---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: grocy
spec:
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: grocy
  serviceName: grocy
  replicas: 1
  template:
    metadata:
      labels:
        app: grocy
    spec:
      securityContext:
        fsGroup: 911
        #runAsUser: 911
        #runAsGroup: 911

      initContainers:
        - name: init-litestream
          image: litestream/litestream:sha-749bc0d
          args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/config/data/grocy.db']
          volumeMounts:
          - name: config
            mountPath: /config
          - name: litestream
            mountPath: /etc/litestream.yml
            subPath: grocy.yml
          envFrom:
            - secretRef:
                name: grocy-litestream-s3

      containers:
      - name: grocy
        image: lscr.io/linuxserver/grocy:latest
        ports:
        - containerPort: 80
          name: web
        env:
          - name: PUID
            value: "911"
          - name: PGID
            value: "911"
        volumeMounts:
        - name: config
          mountPath: /config
      - name: litestream
        image: litestream/litestream:sha-749bc0d
        args: ['replicate']
        volumeMounts:
        - name: config
          mountPath: /config
        - name: litestream
          mountPath: /etc/litestream.yml
          subPath: grocy.yml
        envFrom:
          - secretRef:
              name: grocy-litestream-s3
        ports:
        - name: metrics
          containerPort: 9090
        resources:
          limits:
            memory: "128Mi"
            cpu: "300m"
          requests:
            memory: "64Mi"
            cpu: "100m"

      volumes:
      - name: litestream
        configMap:
          name: grocy-litestream
  volumeClaimTemplates:
  - metadata:
      name: config
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
  name: grocy
  annotations:
     prometheus.io/port: "9090"
     prometheus.io/scrape: "true"
     prometheus.io/path: "/metrics"
spec:
  selector:
    app: grocy
  ports:
  - port: 80
    targetPort: 80
    name: web
  - port: 9090
    targetPort: 9090
    name: litestream-metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: grocy
spec:
  selector:
    matchLabels:
      app: grocy
  endpoints:
  - port: metrics
    interval: 30s
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: food
  annotations:
    cert-manager.io/issuer: "le-issuer"
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto $scheme; 
  namespace: default
spec:
  tls:
  - hosts:
    - food.gmem.ca
    secretName: gmem-ca-wildcard
  rules:
    - host: food.gmem.ca
      http:
        paths:
        - backend:
            service:
              name: grocy
              port:
                number: 80
          path: /
          pathType: Prefix