Gluttony-Cluster/firefly-iii/helmrelease-firefly-iii.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: firefly
  namespace: firefly-ns
spec:
  chart:
    spec:
      chart: firefly-iii
      sourceRef:
        kind: HelmRepository
        name: firefly-iii
        namespace: flux-system
  interval: 15m0s
  timeout: 5m
  releaseName: firefly-iii
  values:
    replicaCount: 1

    image:
      repository: "fireflyiii/core"
      pullPolicy: IfNotPresent
      tag: version-6.1.6

    imagePullSecrets: []
    nameOverride: ""
    fullnameOverride: ""

    persistence:
      # -- If you set this to false, uploaded attachments are not stored persistently and will be lost with every restart of the pod
      enabled: true
      storageClassName: "longhorn"
      accessModes: ReadWriteOnce
      storage: 20Gi
      # -- If you want to use an existing claim, set it here
      existingClaim: ""

    # -- Environment variables for Firefly III. See docs at: https://github.com/firefly-iii/firefly-iii/blob/main/.env.example
    config:
      # -- Set this to the name of a secret to load environment variables from. If defined, values in the secret will override values in config.env
      existingSecret: "firefly-iii-secret"

      # -- Set environment variables from configMaps or Secrets
      envValueFrom: {}

      # -- Directly defined environment variables. Use this for non-secret configuration values.
      env:
        DB_HOST: postgresql.postgresql-system.svc.cluster.local
        DB_CONNECTION: pgsql
        DB_PORT: "5432"
        DB_DATABASE: firefly
        DB_USERNAME: firefly
        DEFAULT_LANGUAGE: "en_US"
        DEFAULT_LOCALE: "equal"
        TZ: "America/New_York"
        TRUSTED_PROXIES: "**"
        APP_URL: "https://money.clortox.com"
        AUTHENTICATION_GUARD: "remote_user_guard"
        AUTHENTICATION_GUARD_HEADER: "X-authentik-email"


    # -- Create a new Secret from values file to store sensitive environment variables. Make sure to keep your secrets encrypted in the repository! For example, you can use the 'helm secrets' plugin (https://github.com/jkroepke/helm-secrets) to encrypt and manage secrets. If the 'config.existingSecret' value is set, a new Secret will not be created.
    secrets:
      env:
        APP_PASSWORD: "CHANGE_ENCRYPT_ME"
        DB_PASSWORD: "CHANGE_ENCRYPT_ME"

    # -- A cronjob for [recurring Firefly III tasks](https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/).
    cronjob:
      # -- Set to true to enable the CronJob. Note that you need to specify either cronjob.auth.existingSecret or cronjob.auth.token for it to actually be deployed.
      enabled: false

      # -- Authorization for the CronJob. See https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/#request-a-page-over-the-web
      auth:
        # -- The name of a secret containing a data.token field with the cronjob token
        existingSecret: ""

        # -- The name of the key in the existing secret to get the cronjob token from
        secretKey: "token"

        # -- The token in plain text
        token: ""

      # -- Annotations for the CronJob
      annotations: {}

      # -- When to run the CronJob. Defaults to 03:00 as this is when Firefly III executes regular tasks.
      schedule: "0 3 * * *"

      # -- How many pods to keep around for successful jobs
      successfulJobsHistoryLimit: 3

      # -- How many pods to keep around for failed jobs
      failedJobsHistoryLimit: 1

      # -- How to treat failed jobs
      restartPolicy: OnFailure

      image:
        repository: curlimages/curl
        pullPolicy: IfNotPresent
        tag: 7.81.0

      imagePullSecrets: []

      podAnnotations: {}

      securityContext: {}

      podSecurityContext: {}

      resources: {}

      nodeSelector: {}

      tolerations: []

      affinity: {}

    podAnnotations: {}

    podSecurityContext: {}
      # fsGroup: 2000

    securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

    service:
      type: LoadBalancer
      port: 80

    ingress:
      enabled: false
      className: ""
      annotations: {}
        # kubernetes.io/ingress.class: nginx
        # kubernetes.io/tls-acme: "true"
      hosts:
        - chart-example.local
      tls: []
      #  - secretName: chart-example-tls
      #    hosts:
      #      - chart-example.local

    resources: {}
      # We usually recommend not to specify default resources and to leave this as a conscious
      # choice for the user. This also increases chances charts run on environments with little
      # resources, such as Minikube. If you do want to specify resources, uncomment the following
      # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      # limits:
      #   cpu: 100m
      #   memory: 128Mi
      # requests:
      #   cpu: 100m
      #   memory: 128Mi

    autoscaling:
      enabled: false
      minReplicas: 1
      maxReplicas: 100
      targetCPUUtilizationPercentage: 80
      # targetMemoryUtilizationPercentage: 80

    nodeSelector: {}

    tolerations: []

    affinity: {}