---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: wildflock
spec:
  size: 32
  mapping:
    - key: SESSION_SECRET
      value: "%(plaintext)s"
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: wildflock
spec:
  allowedGroups:
    - k-space:floor
    - k-space:friends
  displayName: Wildduck disposable alias generator
  uri: "https://wildflock.k-space.ee/auth-oidc"
  redirectUris:
    - "https://wildflock.k-space.ee/auth-oidc/callback"
  grantTypes:
    - "authorization_code"
    - "refresh_token"
  responseTypes:
    - "code"
  availableScopes:
    - "openid"
    - "profile"
    - "offline_access"
  tokenEndpointAuthMethod: "client_secret_basic"
  pkce: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wildflock
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
    - host: wildflock.k-space.ee
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: wildflock
                port:
                  number: 3030
  tls:
    - hosts:
        - "*.k-space.ee"
---
apiVersion: v1
kind: Service
metadata:
  name: wildflock
spec:
  type: ClusterIP
  selector:
    app: wildflock
  ports:
    - protocol: TCP
      port: 3030
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wildflock
  labels:
    app: wildflock
spec:
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: wildflock
  replicas: 2
  template:
    metadata:
      labels:
        app: wildflock
    spec:
      containers:
        - name: wildflock
          image: harbor.k-space.ee/k-space/wildflock:latest
          resources:
            limits:
              cpu: 500m
              memory: 200Mi
            requests:
              cpu: 1m
              memory: 100Mi
          ports:
            - containerPort: 3030
          env:
            - name: REDIS_URL
              valueFrom:
                secretKeyRef:
                  name: session-storage
                  key: REDIS_WILDFLOCK_URI
            - name: CLIENT_URL
              value: https://wildflock.k-space.ee
            - name: WILDDUCK_DOMAIN
              value: k6.ee
            - name: NODE_ENV
              value: prod
            - name: WILDDUCK_URL
              value: http://wildduck-api:8080
            - name: WILDDUCK_TOKEN
              valueFrom:
                secretKeyRef:
                  name: wildduck
                  key: WILDDUCK_API_TOKEN
            - name: SESSION_SECRET
              valueFrom:
                secretKeyRef:
                  name: wildflock
                  key: SESSION_SECRET
            - name: OIDC_GATEWAY_URI
              valueFrom:
                secretKeyRef:
                  key: OIDC_IDP_URI
                  name: oidc-client-wildflock-owner-secrets
            - name: OIDC_GATEWAY_AUTH_URI
              valueFrom:
                secretKeyRef:
                  key: OIDC_IDP_AUTH_URI
                  name: oidc-client-wildflock-owner-secrets
            - name: OIDC_GATEWAY_TOKEN_URI
              valueFrom:
                secretKeyRef:
                  key: OIDC_IDP_TOKEN_URI
                  name: oidc-client-wildflock-owner-secrets
            - name: OIDC_GATEWAY_USERINFO_URI
              valueFrom:
                secretKeyRef:
                  key: OIDC_IDP_USERINFO_URI
                  name: oidc-client-wildflock-owner-secrets
          envFrom:
            - secretRef:
                name: oidc-client-wildflock-owner-secrets