---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: docker-registry
  namespace: development
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://helm.twun.io
      chart: docker-registry
      version: 1.12.0
      sourceRef:
        kind: HelmRepository
        name: twuni-charts
        namespace: flux-system
      interval: 5m
  values:
    storage: s3

    s3:
      region: "us-east-1"
      regionEndpoint: ${SECRET_MINIO_ENDPOINT}
      bucket: docker-registry
      encrypt: false
      secure: true

    secrets:
      htpasswd: ${SECRET_DOCKER_REGISTRY_HTPASSWD}
      s3:
        accessKey: ${SECRET_MINIO_ACCESS_KEY}
        secretKey: ${SECRET_MINIO_SECRET_KEY}

    service:
      annotations:
        prometheus.io/probe: "true"
        prometheus.io/protocol: http

    ingress:
      enabled: true
      annotations:
        kubernetes.io/ingress.class: "nginx"
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
        nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
        # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
      hosts:
        - "registry.${SECRET_CLUSTER_DOMAIN}"
      tls:
        - hosts:
            - "registry.${SECRET_CLUSTER_DOMAIN}"
          secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"

  # postRenderers:
  #   - kustomize:
  #       patchesJson6902:
  #         - target:
  #             kind: Ingress
  #             name: docker-registry
  #           patch:
  #             - op: add
  #               path: /spec/ingressClassName
  #               value: traefik