---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app onepassword-connect
  namespace: kube-system
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.5.1
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  uninstall:
    keepHistory: false
  values:
    controllers:
      onepassword-connect:
        annotations:
          reloader.stakater.com/auto: "true"
        pod:
          securityContext:
            runAsUser: 999
            runAsGroup: 999
        containers:
          app:
            image:
              # repository: docker.io/1password/connect-api
              repository: ghcr.io/haraldkoch/onepassword-connect-api
              tag: 1.7.2
            env:
              OP_BUS_PORT: "11220"
              OP_BUS_PEERS: "localhost:11221"
              OP_HTTP_PORT: &port 8080
              OP_SESSION:
                valueFrom:
                  secretKeyRef:
                    name: onepassword-connect-secret
                    key: onepassword-credentials.json
            probes:
              liveness:
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /heartbeat
                    port: *port
                  initialDelaySeconds: 15
                  periodSeconds: 30
                  failureThreshold: 3
              readiness:
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /health
                    port: *port
                  initialDelaySeconds: 15
              startup:
                enabled: false
            resources:
              requests:
                cpu: 5m
                memory: 10Mi
              limits:
                memory: 100Mi
          sync:
            # image: docker.io/1password/connect-sync:1.7.0
            image:
              repository: ghcr.io/haraldkoch/onepassword-sync
              tag: 1.7.2
            env:
              - { name: OP_HTTP_PORT, value: &sport 8081 }
              - { name: OP_BUS_PORT, value: "11221" }
              - { name: OP_BUS_PEERS, value: "localhost:11220" }
              - name: OP_SESSION
                valueFrom:
                  secretKeyRef:
                    name: onepassword-connect-secret
                    key: onepassword-credentials.json
            probes:
              readiness:
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /health
                    port: *sport
                  initialDelaySeconds: 15
              liveness:
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /heartbeat
                    port: *sport
                  failureThreshold: 3
                  periodSeconds: 30
                  initialDelaySeconds: 15
    service:
      app:
        controller: *app
        ports:
          http:
            port: *port
    ingress:
      app:
        enabled: true
        className: nginx
        annotations:
          hajimari.io/enable: "false"
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
            paths:
              - path: /
                service:
                  identifier: app
                  port: http
        tls:
          - hosts:
              - *host
    persistence:
      shared:
        type: emptyDir
        globalMounts:
          - path: /home/opuser/.op/data