---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 1h
  type: oci
  url: oci://ghcr.io/weaveworks/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 1h
  chart:
    spec:
      chart: weave-gitops
      version: "4.0.36"
      sourceRef:
        kind: HelmRepository
        name: weave-gitops
      interval: 1h
  values:
    adminUser:
      create: true
      username: davide
      passwordHash: "$2a$10$SbfQuw.Fkh7SXNT4xNZUFuBGIXL5Ah8qqOyEPF210lppeSVJkzfGO"
    resources:
      requests:
        cpu: 20m
        memory: 64Mi
      limits:
        cpu: 100m
        memory: 128Mi
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-ingress-from-traefik
  namespace: flux-system
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
    ports:
    - port: 9001
      protocol: TCP
    - port: 8089
      protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: weave-gitops
  namespace: flux-system
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
  ingressClassName: traefik
  rules:
  - host: flux.davidepiu.xyz
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: weave-gitops
            port:
              number: 9001
  tls:
  - hosts:
    - flux.davidepiu.xyz
    secretName: weave-gitops-tls