---
apiVersion: v1
kind: Namespace
metadata:
  name: wandbox
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: wandbox-sa
  namespace: wandbox
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: wandbox-role
  namespace: wandbox
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: wandbox-rolebinding
  namespace: wandbox
subjects:
- kind: ServiceAccount
  name: wandbox-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: wandbox-role
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: wandbox-config
  namespace: wandbox
data:
  wandbox.domain: "wandbox.apps.mngoma.lab"
  wandbox.rooturl: "https://wandbox.apps.mngoma.lab"
  wandbox.port: "5000"
---
apiVersion: v1
kind: Secret
metadata:
  name: wandbox-secret
  namespace: wandbox
type: Opaque
data:
  api.key: cG1HeW9xUlBCYW1qdndRV2FRbzZWME9CdmJLS3BFS1RhWlF0bDRndUhMSGpYQlZwc0Y3dnJPZXhXMTNIRWFDRg==
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: wandbox-pv
  labels:
    type: local
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  local:
    path: /home/ansible/k3s/makhiwane/wandbox
  nodeAffinity:
    required:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
                - lead
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wandbox-pvc
  namespace: wandbox
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  resources:
    requests:
      storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wandbox
  namespace: wandbox
  labels:
    app.kubernetes.io/name: wandbox
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: wandbox
  template:
    metadata:
      labels:
        app.kubernetes.io/name: wandbox
    spec:
      serviceAccountName: wandbox-sa
      containers:
      - name: wandbox
        image: melpon/wandbox:latest
        ports:
          - containerPort: 5000
        env:
          - name: WANDBOX_PORT
            valueFrom:
              configMapKeyRef:
                name: wandbox-config
                key: wandbox.port
          - name: WANDBOX_ROOTURL
            valueFrom:
              configMapKeyRef:
                name: wandbox-config
                key: wandbox.rooturl
          - name: WANDBOX_DOMAIN
            valueFrom:
              configMapKeyRef:
                name: wandbox-config
                key: wandbox.domain
          - name: API_KEY
            valueFrom:
              secretKeyRef:
                name: wandbox-secret
                key: api.key
        volumeMounts:
          - name: wandbox-data
            mountPath: /data
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "1Gi"
            cpu: "500m"
      volumes:
        - name: wandbox-data
          persistentVolumeClaim:
            claimName: wandbox-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: wandbox-service
  namespace: wandbox
spec:
  selector:
    app.kubernetes.io/name: wandbox
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 5000
  type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: wandbox-web
  namespace: wandbox
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`wandbox.apps.mngoma.lab`)
      kind: Rule
      services:
        - name: wandbox-service
          port: 80
          scheme: http
  tls: {}