kubernetes/gabernetes/apps/bookstack/app/helmrelease.yaml

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: bookstack
  namespace: bookstack
spec:
  chart:
    spec:
      chart: bookstack
      version: 0.19.0
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        namespace: flux-system
        name: gabe565
  interval: 1h
  driftDetection:
    mode: enabled
  values:
    controller:
      strategy: RollingUpdate

    env:
      TZ: America/Chicago
      APP_KEY: ${app_key}

      STORAGE_TYPE: s3
      STORAGE_S3_KEY: ${s3_access_key}
      STORAGE_S3_SECRET: ${s3_secret_key}
      STORAGE_S3_BUCKET: bookstack
      STORAGE_S3_REGION: us-central-1
      STORAGE_S3_ENDPOINT: https://${s3_url}
      STORAGE_URL: https://${s3_url}/bookstack

      LOG_FAILED_LOGIN_MESSAGE: Failed login for %u
      AUTH_METHOD: saml2
      AUTH_AUTO_INITIATE: "true"
      SAML2_NAME: Authentik
      SAML2_EMAIL_ATTRIBUTE: email
      SAML2_EXTERNAL_ID_ATTRIBUTE: http://schemas.goauthentik.io/2021/02/saml/username
      SAML2_DISPLAY_NAME_ATTRIBUTES: Name
      SAML2_IDP_ENTITYID: https://${authentik_host}/api/v3/providers/saml/2/metadata/?download
      SAML2_AUTOLOAD_METADATA: "true"

    podLabels:
      policy.gabe565.com/egress-namespace: "true"
      policy.gabe565.com/egress-world: "true"
      policy.gabe565.com/ingress-ingress: "true"

    ingress:
      main:
        enabled: true
        hosts:
          - host: ${app_url}
            paths:
              - path: /
        tls:
          - secretName: ${certificate_name}
            hosts:
              - ${app_url}

    persistence:
      config:
        enabled: true
        type: emptyDir

    secrets:
      app-key:
        enabled: true
        stringData:
          BOOKSTACK_APP_KEY.txt: ${app_key}

    mariadb:
      enabled: true
      auth:
        password: ${mariadb_password}
        rootPassword: ${mariadb_root_password}
      primary:
        extraFlags: |
          --max_statement_time=60
        resources:
          limits:
            cpu: 500m
        persistence:
          enabled: true
          storageClass: longhorn-ssd
          size: 2Gi
        podLabels:
          policy.gabe565.com/ingress-namespace: "true"