From 918182fb8ad0e5b53172b53eab58580ae88289de Mon Sep 17 00:00:00 2001 From: James Blair Date: Fri, 27 May 2022 09:10:15 +0000 Subject: [PATCH] Enabled ingress for jellyfin chart. --- jellyfin/values.yaml | 75 +++++++++++++------------------------------- 1 file changed, 21 insertions(+), 54 deletions(-) diff --git a/jellyfin/values.yaml b/jellyfin/values.yaml index 1ee18db..99f6fee 100644 --- a/jellyfin/values.yaml +++ b/jellyfin/values.yaml @@ -1,7 +1,4 @@ -# Default values for jellyfin. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - +# Defaults for jellyfin replicaCount: 1 image: @@ -15,49 +12,36 @@ fullnameOverride: "" service: type: ClusterIP port: 8096 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## annotations: {} labels: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank - ## loadBalancerIP: - # loadBalancerSourceRanges: [] - ## Set the externalTrafficPolicy in the Service to either Cluster or Local - # externalTrafficPolicy: Cluster ingress: - enabled: false + enabled: true annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 10G + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/configuration-snippet: | + more_clear_headers "X-Powered-By" + more_set_headers "X-XSS-Protection: 1"; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; + more_set_headers "Permissions-Policy: geolocation=(none);midi=(self);notifications=(self);push=(self);sync-xhr=();microphone=(none);camera=(none);magnetometer=(none);gyroscope=(none);speaker=(self);vibrate=(self);fullscreen=(self);payment=(none);"; + more_set_headers "Content-Security-Policy: base-uri 'none'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"; path: / hosts: - jellyfin.jamma.dev tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + - secretName: tls-jamma-jellyfin + hosts: + - jellyfin.jamma.dev persistence: config: enabled: true - ## jellyfin configuration data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable # existingClaim: your-claim @@ -66,19 +50,6 @@ persistence: size: 1Gi media: enabled: false - ## Directory where media is persisted - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - # subPath: some-subpath accessMode: ReadWriteOnce size: 10Gi extraExistingClaimMounts: [] @@ -90,16 +61,12 @@ persistence: # readOnly: true resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + limits: + cpu: 10 + memory: 8Gi + requests: + cpu: 100m + memory: 128Mi nodeSelector: {}