# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: radarr
  namespace: download
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 3.4.0
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    controllers:
      radarr:
        initContainers:
          init-db:
            image:
              repository: ghcr.io/onedr0p/postgres-init
              tag: 16
            env:
              INIT_POSTGRES_DBNAME: &dbName radarr_main
              INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
              INIT_POSTGRES_PORT: &dbPort "5432"
            envFrom: &envFrom
              - secretRef:
                  name: radarr-secret

        containers:
          app:
            image:
              repository: ghcr.io/onedr0p/radarr-develop
              tag: 5.15.1.9463
            envFrom: *envFrom
            env:
              TZ: America/New_York
              RADARR__APP__INSTANCENAME: Radarr
              RADARR__APP__THEME: dark
              RADARR__AUTH__METHOD: External
              RADARR__AUTH__REQUIRED: DisabledForLocalAddresses
              RADARR__LOG__DBENABLED: "False"
              RADARR__LOG__LEVEL: info
              RADARR__POSTGRES__HOST: *dbHost
              RADARR__POSTGRES__PORT: *dbPort
              RADARR__POSTGRES__MAINDB: *dbName
              RADARR__SERVER__PORT: &port 7878
              RADARR__UPDATE__BRANCH: develop
            probes:
              liveness: &probes
                enabled: true
                custom: true
                spec:
                  httpGet:
                    path: /ping
                    port: *port
                  initialDelaySeconds: 0
                  periodSeconds: 10
                  timeoutSeconds: 1
                  failureThreshold: 3
              readiness: *probes
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: { drop: ["ALL"] }
            resources:
              requests:
                memory: 100Mi
              limits:
                memory: 4Gi

          exportarr:
            image:
              repository: ghcr.io/onedr0p/exportarr
              tag: v2.0.1
            args:
            - radarr
            env:
            - name: URL
              value: "http://localhost"
            - name: PORT
              value: &metricsPort 9000
            - name: ENABLE_ADDITIONAL_METRICS
              value: "true"
            - name: ENABLE_UNKNOWN_QUEUE_ITEMS
              value: "true"
            - name: API_KEY
              secretKeyRef:
                name: radarr-secret
                key: RADARR__AUTH__APIKEY
    defaultPodOptions:
      securityContext:
        runAsNonRoot: true
        runAsUser: 10000
        runAsGroup: 10000
        fsGroup: 10000
        fsGroupChangePolicy: OnRootMismatch

    service:
      app:
        controller: radarr

        ports:
          http:
            port: *port
          metrics:
            port: *metricsPort
            protocol: HTTP

    ingress:
      app:
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd

        hosts:
        - host: "radarr.${SECRET_NEW_DOMAIN}"
          paths:
          - path: /
            service:
              identifier: app
              port: http

    persistence:
      config:
        #type: hostPath
        #hostPath: /mnt/MainPool/Kubernetes/radarr
        existingClaim: radarr
        globalMounts:
          - path: /config
#          main: # controller name
#            radarr: # container name
#            - path: /config
#            exportarr:
#            - path: /config
#              readOnly: true
      storage:
        type: hostPath
        hostPath: /mnt/MainPool/Media
        advancedMounts:
          radarr: # controller name
            app: # container name
            - path: /storage