---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: tailscale
  namespace: networking
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 2.0.3
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  maxHistory: 2
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    controllers:
      main:
        annotations:
          reloader.stakater.com/auto: "true"
        containers:
          main:
            image:
              repository: ghcr.io/tailscale/tailscale
              tag: v1.52.0
            env:
              TZ: "America/Chicago"
              SA_NAME: valinor-jump
              TS_USERSPACE: true
              TS_KUBE_SECRET: tailscale-state
              TS_EXTRA_ARGS: --advertise-exit-node
              TS_TAILSCALED_EXTRA_ARGS: --debug=0.0.0.0:2000
            envFrom:
              - secretRef:
                  name: tailscale-jump-secret
            resources:
              requests:
                cpu: 5m
                memory: 128M
              limits:
                memory: 256M
        pod:
          securityContext:
            runAsUser: 568
            runAsGroup: 568
    service:
      main:
        ports:
          http:
            port: 2000
    serviceAccount:
      name: tailscale
    serviceMonitor:
      main:
        enabled: true
        endpoints:
          - port: http
            scheme: http
            path: /debug/metrics
            interval: 1m
            scrapeTimeout: 30s