-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhelmrelease.yaml
More file actions
96 lines (91 loc) · 2.92 KB
/
helmrelease.yaml
File metadata and controls
96 lines (91 loc) · 2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: grist
spec:
interval: 30m
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 4
driftDetection:
mode: enabled
values:
controllers:
grist:
annotations:
reloader.stakater.com/auto: "true"
containers:
server:
image:
repository: docker.io/gristlabs/grist
tag: 1.7.12@sha256:e536e991fb1bd9a48db5262ca180bd978b8ffa2a34050fce80be9318ea3ad95c
envFrom:
- secretRef:
name: grist-secret
env:
APP_HOME_URL: https://sheets.${SECRET_DOMAIN}
GRIST_ALLOWED_HOSTS: &domain sheets.${SECRET_DOMAIN}
GRIST_DOMAIN: *domain
GRIST_SINGLE_ORG: sheets
GRIST_HIDE_UI_ELEMENTS: billing
GRIST_LIST_PUBLIC_SITES: false
GRIST_ORG_IN_PATH: false
GRIST_PAGE_TITLE_SUFFIX: _blank
GRIST_FORCE_LOGIN: true
GRIST_SUPPORT_ANON: false
GRIST_THROTTLE_CPU: true
GRIST_SANDBOX_FLAVOR: gvisor
PYTHON_VERSION: 3
PYTHON_VERSION_ON_CREATION: 3
resources:
requests:
cpu: 10m
memory: 250Mi
limits:
memory: 750Mi
service:
app:
controller: grist
ports:
http:
port: 8484
ingress:
app:
annotations:
external-dns.alpha.kubernetes.io/target: external.${SECRET_DOMAIN}
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Media
gethomepage.dev/icon: sh-grist.svg
gethomepage.dev/name: Grist
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |-
proxy_set_header X-Forwarded-Host $http_host;
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
className: external
hosts:
- host: *domain
paths:
- path: /
service:
identifier: app
port: http
persistence:
data:
existingClaim: grist
globalMounts:
- path: /persist