---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app gatus
spec:
  interval: 1h
  chartRef:
    kind: OCIRepository
    name: app-template
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  dependsOn:
    - name: rook-ceph-cluster
      namespace: rook-ceph
  values:
    controllers:
      gatus:
        annotations:
          reloader.stakater.com/auto: "true"
        initContainers:
          init-config:
            image:
              repository: ghcr.io/home-operations/k8s-sidecar
              tag: 1.30.5@sha256:0c429f991b01b39e73bf926bfaee8e4ce90eae422789c8c24b8bab4f2739df2b
            env:
              FOLDER: /config
              LABEL: gatus.io/enabled
              NAMESPACE: ALL
              RESOURCE: both
              UNIQUE_FILENAMES: true
              METHOD: WATCH
            restartPolicy: Always
            resources:
              requests:
                cpu: 10m
              limits:
                memory: 128Mi
        containers:
          app:
            image:
              repository: ghcr.io/twin/gatus
              tag: v5.18.1@sha256:97525568fdef34539b1b4d015aef2d1cf6f58f1bc087443387b349940544394d
            env:
              CUSTOM_SECRET_EXTERNAL_DOMAIN: ${SECRET_EXTERNAL_DOMAIN}
              GATUS_CONFIG_PATH: /config
              GATUS_DELAY_START_SECONDS: 5
              TZ: ${TIMEZONE}
              WEB_PORT: &port 8080
            envFrom:
              - secretRef:
                  name: gatus-secret
            probes:
              liveness: &probes
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /health
                    port: *port
                  initialDelaySeconds: 0
                  periodSeconds: 10
                  timeoutSeconds: 1
                  failureThreshold: 6
              readiness: *probes
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: { drop: [ALL] }
            resources:
              requests:
                cpu: 100m
              limits:
                memory: 256Mi
    defaultPodOptions:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: OnRootMismatch
        seccompProfile: { type: RuntimeDefault }
    service:
      app:
        controller: gatus
        ports:
          http:
            port: *port
    ingress:
      app:
        className: external
        annotations:
          gethomepage.dev/enabled: "true"
          gethomepage.dev/name: Gatus
          gethomepage.dev/description: Automated developer-oriented status page.
          gethomepage.dev/group: Applications
          gethomepage.dev/icon: gatus.png
          gethomepage.dev/pod-selector: >-
            app in (
              gatus
            )
        hosts:
          - host: &host "status.${SECRET_EXTERNAL_DOMAIN}"
            paths:
              - path: /
                service:
                  identifier: app
                  port: http
        tls:
          - hosts:
              - *host
    serviceAccount:
      create: true
      name: *app
    persistence:
      config:
        existingClaim: gatus
      config-file:
        type: configMap
        name: gatus-configmap
        globalMounts:
          - path: /config/config.yaml
            subPath: config.yaml
            readOnly: true