---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: docker-registry
  namespace: development
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://helm.twun.io
      chart: docker-registry
      version: 1.16.0
      sourceRef:
        kind: HelmRepository
        name: twuni-charts
        namespace: flux-system
      interval: 5m
  values:
    storage: s3

    s3:
      region: "us-east-1"
      regionEndpoint: ${SECRET_MINIO_ENDPOINT}
      bucket: docker-registry
      encrypt: false
      secure: true

    secrets:
      htpasswd: ${SECRET_DOCKER_REGISTRY_HTPASSWD}
      s3:
        accessKey: ${SECRET_MINIO_ACCESS_KEY}
        secretKey: ${SECRET_MINIO_SECRET_KEY}

    service:
      annotations:
        prometheus.io/probe: "true"
        prometheus.io/protocol: http

    ingress:
      enabled: true
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
        nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
        # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
      hosts:
        - "registry.${SECRET_CLUSTER_DOMAIN}"
      tls:
        - hosts:
            - "registry.${SECRET_CLUSTER_DOMAIN}"
          secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"

  postRenderers:
    - kustomize:
        patchesJson6902:
          - target:
              kind: Ingress
              name: docker-registry
            patch:
              - op: add
                path: /spec/ingressClassName
                value: nginx