name: freshrss-oidc-secret
|
|
- secretRef:
|
|
name: freshrss-install-secret
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
service:
|
|
main:
|
|
controller: main
|
|
ports:
|
|
http:
|
|
port: 80
|
|
targetPort: 80
|
|
protocol: HTTP
|
|
persistence:
|
|
data:
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
retain: true
|
|
advancedMounts:
|
|
main:
|
|
main:
|
|
- path: /var/www/FreshRSS/data
|
|
readOnly: false
|
|
extensions:
|
|
storageClass: ceph-block
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
retain: true
|
|
advancedMounts:
|
|
main:
|
|
init-download-extension-1:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
init-download-extension-2:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
init-download-extension-3:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
main:
|
|
- path: /var/www/FreshRSS/extensions
|
|
readOnly: false
|
|
cloudflared:
|
|
existingSecretName: freshrss-cloudflared-secret
|
|
postgres-17-cluster:
|
|
mode: standalone
|
|
cluster:
|
|
storage:
|
|
storageClass: local-path
|
|
walStorage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
prometheusRule:
|
|
enabled: true
|
|
recovery:
|
|
method: objectStore
|
|
objectStore:
|
|
endpointURL: https://nyc3.digitaloceanspaces.com
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
|
|
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
|
|
recoveryIndex: 3
|
|
backup:
|
|
enabled: true
|
|
endpointURL: https://nyc3.digitaloceanspaces.com
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
|
|
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
|
|
backupIndex: 3
|
|
retentionPolicy: "7d"
|