apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: guacamole
  namespace: management
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: git.seanomik.net/seanomik/guacamole-sso-openid
      tag: 1.5.0

    sidecars:
      guacd:
        image: guacamole/guacd:1.5.0
        imagePullPolicy: Always

    env:
      GUACD_HOSTNAME: "localhost"
      GUACD_PORT: "4822"
      EXTENSIONS: "auth-openid"
      OPENID_AUTHORIZATION_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/authorize/"
      OPENID_ISSUER: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/"
      OPENID_JWKS_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/jwks/"
      OPENID_REDIRECT_URI: "https://remote.${SECRET_NEW_DOMAIN}/"

    service:
      main:
        ports:
          http:
            port: 8080

    probes:
      liveness:
        enabled: false

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &host "remote.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
            secretName: wildcard-main-tls

    persistence:
      config:
        enabled: true
        type: configMap
        hostPath: /mnt/MainPool/Kubernetes/guacamole
        mountPath: /config
#      config:
#        enabled: true
#        type: configMap
#        name: guacamole-properties

    resources:
      requests:
        cpu: 2m
        memory: 830Mi
        
      limits:
        memory: 1200Mi