174 lines
5.1 KiB
YAML
174 lines
5.1 KiB
YAML
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||
|
kind: HelmRelease
|
||
|
metadata:
|
||
|
name: firefly
|
||
|
namespace: firefly-ns
|
||
|
spec:
|
||
|
chart:
|
||
|
spec:
|
||
|
chart: firefly-iii
|
||
|
sourceRef:
|
||
|
kind: HelmRepository
|
||
|
name: firefly-iii
|
||
|
namespace: flux-system
|
||
|
interval: 15m0s
|
||
|
timeout: 5m
|
||
|
releaseName: firefly-iii
|
||
|
values:
|
||
|
replicaCount: 1
|
||
|
|
||
|
image:
|
||
|
repository: "fireflyiii/core"
|
||
|
pullPolicy: IfNotPresent
|
||
|
tag: version-6.1.6
|
||
|
|
||
|
imagePullSecrets: []
|
||
|
nameOverride: ""
|
||
|
fullnameOverride: ""
|
||
|
|
||
|
persistence:
|
||
|
# -- If you set this to false, uploaded attachments are not stored persistently and will be lost with every restart of the pod
|
||
|
enabled: true
|
||
|
storageClassName: "longhorn"
|
||
|
accessModes: ReadWriteMany
|
||
|
storage: 20Gi
|
||
|
# -- If you want to use an existing claim, set it here
|
||
|
existingClaim: ""
|
||
|
|
||
|
# -- Environment variables for Firefly III. See docs at: https://github.com/firefly-iii/firefly-iii/blob/main/.env.example
|
||
|
config:
|
||
|
# -- Set this to the name of a secret to load environment variables from. If defined, values in the secret will override values in config.env
|
||
|
existingSecret: "firefly-iii-secret"
|
||
|
|
||
|
# -- Set environment variables from configMaps or Secrets
|
||
|
envValueFrom: {}
|
||
|
|
||
|
# -- Directly defined environment variables. Use this for non-secret configuration values.
|
||
|
env:
|
||
|
DB_HOST: postgresql.postgresql-system.svc.cluster.local
|
||
|
DB_CONNECTION: pgsql
|
||
|
DB_PORT: "5432"
|
||
|
DB_DATABASE: firefly
|
||
|
DB_USERNAME: firefly
|
||
|
DEFAULT_LANGUAGE: "en_US"
|
||
|
DEFAULT_LOCALE: "equal"
|
||
|
TZ: "America/New_York"
|
||
|
TRUSTED_PROXIES: "**"
|
||
|
APP_URL: "https://money.clortox.com"
|
||
|
AUTHENTICATION_GUARD: "remote_user_guard"
|
||
|
AUTHENTICATION_GUARD_HEADER: "X-authentik-email"
|
||
|
|
||
|
|
||
|
# -- Create a new Secret from values file to store sensitive environment variables. Make sure to keep your secrets encrypted in the repository! For example, you can use the 'helm secrets' plugin (https://github.com/jkroepke/helm-secrets) to encrypt and manage secrets. If the 'config.existingSecret' value is set, a new Secret will not be created.
|
||
|
secrets:
|
||
|
env:
|
||
|
APP_PASSWORD: "CHANGE_ENCRYPT_ME"
|
||
|
DB_PASSWORD: "CHANGE_ENCRYPT_ME"
|
||
|
|
||
|
# -- A cronjob for [recurring Firefly III tasks](https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/).
|
||
|
cronjob:
|
||
|
# -- Set to true to enable the CronJob. Note that you need to specify either cronjob.auth.existingSecret or cronjob.auth.token for it to actually be deployed.
|
||
|
enabled: false
|
||
|
|
||
|
# -- Authorization for the CronJob. See https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/#request-a-page-over-the-web
|
||
|
auth:
|
||
|
# -- The name of a secret containing a data.token field with the cronjob token
|
||
|
existingSecret: ""
|
||
|
|
||
|
# -- The name of the key in the existing secret to get the cronjob token from
|
||
|
secretKey: "token"
|
||
|
|
||
|
# -- The token in plain text
|
||
|
token: ""
|
||
|
|
||
|
# -- Annotations for the CronJob
|
||
|
annotations: {}
|
||
|
|
||
|
# -- When to run the CronJob. Defaults to 03:00 as this is when Firefly III executes regular tasks.
|
||
|
schedule: "0 3 * * *"
|
||
|
|
||
|
# -- How many pods to keep around for successful jobs
|
||
|
successfulJobsHistoryLimit: 3
|
||
|
|
||
|
# -- How many pods to keep around for failed jobs
|
||
|
failedJobsHistoryLimit: 1
|
||
|
|
||
|
# -- How to treat failed jobs
|
||
|
restartPolicy: OnFailure
|
||
|
|
||
|
image:
|
||
|
repository: curlimages/curl
|
||
|
pullPolicy: IfNotPresent
|
||
|
tag: 7.81.0
|
||
|
|
||
|
imagePullSecrets: []
|
||
|
|
||
|
podAnnotations: {}
|
||
|
|
||
|
securityContext: {}
|
||
|
|
||
|
podSecurityContext: {}
|
||
|
|
||
|
resources: {}
|
||
|
|
||
|
nodeSelector: {}
|
||
|
|
||
|
tolerations: []
|
||
|
|
||
|
affinity: {}
|
||
|
|
||
|
podAnnotations: {}
|
||
|
|
||
|
podSecurityContext: {}
|
||
|
# fsGroup: 2000
|
||
|
|
||
|
securityContext: {}
|
||
|
# capabilities:
|
||
|
# drop:
|
||
|
# - ALL
|
||
|
# readOnlyRootFilesystem: true
|
||
|
# runAsNonRoot: true
|
||
|
# runAsUser: 1000
|
||
|
|
||
|
service:
|
||
|
type: LoadBalancer
|
||
|
port: 80
|
||
|
|
||
|
ingress:
|
||
|
enabled: false
|
||
|
className: ""
|
||
|
annotations: {}
|
||
|
# kubernetes.io/ingress.class: nginx
|
||
|
# kubernetes.io/tls-acme: "true"
|
||
|
hosts:
|
||
|
- chart-example.local
|
||
|
tls: []
|
||
|
# - secretName: chart-example-tls
|
||
|
# hosts:
|
||
|
# - chart-example.local
|
||
|
|
||
|
resources: {}
|
||
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||
|
# choice for the user. This also increases chances charts run on environments with little
|
||
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||
|
# limits:
|
||
|
# cpu: 100m
|
||
|
# memory: 128Mi
|
||
|
# requests:
|
||
|
# cpu: 100m
|
||
|
# memory: 128Mi
|
||
|
|
||
|
autoscaling:
|
||
|
enabled: false
|
||
|
minReplicas: 1
|
||
|
maxReplicas: 100
|
||
|
targetCPUUtilizationPercentage: 80
|
||
|
# targetMemoryUtilizationPercentage: 80
|
||
|
|
||
|
nodeSelector: {}
|
||
|
|
||
|
tolerations: []
|
||
|
|
||
|
affinity: {}
|