---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app external-dns-unifi
spec:
  interval: 30m
  chart:
    spec:
      chart: external-dns
      version: 1.15.0
      sourceRef:
        kind: HelmRepository
        name: external-dns
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  values:
    fullnameOverride: *app
    # logLevel: debug
    provider:
      name: webhook
      webhook:
        image:
          repository: ghcr.io/kashalls/external-dns-unifi-webhook
          tag: v0.3.4@sha256:28dc00c7a21f9571d43181fcc0dd3de59e291741f27bc075d7e06378876b2974
        env:
          - name: UNIFI_HOST
            value: https://10.33.44.1
          - name: UNIFI_USER
            valueFrom:
              secretKeyRef:
                name: &secret external-dns-unifi-secret
                key: EXTERNAL_DNS_UNIFI_USER
          - name: UNIFI_PASS
            valueFrom:
              secretKeyRef:
                name: *secret
                key: EXTERNAL_DNS_UNIFI_PASS
          - name: LOG_LEVEL
            value: "debug"
        livenessProbe:
          httpGet:
            path: /healthz
            port: http-webhook
          initialDelaySeconds: 10
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /readyz
            port: http-webhook
          initialDelaySeconds: 10
          timeoutSeconds: 5
    extraArgs:
      - --ignore-ingress-tls-spec
    triggerLoopOnEvent: true
    policy: sync
    sources: ["ingress", "service"]
    txtOwnerId: theshire
    txtPrefix: k8s.theshire.
    domainFilters: ["theshire.internal"]
    serviceMonitor:
      enabled: true
    podAnnotations:
      secret.reloader.stakater.com/reload: *secret