zoriya/snow
1
0
Fork 0
mirror of https://github.com/zoriya/snow.git synced 2026-06-01 19:25:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add freshrss

Browse Source
This commit is contained in:
Zoe Roux
2026-05-01 22:01:16 +02:00
parent 3f12ca4955
commit af5adef39e
9 changed files with 259 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/freshrss.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: freshrss
namespace: argocd
spec:
project: default
destination:
server: https://kubernetes.default.svc
namespace: freshrss
syncPolicy:
automated:
prune: true
selfHeal: false
syncOptions:
- CreateNamespace=true
source:
repoURL: https://github.com/zoriya/snow
targetRevision: HEAD
path: charts/freshrss
apps/postgres/cluster.yaml
+3
View File
@@ -46,3 +46,6 @@ spec:
- name: kyoo
login: true
disablePastword: true
- name: freshrss
login: true
disablePassword: true
charts/freshrss/database.yaml
+37
View File
@@ -0,0 +1,37 @@
apiVersion: postgresql.cnpg.io/v1
kind: Database
metadata:
name: freshrss-db
namespace: postgres
spec:
name: freshrss
owner: freshrss
cluster:
name: postgres-cluster
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgres-freshrss
spec:
secretName: postgres-freshrss
usages:
- client auth
commonName: freshrss
issuerRef:
name: postgres-ca
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: freshrss-config
data:
config.custom.php: |
<?php
return [
'db' => [
'connection_uri_params' => 'sslmode=verify-full;sslcert=/pg/tls.crt;sslkey=/pg/tls.key;sslrootcert=/pg/ca.crt',
],
];
charts/freshrss/deploy.yaml
+97
View File
@@ -0,0 +1,97 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: freshrss
spec:
selector:
matchLabels:
app.kubernetes.io/name: freshrss
template:
metadata:
labels:
app.kubernetes.io/name: freshrss
spec:
containers:
- name: freshrss
image: docker.io/freshrss/freshrss:1.28.1
env:
- name: TZ
value: UTC
- name: CRON_MIN
value: "1,31"
- name: BASE_URL
value: https://freshrss.sdg.moe
- name: LISTEN
value: "8080"
- name: PGSSLMODE
value: verify-full
- name: PGSSLCERT
value: /pg/tls.crt
- name: PGSSLKEY
value: /pg/tls.key
- name: PGSSLROOTCERT
value: /pg/ca.crt
- name: FRESHRSS_INSTALL
value: --api-enabled --auth-type http_auth --db-base freshrss --db-host postgres-cluster-rw.postgres --db-type pgsql --db-user freshrss --default-user admin --language en
- name: OIDC_ENABLED
value: "1"
- name: OIDC_PROVIDER_METADATA_URL
value: https://authentik.sdg.moe/application/o/freshrss/.well-known/openid-configuration
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: freshrss-oidc
key: clientId
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: freshrss-oidc
key: clientSecret
- name: OIDC_CLIENT_CRYPTO_KEY
valueFrom:
secretKeyRef:
name: freshrss-oidc-crypto
key: key
- name: OIDC_SCOPES
value: openid profile email
- name: OIDC_REMOTE_USER_CLAIM
value: preferred_username
- name: OIDC_X_FORWARDED_HEADERS
value: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
volumeMounts:
- name: freshrss-data
mountPath: /var/www/FreshRSS/data
- name: freshrss-extensions
mountPath: /var/www/FreshRSS/extensions
- name: postgres-cert
mountPath: /pg
- name: freshrss-config
mountPath: /var/www/FreshRSS/data/config.custom.php
subPath: config.custom.php
volumes:
- name: freshrss-data
persistentVolumeClaim:
claimName: freshrss-data
- name: freshrss-extensions
persistentVolumeClaim:
claimName: freshrss-extensions
- name: postgres-cert
secret:
secretName: postgres-freshrss
defaultMode: 0640
- name: freshrss-config
configMap:
name: freshrss-config
securityContext:
fsGroup: 33
charts/freshrss/ingress.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: freshrss
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
spec:
ingressClassName: cilium
rules:
- host: freshrss.sdg.moe
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: freshrss
port:
number: 80
tls:
- hosts:
- freshrss.sdg.moe
secretName: freshrss-tls
charts/freshrss/kustomization.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/name: freshrss
resources:
- deploy.yaml
- svc.yaml
- ingress.yaml
- database.yaml
- pvc.yaml
- oidc.yaml
charts/freshrss/oidc.yaml
+30
View File
@@ -0,0 +1,30 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-oidc
spec:
refreshInterval: 24h
secretStoreRef:
name: bitwarden
kind: ClusterSecretStore
dataFrom:
- extract:
key: freshrss-sso
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-oidc-crypto
spec:
refreshPolicy: CreatedOnce
target:
template:
engineVersion: v2
data:
key: "{{ .password }}"
dataFrom:
- sourceRef:
generatorRef:
apiVersion: generators.external-secrets.io/v1alpha1
kind: ClusterGenerator
name: password
charts/freshrss/pvc.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: freshrss-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: freshrss-extensions
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
charts/freshrss/svc.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: freshrss
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: freshrss
ports:
- name: http
port: 80
targetPort: http