---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: wiki
spec:
  displayName: Wiki
  uri: https://wiki.k-space.ee
  redirectUris:
    - https://wiki.k-space.ee/login/a4cdccdc-c879-4387-a64a-6584a02a85e9/callback
  allowedGroups:
    - k-space:floor
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  availableScopes:
    - openid
    - profile
  tokenEndpointAuthMethod: client_secret_post
  pkce: false
  secretRefreshPod:
    apiVersion: v1
    kind: Pod
    metadata:
      name: reset-oidc-config
    spec:
      volumes:
        - name: tmp
          emptyDir: {}
      initContainers:
        - name: jq
          image: alpine/k8s:1.24.16@sha256:06f8942d87fa17b40795bb9a8eff029a9be3fc3c9bcc13d62071de4cc3324153
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /tmp
              name: tmp
          envFrom:
            - secretRef:
                name: oidc-client-wiki-owner-secrets
          command:
            - /bin/bash
            - -c
            - jq '{"strategyKey":"oidc","config":{"clientId":$ENV.OIDC_CLIENT_ID,"clientSecret":$ENV.OIDC_CLIENT_SECRET,"authorizationURL":$ENV.OIDC_IDP_AUTH_URI,"tokenURL":$ENV.OIDC_IDP_TOKEN_URI,"userInfoURL":$ENV.OIDC_IDP_USERINFO_URI,"skipUserProfile":false,"issuer":$ENV.OIDC_IDP_URI,"emailClaim":"email","displayNameClaim":"name","mapGroups":false,"groupsClaim":"groups","logoutURL":$ENV.OIDC_IDP_URI,"acrValues":""}} | "UPDATE authentication SET config=\(.config|tostring|@sh) WHERE strategyKey=\(.strategyKey|tostring|@sh) LIMIT 1"' -n -r > /tmp/update.sql
      containers:
        - name: mysql
          image: mysql
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - mountPath: /tmp
              name: tmp
          env:
            - name: MYSQL_PWD
              valueFrom:
                secretKeyRef:
                  name: wikijs-secrets
                  key: DB_PASS
          command:
            - /bin/bash
            - -c
            - mysql -u kspace_wiki kspace_wiki -h 172.20.36.1 -p${MYSQL_PWD} < /tmp/update.sql
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: wikijs
  labels:
    app.kubernetes.io/name: wikijs
spec:
  serviceName: wikijs
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: wikijs
  template:
    metadata:
      labels:
        app.kubernetes.io/name: wikijs
    spec:
      containers:
        - name: wikijs
          image: requarks/wiki:2
          env:
            - name: DB_TYPE
              value: mysql
            - name: DB_HOST
              value: mariadb.infra.k-space.ee
            - name: DB_PORT
              value: "3306"
            - name: DB_USER
              value: kspace_wiki
            - name: DB_NAME
              value: kspace_wiki
            - name: DB_PASS
              valueFrom:
                secretKeyRef:
                  name: wikijs-secrets
                  key: DB_PASS
          ports:
            - containerPort: 3000
              name: http
---
apiVersion: v1
kind: Service
metadata:
  name: wikijs
spec:
  selector:
    app.kubernetes.io/name: wikijs
  ports:
  - port: 80
    name: http
    targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wikijs
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
    - host: wiki.k-space.ee
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: wikijs
                port:
                  name: http
  tls:
    - hosts:
        - "*.k-space.ee"