apiVersion: v1 kind: Namespace metadata: name: portal --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: heimdall-pvc namespace: portal spec: storageClassName: longhorn-static accessModes: - ReadWriteOnce resources: requests: storage: 100Mi --- apiVersion: apps/v1 kind: Deployment metadata: name: heimdall namespace: portal labels: app: heimdall annotations: reloader.stakater.com/auto: "true" spec: replicas: 1 revisionHistoryLimit: 1 strategy: type: Recreate selector: matchLabels: app: heimdall template: metadata: labels: app: heimdall spec: containers: - name: heimdall image: lscr.io/linuxserver/heimdall:latest imagePullPolicy: IfNotPresent ports: - name: svc-ui containerPort: 80 protocol: TCP volumeMounts: - name: heimdall mountPath: /config # - name: heimdall-config # mountPath: /config/www/.env # subPath: .env # - name: heimdall-config # mountPath: /config/www/app.sqlite # subPath: empty.sqlite volumes: - name: heimdall persistentVolumeClaim: claimName: heimdall-pvc # - name: heimdall-config # secret: # secretName: heimdall --- apiVersion: v1 kind: Service metadata: name: heimdall namespace: portal spec: type: ClusterIP selector: app: heimdall ports: - name: http port: 80 protocol: TCP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: heimdall namespace: portal annotations: cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer" cert-manager.io/common-name: "portal.bhasher.com" nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method; spec: ingressClassName: nginx tls: - hosts: - portal.bhasher.com secretName: portal-tls rules: - host: portal.bhasher.com http: paths: - path: / pathType: Prefix backend: service: name: heimdall port: number: 80