# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/infra.contrib.fluxcd.io/terraform_v1alpha2.json
apiVersion: infra.contrib.fluxcd.io/v1alpha2
kind: Terraform
metadata:
  name: storage-apps
  namespace: flux-system
spec:
  suspend: false
  approvePlan: auto
  interval: 12h
  path: ./storage/apps
  sourceRef:
    kind: OCIRepository
    name: terraform
    namespace: flux-system
  backendConfig:
    disable: true
  cliConfigSecretRef:
    name: tf-controller-tfrc-secret
  runnerPodTemplate:
    spec:
      env:
        - name: OP_CONNECT_HOST
          value: http://onepassword-connect.kube-system.svc.cluster.local:8080
        - name: OP_CONNECT_TOKEN
          valueFrom:
            secretKeyRef:
              name: tf-controller-op-secret
              key: OP_CONNECT_TOKEN
      volumeMounts:
        - name: sops
          mountPath: /home/runner/.config/sops/age/keys.txt
          subPath: keys.txt
      volumes:
        - name: sops
          secret:
            secretName: tf-controller-sops-secret