243 lines
7.0 KiB
YAML
243 lines
7.0 KiB
YAML
image:
|
|
repository: cthulhoo/ttrss-fpm-pgsql-static
|
|
pullPolicy: IfNotPresent
|
|
tag: latest@sha256:4ceaa6646e54f39cd69ca188d52a01aba934ade663e0004032ff641184f7eb1a
|
|
nginxImage:
|
|
repository: cthulhoo/ttrss-web-nginx
|
|
pullPolicy: IfNotPresent
|
|
tag: latest@sha256:173390ba072c31081255f1a7f9db01a8559c19d2639d79e390238634d1cc67b6
|
|
updaterImage:
|
|
repository: cthulhoo/ttrss-fpm-pgsql-static
|
|
pullPolicy: IfNotPresent
|
|
tag: latest@sha256:4ceaa6646e54f39cd69ca188d52a01aba934ade663e0004032ff641184f7eb1a
|
|
securityContext:
|
|
container:
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
persistence:
|
|
html:
|
|
enabled: true
|
|
targetSelector:
|
|
main:
|
|
main:
|
|
mountPath: /var/www/html
|
|
nginx:
|
|
nginx:
|
|
mountPath: /var/www/html
|
|
readOnly: true
|
|
updater:
|
|
updater:
|
|
mountPath: /var/www/html
|
|
config:
|
|
enabled: true
|
|
targetSelector:
|
|
main:
|
|
main:
|
|
mountPath: /opt/tt-rss/config.d
|
|
updater:
|
|
updater:
|
|
mountPath: /opt/tt-rss/config.d
|
|
nginx-conf:
|
|
enabled: true
|
|
type: configmap
|
|
objectName: config
|
|
targetSelector:
|
|
nginx:
|
|
nginx:
|
|
mountPath: /etc/nginx/templates/nginx.conf.template
|
|
subPath: nginx.conf.template
|
|
plugins:
|
|
enabled: true
|
|
mountPath: /var/www/html/tt-rss/plugins.local
|
|
themes:
|
|
enabled: true
|
|
mountPath: /var/www/html/tt-rss/themes.local
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: tt-rss
|
|
database: tt-rss
|
|
portal:
|
|
open:
|
|
enabled: true
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
probes:
|
|
liveness:
|
|
type: exec
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- netstat -npl | grep :9000
|
|
readiness:
|
|
type: exec
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- ls /var/www/html/tt-rss/.app_is_ready
|
|
startup:
|
|
type: tcp
|
|
port: "{{ .Values.service.app.ports.app.port }}"
|
|
env:
|
|
TTRSS_SELF_URL_PATH: ""
|
|
# tt-rss tests with "-z" so an empty string should still allow the randomly generated password to be made.
|
|
ADMIN_USER_PASS: ""
|
|
TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}"
|
|
TTRSS_DB_USER: "{{ .Values.cnpg.main.user }}"
|
|
TTRSS_DB_PORT: "5432"
|
|
TTRSS_DB_PASS:
|
|
secretKeyRef:
|
|
name: cnpg-main-user
|
|
key: password
|
|
TTRSS_DB_HOST:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: host
|
|
nginx:
|
|
enabled: true
|
|
type: Deployment
|
|
podSpec:
|
|
containers:
|
|
nginx:
|
|
enabled: true
|
|
primary: true
|
|
imageSelector: nginxImage
|
|
probes:
|
|
readiness:
|
|
enabled: true
|
|
type: http
|
|
path: "/public.php?op=healthcheck"
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
liveness:
|
|
enabled: true
|
|
type: http
|
|
path: "/public.php?op=healthcheck"
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
startup:
|
|
enabled: true
|
|
type: tcp
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
env:
|
|
APP_UPSTREAM: '{{ printf "%s-app" (include "tc.v1.common.lib.chart.names.fullname" .) }}'
|
|
APP_WEB_ROOT: /var/www/html/tt-rss
|
|
APP_BASE: ""
|
|
updater:
|
|
enabled: true
|
|
type: Deployment
|
|
podSpec:
|
|
containers:
|
|
updater:
|
|
enabled: true
|
|
primary: true
|
|
imageSelector: updaterImage
|
|
args: /opt/tt-rss/updater.sh
|
|
probes:
|
|
liveness:
|
|
type: exec
|
|
command:
|
|
- /usr/bin/test
|
|
- -f
|
|
- "/var/www/html/tt-rss/lock/update_daemon.lock"
|
|
readiness:
|
|
type: exec
|
|
command:
|
|
- /usr/bin/test
|
|
- -f
|
|
- "/var/www/html/tt-rss/lock/update_daemon.lock"
|
|
startup:
|
|
type: exec
|
|
command:
|
|
- /usr/bin/test
|
|
- -f
|
|
- "/var/www/html/tt-rss/lock/update_daemon.lock"
|
|
env:
|
|
TTRSS_SELF_URL_PATH: ""
|
|
TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}"
|
|
TTRSS_DB_USER: "{{ .Values.cnpg.main.user }}"
|
|
TTRSS_DB_PORT: "5432"
|
|
TTRSS_DB_PASS:
|
|
secretKeyRef:
|
|
name: cnpg-main-user
|
|
key: password
|
|
TTRSS_DB_HOST:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: host
|
|
service:
|
|
# Main service links to ingress easier (according to nextcloud's values.yaml)
|
|
# That's why the nginx is swapped with app
|
|
main:
|
|
targetSelector: nginx
|
|
ports:
|
|
main:
|
|
targetSelector: nginx
|
|
port: 10104
|
|
app:
|
|
enabled: true
|
|
targetSelector: main
|
|
ports:
|
|
app:
|
|
enabled: true
|
|
targetSelector: main
|
|
port: 9000
|
|
targetPort: 9000
|
|
configmap:
|
|
config:
|
|
enabled: true
|
|
data:
|
|
nginx.conf.template: |-
|
|
worker_processes auto;
|
|
pid /var/run/nginx.pid;
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr warn;
|
|
sendfile on;
|
|
index index.php;
|
|
# Removed during app integration to Truecharts.
|
|
# See: https://github.com/truecharts/charts/pull/17293#discussion_r1461102952
|
|
#resolver ${RESOLVER} valid=5s;
|
|
server {
|
|
listen {{ .Values.service.main.ports.main.port }};
|
|
root ${APP_WEB_ROOT};
|
|
location ${APP_BASE}/cache {
|
|
aio threads;
|
|
internal;
|
|
}
|
|
location ${APP_BASE}/backups {
|
|
internal;
|
|
}
|
|
rewrite ${APP_BASE}/healthz ${APP_BASE}/public.php?op=healthcheck;
|
|
location ~ \.php$ {
|
|
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
# Check that the PHP script exists before passing it
|
|
try_files $fastcgi_script_name =404;
|
|
# Bypass the fact that try_files resets $fastcgi_path_info
|
|
# see: http://trac.nginx.org/nginx/ticket/321
|
|
set $path_info $fastcgi_path_info;
|
|
fastcgi_param PATH_INFO $path_info;
|
|
fastcgi_index index.php;
|
|
include fastcgi.conf;
|
|
# See note for `resolver` line above
|
|
#set $backend "${APP_UPSTREAM}:9000";
|
|
# See note for `resolver` line above
|
|
#fastcgi_pass $backend;
|
|
fastcgi_pass ${APP_UPSTREAM}:9000;
|
|
}
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
}
|
|
}
|