---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: doorboy-proxy
  annotations:
    keel.sh/policy: force
    keel.sh/trigger: poll
spec:
  revisionHistoryLimit: 0
  replicas: 3
  selector:
    matchLabels: &selectorLabels
      app.kubernetes.io/name: doorboy-proxy
  template:
    metadata:
      labels: *selectorLabels
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - doorboy-proxy
                topologyKey: kubernetes.io/hostname
              weight: 100
      containers:
        - name: doorboy-proxy
          image: harbor.k-space.ee/k-space/doorboy-proxy:latest
          envFrom:
            - secretRef:
                name: doorboy-api
          env:
            - name: MONGO_URI
              valueFrom:
                secretKeyRef:
                  name: mongo-application-readwrite
                  key: connectionString.standard
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          ports:
            - containerPort: 5000
              name: "http"
          resources:
            requests:
              memory: "200Mi"
              cpu: "100m"
            limits:
              memory: "500Mi"
              cpu: "1"
---
apiVersion: v1
kind: Service
metadata:
  name: doorboy-proxy
spec:
  selector:
    app.kubernetes.io/name: doorboy-proxy
  ports:
  - protocol: TCP
    name: http
    port: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: doorboy-proxy
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
  - host: doorboy-proxy.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: doorboy-proxy
            port:
              name: http
  tls:
  - hosts:
    - "*.k-space.ee"
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: doorboy-proxy
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: doorboy-proxy
  podMetricsEndpoints:
    - port: http
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kdoorpi
spec:
  selector:
    matchLabels: &selectorLabels
      app.kubernetes.io/name: kdoorpi
  template:
    metadata:
      labels: *selectorLabels
    spec:
      containers:
        - name: kdoorpi
          image: harbor.k-space.ee/k-space/kdoorpi:latest
          env:
            - name: KDOORPI_API_ALLOWED
              value: https://doorboy-proxy.k-space.ee/allowed
            - name: KDOORPI_API_LONGPOLL
              value: https://doorboy-proxy.k-space.ee/longpoll
            - name: KDOORPI_API_SWIPE
              value: http://172.21.99.98/swipe
            - name: KDOORPI_DOOR
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: KDOORPI_API_KEY
              valueFrom:
                secretKeyRef:
                  name: doorboy-api
                  key: DOORBOY_SECRET
            - name: KDOORPI_UID_SALT
              valueFrom:
                secretKeyRef:
                  name: doorboy-uid-hash-salt
                  key: KDOORPI_UID_SALT
          resources:
            limits:
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 100Mi
      nodeSelector:
        dedicated: door
      tolerations:
      - key: dedicated
        operator: Equal
        value: door
        effect: NoSchedule
      - key: arch
        operator: Equal
        value: arm64
        effect: NoSchedule