apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: guacamole
  namespace: management
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: abesnier/guacamole
      tag: 1.5.4-alpine

    env:
      EXTENSIONS: "auth-sso-openid"
      OPENID_AUTHORIZATION_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/authorize/"
      OPENID_ISSUER: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/"
      OPENID_JWKS_ENDPOINT: "https://auth.${SECRET_NEW_DOMAIN}/application/o/apache-guacamole/jwks/"
      OPENID_REDIRECT_URI: "https://remote.${SECRET_NEW_DOMAIN}/"

    envFrom:
      - secretRef:
          name: guacamole-secret

    service:
      main:
        ports:
          http:
            port: 8080

    probes:
      liveness:
        enabled: false

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &host "remote.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host

    persistence:
      config:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/guacamole
        mountPath: /config

    resources:
      requests:
        cpu: 2m
        memory: 830Mi
        
      limits:
        memory: 1200Mi