{ kubernetes.resources = { configMaps.freshrss.data = { TZ = "Europe/Amsterdam"; CRON_MIN = "2,32"; ADMIN_EMAIL = "pim@kunis.nl"; PUBLISHED_PORT = "443"; }; secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/sops.yaml#/freshrss/password"; deployments.freshrss = { metadata.labels.app = "freshrss"; spec = { selector.matchLabels.app = "freshrss"; template = { metadata.labels.app = "freshrss"; spec = { volumes.data.persistentVolumeClaim.claimName = "freshrss"; containers.freshrss = { image = "freshrss/freshrss:edge"; envFrom = [{ configMapRef.name = "freshrss"; }]; ports.web.containerPort = 80; env = { ADMIN_PASSWORD.valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; ADMIN_API_PASSWORD.valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; }; volumeMounts = [{ name = "data"; mountPath = "/var/www/FreshRSS/data"; }]; }; }; }; }; }; persistentVolumes.freshrss.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/freshrss/data"; }; }; persistentVolumeClaims.freshrss.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "freshrss"; }; services.freshrss.spec = { selector.app = "freshrss"; ports.web = { port = 80; targetPort = "web"; }; }; ingresses.freshrss = { metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; spec = { ingressClassName = "traefik"; rules = [{ host = "rss.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "freshrss"; port.name = "web"; }; }]; }]; tls = [{ secretName = "freshrss-tls"; hosts = [ "rss.kun.is" ]; }]; }; }; }; }