---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: &app homelab-truenas-certs-deploy
  namespace: default
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.0.4
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  uninstall:
    keepHistory: false
  values:
    controllers:
      homelab-truenas-certs-deploy:
        type: cronjob
        cronjob:
          concurrencyPolicy: Forbid
          schedule: "@daily"
        containers:
          app:
            image:
              repository: ghcr.io/auricom/kubectl
              tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
            command: [/bin/bash, /app/truenas-certs-deploy.sh]
            env:
              HOSTNAME: truenas
              TRUENAS_HOME: /mnt/storage/home/homelab
              CERTS_DEPLOY_MINIO_ENABLED: "True"
              CERTS_DEPLOY_POSTGRESQL_ENABLED: "True"
            envFrom: &envFrom
              - secretRef:
                  name: &secret homelab-truenas-secret
          truenas-remote-certs-deploy:
            image:
              repository: ghcr.io/auricom/kubectl
              tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
            command: [/bin/bash, /app/truenas-certs-deploy.sh]
            env:
              HOSTNAME: truenas-remote
              TRUENAS_HOME: /mnt/vol1/home/homelab
              CERTS_DEPLOY_MINIO_ENABLED: "False"
              CERTS_DEPLOY_POSTGRESQL_ENABLED: "False"
            envFrom: *envFrom
    service:
      app:
        controller: *app
        enabled: false
    persistence:
      config:
        enabled: true
        type: configMap
        name: homelab-truenas-certs-deploy-configmap
        defaultMode: 0775
        globalMounts:
          - path: /app/truenas-certs-deploy.sh
            subPath: truenas-certs-deploy.sh
            readOnly: true
      config-python:
        type: configMap
        name: homelab-truenas-certs-deploy-configmap
        defaultMode: 0775
        globalMounts:
          - path: /app/truenas-certs-deploy.py
            subPath: truenas-certs-deploy.py
            readOnly: true
      ssh:
        type: secret
        name: *secret
        defaultMode: 0775
        globalMounts:
          - path: /opt/id_rsa
            subPath: TRUENAS_SSH_KEY
            readOnly: true