apiVersion: apps/v1
kind: Deployment
metadata:
  name: freshrss
  labels:
    app.kubernetes.io/controller: main
    app.kubernetes.io/instance: freshrss
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: freshrss
    helm.sh/chart: freshrss-4.6.2
  namespace: freshrss
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/controller: main
      app.kubernetes.io/name: freshrss
      app.kubernetes.io/instance: freshrss
  template:
    metadata:
      labels:
        app.kubernetes.io/controller: main
        app.kubernetes.io/instance: freshrss
        app.kubernetes.io/name: freshrss
    spec:
      enableServiceLinks: false
      serviceAccountName: default
      automountServiceAccountToken: true
      hostIPC: false
      hostNetwork: false
      hostPID: false
      dnsPolicy: ClusterFirst
      containers:
        - env:
            - name: PGID
              value: "568"
            - name: PUID
              value: "568"
            - name: TZ
              value: America/Chicago
            - name: FRESHRSS_ENV
              value: production
            - name: CRON_MIN
              value: 13,43
            - name: BASE_URL
              value: https://rss.alexlebens.dev
            - name: DB_HOST
              valueFrom:
                secretKeyRef:
                  key: host
                  name: freshrss-postgresql-18-cluster-app
            - name: DB_BASE
              valueFrom:
                secretKeyRef:
                  key: dbname
                  name: freshrss-postgresql-18-cluster-app
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  key: user
                  name: freshrss-postgresql-18-cluster-app
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: freshrss-postgresql-18-cluster-app
            - name: FRESHRSS_INSTALL
              value: |
                --api-enabled
                --base-url $(BASE_URL)
                --db-base $(DB_BASE)
                --db-host $(DB_HOST)
                --db-password $(DB_PASSWORD)
                --db-type pgsql
                --db-user $(DB_USER)
                --auth-type http_auth
                --default-user admin
                --language en
            - name: FRESHRSS_USER
              value: |
                --api-password $(ADMIN_API_PASSWORD)
                --email $(ADMIN_EMAIL)
                --language en
                --password $(ADMIN_PASSWORD)
                --user admin
            - name: OIDC_ENABLED
              value: "1"
            - name: OIDC_PROVIDER_METADATA_URL
              value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration
            - name: OIDC_X_FORWARDED_HEADERS
              value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
            - name: OIDC_SCOPES
              value: openid email profile
            - name: OIDC_REMOTE_USER_CLAIM
              value: preferred_username
          envFrom:
            - secretRef:
                name: freshrss-oidc-secret
            - secretRef:
                name: freshrss-install-secret
          image: freshrss/freshrss:1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522
          name: main
          resources:
            requests:
              cpu: 1m
              memory: 128Mi
          volumeMounts:
            - mountPath: /var/www/FreshRSS/data
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: freshrss-data