---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: onepassword-connect
  namespace: kube-system
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 1.5.1
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    controller:
      annotations:
        reloader.stakater.com/auto: "true"
    image:
      repository: docker.io/1password/connect-api
      tag: 1.7.2
    env:
      OP_BUS_PORT: "11220"
      OP_BUS_PEERS: "localhost:11221"
      OP_HTTP_PORT: &port 8080
      OP_SESSION:
        valueFrom:
          secretKeyRef:
            name: onepassword-connect-secret
            key: 1password-credentials.json
    service:
      main:
        ports:
          http:
            port: *port
    probes:
      liveness:
        enabled: true
        custom: true
        spec:
          httpGet:
            path: /heartbeat
            port: *port
          initialDelaySeconds: 15
          periodSeconds: 30
          failureThreshold: 3
      readiness:
        enabled: true
        custom: true
        spec:
          httpGet:
            path: /health
            port: *port
          initialDelaySeconds: 15
      startup:
        enabled: false
    ingress:
      main:
        enabled: true
        ingressClassName: nginx
        annotations:
          hajimari.io/enable: "false"
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
    podSecurityContext:
      runAsUser: 999
      runAsGroup: 999
    persistence:
      shared:
        enabled: true
        type: emptyDir
        mountPath: /home/opuser/.op/data
    resources:
      requests:
        cpu: 5m
        memory: 10Mi
      limits:
        memory: 100Mi
    sidecars:
      sync:
        image: docker.io/1password/connect-sync:1.7.2
        imagePullPolicy: IfNotPresent
        env:
          - { name: OP_HTTP_PORT, value: &port 8081 }
          - { name: OP_BUS_PORT, value: "11221" }
          - { name: OP_BUS_PEERS, value: "localhost:11220" }
          - name: OP_SESSION
            valueFrom:
              secretKeyRef:
                name: onepassword-connect-secret
                key: 1password-credentials.json
        readinessProbe:
          httpGet:
            path: /health
            port: *port
          initialDelaySeconds: 15
        livenessProbe:
          httpGet:
            path: /heartbeat
            port: *port
          failureThreshold: 3
          periodSeconds: 30
          initialDelaySeconds: 15
        volumeMounts:
          - { name: shared, mountPath: /home/opuser/.op/data }