From b35069bc411288152d141a6594cdf4a2d1a2016b Mon Sep 17 00:00:00 2001
From: Luke <luke@mullan.net.au>
Date: Mon, 2 Sep 2024 10:21:22 +0800
Subject: [PATCH] mealie

---
 .../main/apps/default/kustomization.yaml      |   1 +
 .../default/mealie/app/externalsecret.yaml    |  34 ++++++
 .../apps/default/mealie/app/helmrelease.yaml  | 111 ++++++++++++++++++
 .../default/mealie/app/kustomization.yaml     |   9 ++
 kubernetes/main/apps/default/mealie/ks.yaml   |  24 ++++
 5 files changed, 179 insertions(+)
 create mode 100644 kubernetes/main/apps/default/mealie/app/externalsecret.yaml
 create mode 100644 kubernetes/main/apps/default/mealie/app/helmrelease.yaml
 create mode 100644 kubernetes/main/apps/default/mealie/app/kustomization.yaml
 create mode 100644 kubernetes/main/apps/default/mealie/ks.yaml

diff --git a/kubernetes/main/apps/default/kustomization.yaml b/kubernetes/main/apps/default/kustomization.yaml
index fc5e00d81..19bdf65da 100644
--- a/kubernetes/main/apps/default/kustomization.yaml
+++ b/kubernetes/main/apps/default/kustomization.yaml
@@ -22,6 +22,7 @@ resources:
   - ./jellystat/ks.yaml
   - ./jellyseerr/ks.yaml
   - ./lidarr/ks.yaml
+  - ./mealie/ks.yaml
   # - ./mosquitto/ks.yaml
   - ./navidrome/ks.yaml
   - ./overseerr/ks.yaml
diff --git a/kubernetes/main/apps/default/mealie/app/externalsecret.yaml b/kubernetes/main/apps/default/mealie/app/externalsecret.yaml
new file mode 100644
index 000000000..c45a63166
--- /dev/null
+++ b/kubernetes/main/apps/default/mealie/app/externalsecret.yaml
@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mealie
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: mealie-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        # App
+        POSTGRES_SERVER: &dbHost postgres16-rw.database.svc.cluster.local
+        POSTGRES_DB: &dbName mealie
+        POSTGRES_PORT: "5432"
+        POSTGRES_USER: &dbUser "{{ .POSTGRES_USER }}"
+        POSTGRES_PASSWORD: &dbPass "{{ .POSTGRES_PASSWORD }}"
+        # Postgres Init
+        INIT_POSTGRES_DBNAME: *dbName
+        INIT_POSTGRES_HOST: *dbHost
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
+        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
+
+  dataFrom:
+    - extract:
+        key: mealie
+    - extract:
+        key: cloudnative-pg
diff --git a/kubernetes/main/apps/default/mealie/app/helmrelease.yaml b/kubernetes/main/apps/default/mealie/app/helmrelease.yaml
new file mode 100644
index 000000000..955d2dcd5
--- /dev/null
+++ b/kubernetes/main/apps/default/mealie/app/helmrelease.yaml
@@ -0,0 +1,111 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mealie
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    - name: rook-ceph-cluster
+      namespace: rook-ceph
+  values:
+    controllers:
+      mealie:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        initContainers:
+          init-db:
+            image:
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
+              pullPolicy: IfNotPresent
+            envFrom: &envFrom
+              - secretRef:
+                  name: mealie-secret
+        containers:
+          app:
+            image:
+              repository: ghcr.io/mealie-recipes/mealie
+              tag: v1.12.0@sha256:88e8e12542e9a2733c07f175682dc69e7360becb6137d604bb087a71ab33c5fe
+            env:
+              BASE_URL: https://mealie.lumu.au
+              API_DOCS: false
+              DB_ENGINE: postgres
+              PUID: 568
+              PGID: 568
+              TZ: Australia/Perth
+              # SMTP_HOST: ${ROUTER_IP}
+              # SMTP_PORT: 25
+              # SMTP_AUTH_STRATEGY: NONE
+              # SMTP_FROM_EMAIL: admin@${DOMAIN}
+              # OIDC_AUTH_ENABLED: true
+              # OIDC_SIGNUP_ENABLED: true
+              # OIDC_CONFIGURATION_URL: https://auth.${DOMAIN}/.well-known/openid-configuration
+              # OIDC_CLIENT_ID: mealie
+              # OIDC_USER_CLAIM: preferred_username
+              # OIDC_AUTO_REDIRECT: false
+              # OIDC_GROUPS_CLAIM: groups
+              # OIDC_ADMIN_GROUP: admins
+              # OIDC_USER_GROUP: family
+            envFrom: *envFrom
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 100m
+                memory: 400Mi
+              limits:
+                memory: 600Mi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: mealie
+        type: LoadBalancer
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: &host mealie.lumu.au
+        ports:
+          http:
+            port: 9000
+    ingress:
+      app:
+        className: internal
+        hosts:
+          - host: *host
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: mealie
+        globalMounts:
+          - path: /app/data
diff --git a/kubernetes/main/apps/default/mealie/app/kustomization.yaml b/kubernetes/main/apps/default/mealie/app/kustomization.yaml
new file mode 100644
index 000000000..4160231c7
--- /dev/null
+++ b/kubernetes/main/apps/default/mealie/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ../../../../templates/volsync
diff --git a/kubernetes/main/apps/default/mealie/ks.yaml b/kubernetes/main/apps/default/mealie/ks.yaml
new file mode 100644
index 000000000..e59aba8b7
--- /dev/null
+++ b/kubernetes/main/apps/default/mealie/ks.yaml
@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mealie
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/default/mealie/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 10Gi