apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: firefly-iii
  namespace: default
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: fireflyiii/core
      tag: latest
    
    envFrom:
      - secretRef:
          name: "firefly-env-secret"

    service:
      main:
        ports:
          http:
            port: 8080

    probes:
      liveness:
        enabled: false

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
          - host: &host "budget.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
              - *host
            secretName: wildcard-main-tls
            
    persistence:
      firefly-uploads:
        enabled: true
        type: pvc
        accessMode: ReadWriteOnce
        size: 8Gi
        mountPath: /var/www/html/storage/upload

#    podSecurityContext:
#      runAsNonRoot: true
#      runAsUser: 10000
#      runAsGroup: 10000
#      fsGroup: 10000
#      fsGroupChangePolicy: OnRootMismatch

#    resources:
#      requests:
#        cpu: 1m
#        memory: 275Mi
#      limits:
#        memory: 500Mi