---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: keel
  namespace: keel
  labels:
    app: keel
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: keel
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - watch
      - list
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - watch
      - list
  - apiGroups:
      - ""
      - extensions
      - apps
      - batch
    resources:
      - pods
      - replicasets
      - replicationcontrollers
      - statefulsets
      - deployments
      - daemonsets
      - jobs
      - cronjobs
    verbs:
      - get
      - delete # required to delete pods during force upgrade of the same tag
      - watch
      - list
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods/portforward
    verbs:
      - get
      - create
      - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: keel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: keel
subjects:
  - kind: ServiceAccount
    name: keel
    namespace: keel
---
apiVersion: v1
kind: Service
metadata:
  name: keel
  namespace: keel
  labels:
    app: keel
spec:
  type: ClusterIP
  ports:
    - port: 9300
      targetPort: 9300
      protocol: TCP
      name: keel
  selector:
    app: keel
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: keel
  labels:
    app: keel
  annotations:
    keel.sh/policy: force
    keel.sh/trigger: poll
    keel.sh/pollSchedule: "@midnight"
spec:
  replicas: 1
  serviceName: keel
  selector:
    matchLabels:
      app: keel
  template:
    metadata:
      labels:
        app: keel
    spec:
      serviceAccountName: keel
      containers:
        - name: keel
          image: keelhq/keel:latest
          imagePullPolicy: Always
          command: ["/bin/keel"]
          volumeMounts:
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POLL
              value: "true"
            - name: HELM_PROVIDER
              value: "false"
            - name: TILLER_NAMESPACE
              value: "kube-system"
            - name: TILLER_ADDRESS
              value: "tiller-deploy:44134"
            - name: NOTIFICATION_LEVEL
              value: "info"
            - name: BASIC_AUTH_USER
              value: admin
            - name: SLACK_CHANNELS
              value: kube-prod
            - name: SLACK_BOT_NAME
              value: keel.k-space.ee
          envFrom:
            - secretRef:
                name: application-secrets
          ports:
            - containerPort: 9300
          livenessProbe:
            httpGet:
              path: /healthz
              port: 9300
            initialDelaySeconds: 30
            timeoutSeconds: 10
          readinessProbe:
            httpGet:
              path: /healthz
              port: 9300
            initialDelaySeconds: 30
            timeoutSeconds: 10
          resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 50m
              memory: 64Mi

          volumeMounts:
          - name: keel-data
            mountPath: /data
  volumeClaimTemplates:
  - metadata:
      name: keel-data
    spec:
      storageClassName: longhorn
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 2Gi