-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
132 lines (125 loc) · 4.16 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.5.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: healthchecks
namespace: healthchecks
spec:
chart:
spec:
chart: app-template
version: 3.5.1
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
healthchecks:
strategy: RollingUpdate
containers:
app:
image:
repository: healthchecks/healthchecks
tag: v3.9@sha256:886de7af8116580d31dafb7ed5cb9dc93146a3e0564788999c8ab7658f0380ad
pullPolicy: IfNotPresent
env:
TZ: America/Chicago
SITE_NAME: Cook Healthchecks
SITE_ROOT: https://${app_url}
RP_ID: ${app_url}
SITE_LOGO_URL: /static/img/logo.svg
DEBUG: "False"
SECRET_KEY: ${secret_key}
EMAIL_HOST: ${smtp_hostname}
EMAIL_HOST_USER: ${smtp_username}
EMAIL_HOST_PASSWORD: ${smtp_password}
EMAIL_PORT: "587"
EMAIL_USE_TLS: "True"
DEFAULT_FROM_EMAIL: ${smtp_username}
TELEGRAM_TOKEN: ${telegram_token}
TELEGRAM_BOT_NAME: Healthchecks
REMOTE_USER_HEADER: HTTP_X_AUTHENTIK_EMAIL
INTEGRATIONS_ALLOW_PRIVATE_IPS: "True"
UWSGI_DISABLE_LOGGING: "1"
UWSGI_PROCESSES: "1"
DB: postgres
DB_HOST: postgresql-rw
DB_NAME: healthchecks
DB_USER: healthchecks
DB_PASSWORD:
secretKeyRef:
name: postgresql-app
key: password
S3_ENDPOINT: ${s3_endpoint}
S3_REGION: us-central-1
S3_BUCKET: healthchecks
S3_ACCESS_KEY: ${s3_access_key}
S3_SECRET_KEY: ${s3_secret_key}
probes:
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 5
liveness:
enabled: true
readiness:
enabled: true
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
policy.gabe565.com/egress-namespace: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
policy.gabe565.com/ingress-prometheus: "true"
persistence:
static:
enabled: true
type: configMap
name: healthchecks-static
globalMounts:
- path: /opt/healthchecks/static-collected/img/logo.svg
subPath: logo.svg
service:
healthchecks:
controller: healthchecks
ports:
http:
port: 8000
ingress:
healthchecks:
enabled: true
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: healthchecks
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
serviceMonitor:
healthchecks:
enabled: true
serviceName: healthchecks
endpoints:
- port: http
scheme: http
path: ${service_monitor_path}