kube/deploy/apps/soft-serve/app/hr.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: &app soft-serve
  namespace: *app
spec:
  chart:
    spec:
      chart: app-template
      version: 1.5.1
      sourceRef:
        name: bjw-s
        kind: HelmRepository
        namespace: flux-system
  values:
    global:
      fullnameOverride: *app
    automountServiceAccountToken: false
    controller:
      type: deployment
      replicas: 1
    image:
      repository: ghcr.io/charmbracelet/soft-serve
      tag: v0.5.5
    podLabels:
      ingress.home.arpa/nginx: "allow"
      db.home.arpa/pg: "pg-default"
    env:
      TZ: "${CONFIG_TZ}"
      SOFT_SERVE_NAME: "BioFlurry"
      SOFT_SERVE_LOG_FORMAT: "json"
      SOFT_SERVE_SSH_LISTEN_ADDR: ":23231"
      SOFT_SERVE_SSH_PUBLIC_URL: "ssh://${APP_DNS_SOFT_SERVE}:22"
      SOFT_SERVE_SSH_KEY_PATH: "/ssh/host-priv"
      SOFT_SERVE_SSH_CLIENT_KEY_PATH: "/ssh/client-priv"
      SOFT_SERVE_GIT_LISTEN_ADDR: ":9418"
      SOFT_SERVE_HTTP_LISTEN_ADDR: ":23232"
      SOFT_SERVE_HTTP_PUBLIC_URL: "https://${APP_DNS_SOFT_SERVE_HTTPS}"
      SOFT_SERVE_STATS_LISTEN_ADDR: ":23233"
      SOFT_SERVE_DB_DRIVER: "postgres"
    envFrom:
      - secretRef:
          name: soft-serve-secrets
    service:
      main:
        enabled: true
        primary: true
        type: ClusterIP
        ports:
          http:
            port: 23232
          stats:
            port: 23233
      expose:
        enabled: true
        type: LoadBalancer
        externalTrafficPolicy: Cluster
        annotations:
          coredns.io/hostname: "${APP_DNS_SOFT_SERVE}"
          "io.cilium/lb-ipam-ips": "${APP_IP_SOFT_SERVE}"
        ports:
          ssh:
            enabled: true
            port: 22
            targetPort: 23231
            protocol: TCP
          git:
            enabled: true
            port: 9418
            targetPort: 9418
            protocol: TCP
    ingress:
      main:
        enabled: true
        primary: true
        ingressClassName: nginx
        hosts:
          - host: &host "${APP_DNS_SOFT_SERVE_HTTPS}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
    podSecurityContext:
      runAsUser: &uid ${APP_UID_SOFT_SERVE}
      runAsGroup: *uid
      fsGroup: *uid
      fsGroupChangePolicy: Always
    persistence:
      data:
        enabled: true
        type: nfs
        server: "${IP_TRUENAS}"
        path: "${PATH_NAS_PERSIST_K8S}/soft-serve"
        mountPath: "/soft-serve"
      ssh:
        enabled: true
        type: secret
        name: soft-serve-ssh
        mountPath: /ssh
        readOnly: true
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
      limits:
        memory: 6000Mi
    initContainers:
      01-init-db:
        image: ghcr.io/onedr0p/postgres-init:14.8@sha256:d8391076d2c6449927a6409c4e72aaa5607c95be51969036f4feeb7c999638ea
        imagePullPolicy: IfNotPresent
        envFrom: [secretRef: {name: soft-serve-pg-superuser}]