185 lines
6.2 KiB
YAML
185 lines
6.2 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-ngx"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: "wrenix-helm-charts"
|
|
namespace: "flux-system"
|
|
chart: "./paperless-ngx"
|
|
reconcileStrategy: "Revision"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
valuesFrom:
|
|
- name: {{ .Release.Name }}
|
|
kind: Secret
|
|
valuesKey: "DB_PASS"
|
|
targetPath: "config.database.pass"
|
|
- name: {{ .Release.Name }}
|
|
kind: Secret
|
|
valuesKey: "ADMIN_PASS"
|
|
targetPath: "env.PAPERLESS_ADMIN_PASSWORD"
|
|
- name: {{ .Release.Name }}
|
|
kind: Secret
|
|
valuesKey: "EMAIL_PASS"
|
|
targetPath: "env.PAPERLESS_EMAIL_HOST_PASSWORD"
|
|
optional: true
|
|
- name: {{ .Release.Name }}
|
|
kind: Secret
|
|
valuesKey: "oidc"
|
|
values:
|
|
{{- $host := .Values.ingress.host | default (printf "paperless.%s" .Values.commons.ingress.domain) }}
|
|
config:
|
|
redis:
|
|
prefix: {{ .Release.Name }}
|
|
database:
|
|
engine: postgres
|
|
host: {{ .Values.database.host | quote }}
|
|
name: {{ .Values.database.name | quote }}
|
|
user: {{ .Values.database.username | quote }}
|
|
apps: allauth.socialaccount.providers.openid_connect
|
|
oidcProviders:
|
|
openid_connect:
|
|
OAUTH_PKCE_ENABLED: true
|
|
env:
|
|
PAPERLESS_APP_TITLE: {{ .Values.commons.theme.title }}
|
|
PAPERLESS_ADMIN_USER: admin
|
|
|
|
PAPERLESS_EMAIL_HOST: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
|
|
PAPERLESS_EMAIL_PORT: 587
|
|
PAPERLESS_EMAIL_HOST_USER: {{ .Values.commons.mail.username | quote }}
|
|
PAPERLESS_EMAIL_FROM: {{ .Values.mail.from | default (printf "\"[%s] %s\" <%s>" .Values.commons.theme.title "paperless" .Values.commons.mail.from) | quote }}
|
|
PAPERLESS_EMAIL_USE_TLS: true
|
|
{{- with .Values.env }}
|
|
{{- toYaml . | nindent 6 }}
|
|
{{- end }}
|
|
|
|
podLabels:
|
|
"{{ .Release.Name }}-ngx-redis-client": "true"
|
|
postgresql:
|
|
enabled: false
|
|
redis:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
prometheusRule:
|
|
# empty rules
|
|
enabled: false
|
|
# {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
|
|
rules: []
|
|
networkPolicy:
|
|
allowExternal: false
|
|
allowExternalEgress: false
|
|
metrics:
|
|
allowExternal: false
|
|
{{- with .Values.commons.networkpolicies.from.metrics }}
|
|
{{- $nsMetrics := first . }}
|
|
ingressNSMatchLabels:
|
|
{{- toYaml $nsMetrics.namespaceSelector.matchLabels | nindent 12 }}
|
|
ingressNSPodMatchLabels:
|
|
{{- toYaml $nsMetrics.podSelector.matchLabels | nindent 12 }}
|
|
{{- end }}
|
|
|
|
networkPolicy:
|
|
enabled: true
|
|
ingress:
|
|
http:
|
|
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }}
|
|
metrics:
|
|
{{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }}
|
|
egress:
|
|
enabled: true
|
|
dns:
|
|
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 10 }}
|
|
database:
|
|
- ports:
|
|
- port: 6379
|
|
protocol: TCP
|
|
to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: "{{ .Release.Name }}-ngx"
|
|
app.kubernetes.io/name: redis
|
|
app.kubernetes.io/component: master
|
|
{{- with .Values.commons.networkpolicies.to.database }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
|
|
extra:
|
|
- ports:
|
|
- port: 443
|
|
protocol: TCP
|
|
to:
|
|
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 14 }}
|
|
{{- with .Values.commons.networkpolicies.to.smtp }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
hosts:
|
|
- host: "{{ $host }}"
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-paperless-cert"
|
|
hosts:
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
persistence:
|
|
enabled: true
|
|
size: {{ .Values.persistence.size }}
|
|
{{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
|
|
storageClass: {{ . }}
|
|
{{- end }}
|
|
{{- if .Values.commons.persistence.hostPath.enabled }}
|
|
hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/paperless"
|
|
{{- end }}
|
|
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
grafana:
|
|
dashboards:
|
|
enabled: true
|
|
labels:
|
|
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
|
|
annotations:
|
|
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}
|