---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: ingress-nginx
  namespace: networking
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://kubernetes.github.io/ingress-nginx
      chart: ingress-nginx
      version: 4.2.0
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx-charts
        namespace: flux-system
      interval: 5m
  values:
    controller:
      replicaCount: 2
      service:
        type: LoadBalancer
        externalIPs:
          - ${CLUSTER_LB_NGINX}
        externalTrafficPolicy: Local
      publishService:
        enabled: true

      config:
        ssl-protocols: "TLSv1.3 TLSv1.2"
        custom-http-errors: |
          401,403,404,500,501,502,503
        enable-vts-status: "false"
        hsts-max-age: "31449600"
        proxy-body-size: "50m"

      extraArgs:
        default-ssl-certificate: "networking/${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"

      resources:
        requests:
          memory: 250Mi
          cpu: 50m

      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
          namespace: networking
          namespaceSelector:
            any: true

      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app.kubernetes.io/name
                      operator: In
                      values:
                        - ingress-nginx
                topologyKey: kubernetes.io/hostname

    defaultBackend:
      enabled: true
      image:
        repository: ghcr.io/tarampampam/error-pages
        tag: 2.16.0
      extraEnvs:
        - name: TEMPLATE_NAME
          value: l7-light
        - name: SHOW_DETAILS
          value: "true"
      resources:
        requests:
          memory: 250Mi
          cpu: 25m