apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: sonarr
  namespace: download
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: ghcr.io/onedr0p/sonarr-develop
      tag: "4.0.1.953"

    # Metrics sidecar
    sidecars:
      exportarr:
        image: ghcr.io/onedr0p/exportarr:v1.6.0
        args:
        - sonarr
        ports:
        - name: metrics
          containerPort: 9000
        env:
        - name: URL
          value: "http://localhost"
        - name: CONFIG
          value: "/config/config.xml"
        - name: PORT
          value: 9000
        - name: ENABLE_ADDITIONAL_METRICS
          value: "true"
        - name: ENABLE_UNKNOWN_QUEUE_ITEMS
          value: "true"
        volumeMounts:
        - name: config
          mountPath: /config
          readOnly: true

    env:
      TZ: America/New_York
      SONARR__AUTHENTICATION_METHOD: "External"

    service:
      main:
        labels:
          app: sonarr-service

        ports:
          http:
            port: 8989

          metrics:
            enabled: true
            port: 9000
            protocol: HTTP

    probes:
      liveness:
        enabled: true
        custom: true
        spec:
          httpGet:
            path: /ping
            port: 8989
          initialDelaySeconds: 0
          periodSeconds: 10
          timeoutSeconds: 1
          failureThreshold: 3
      startup:
        enabled: false

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
          - host: &host "sonarr.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host

    persistence:
      config:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/sonarr
        mountPath: /config
      storage:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Media
        mountPath: /storage

    podSecurityContext:
      runAsNonRoot: true
      runAsUser: 10000
      runAsGroup: 10000
      fsGroup: 10000
      fsGroupChangePolicy: OnRootMismatch

    resources:
      requests:
        cpu: 2m
        memory: 350Mi
      limits:
        memory: 2500Mi