image: repository: ghcr.io/navidrome/navidrome tag: 0.53.3 env: TZ: "Europe/Amsterdam" ND_DATAFOLDER: /config ND_LOGLEVEL: info ND_MUSICFOLDER: /music ND_PORT: 8080 #ND_REVERSEPROXYUSERHEADER: "Remote-User" ND_REVERSEPROXYWHITELIST: "0.0.0.0/0" #ND_SCANSCHEDULE: "@every 1h" ND_SESSIONTIMEOUT: 24h ND_LISTENBRAINZ_ENABLED: "false" ND_LASTFM_ENABLED: "false" ND_PROMETHEUS_ENABLED: "false" ND_ENABLEGRAVATAR: "false" service: main: ports: http: port: 8080 ingress: main: enabled: true ingressClassName: "ingress-external" labels: environment: external annotations: #cert-manager.io/cluster-issuer: vault-issuer nginx.ingress.kubernetes.io/proxy-body-size: 20G kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: letsencrypt external-dns.alpha.kubernetes.io/hostname: music.nold.in external-dns.alpha.kubernetes.io/target: nold.in external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" hosts: - host: music.nold.in paths: - path: / pathType: Prefix tls: - secretName: music-ext-tls hosts: - music.nold.in podSecurityContext: runAsUser: 568 runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: "OnRootMismatch" supplementalGroups: - 100 persistence: config: enabled: true music: enabled: true type: hostPath hostPath: /data/media/music mountPath: /music readOnly: true resources: requests: cpu: 10m memory: 50Mi limits: memory: 2Gi