kubernetes/gabernetes/apps/zwave-js-ui/app/helmrelease.yaml

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.5.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: zwave-js-ui
  namespace: zwave-js-ui
spec:
  chart:
    spec:
      chart: app-template
      version: 3.5.1
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        namespace: flux-system
        name: bjw-s
  interval: 1h
  driftDetection:
    mode: enabled
  values:
    controllers:
      zwave-js-ui:
        containers:
          app:
            image:
              repository: ghcr.io/zwave-js/zwave-js-ui
              tag: 9.27.3@sha256:85cf89fd94d6bea7a73a614964ed3cd656e56747cec53d5b5c1d75dab42ab91c
              pullPolicy: IfNotPresent
            env:
              TZ: America/Chicago
              FORCE_DISABLE_SSL: "true"
              TRUST_PROXY: 10.42.0.0/16
            resources:
              requests:
                squat.ai/zwave: 1
              limits:
                squat.ai/zwave: 1
            probes:
              startup:
                enabled: true
                spec:
                  failureThreshold: 30
                  periodSeconds: 5
              liveness:
                enabled: true
              readiness:
                enabled: true
            securityContext:
              readOnlyRootFilesystem: true
        pod:
          labels:
            policy.gabe565.com/egress-world: "true"
            policy.gabe565.com/ingress-home-assistant: "true"
            policy.gabe565.com/ingress-ingress: "true"

    persistence:
      config:
        enabled: true
        accessMode: ReadWriteOnce
        size: 128Mi
        globalMounts:
          - path: /usr/src/app/store
      data:
        enabled: true
        type: emptyDir

    service:
      zwave-js-ui:
        controller: zwave-js-ui
        ports:
          http:
            primary: true
            port: 8091
          websocket:
            port: 3000

    ingress:
      zwave-js-ui:
        enabled: true
        annotations:
          nginx.ingress.kubernetes.io/auth-url: |-
            http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
          nginx.ingress.kubernetes.io/auth-signin: |-
            /outpost.goauthentik.io/start?rd=$escaped_request_uri
          nginx.ingress.kubernetes.io/auth-response-headers: |-
            Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
          nginx.ingress.kubernetes.io/auth-snippet: |
            proxy_set_header X-Forwarded-Host $http_host;
        hosts:
          - host: ${app_url}
            paths:
              - path: /
                service:
                  identifier: zwave-js-ui
                  port: http
        tls: &tls
          - secretName: ${certificate_name}
            hosts:
              - ${app_url}
      remove-sw:
        enabled: true
        annotations:
          nginx.ingress.kubernetes.io/configuration-snippet: |
            add_header Content-Type application/javascript;
            return 200 "self.addEventListener('install', event => { event.waitUntil(self.skipWaiting()) })";
        hosts:
          - host: ${app_url}
            paths:
              - path: /sw.js
                pathType: Exact
                service:
                  identifier: zwave-js-ui
                  port: http
        tls: *tls