{ kubernetes.resources = { secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; deployments.server = { metadata.labels.app = "freshrss"; spec = { selector.matchLabels.app = "freshrss"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "freshrss"; spec = { containers.freshrss = { image = "freshrss/freshrss:1.24.1"; imagePullPolicy = "Always"; ports.web.containerPort = 80; env = { TZ.value = "Europe/Amsterdam"; CRON_MIN.value = "2,32"; ADMIN_EMAIL.value = "pim@kunis.nl"; PUBLISHED_PORT.value = "443"; ADMIN_PASSWORD.valueFrom.secretKeyRef = { name = "server"; key = "adminPassword"; }; ADMIN_API_PASSWORD.valueFrom.secretKeyRef = { name = "server"; key = "adminPassword"; }; }; volumeMounts = [{ name = "data"; mountPath = "/var/www/FreshRSS/data"; }]; }; volumes.data.persistentVolumeClaim.claimName = "data"; securityContext = { fsGroup = 33; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; }; services.web.spec = { selector.app = "freshrss"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.web = { host = "rss.kun.is"; service = { name = "web"; portName = "web"; }; }; longhorn.persistentVolumeClaim.data = { volumeName = "freshrss"; storage = "1Gi"; }; }; }