---
apiVersion: v1
kind: Namespace
metadata:
  name: nosqlclient
---
apiVersion: v1
kind: Secret
metadata:
  name: nosqlclient-secret
  namespace: nosqlclient
type: Opaque
data:
  mongodb-uri: bW9uZ29kYjovL2FkbWluOkJsYWNrc3RhcjIlNDBob21lQGRhdGFiYXNlLm1uZ29tYS5sYWI6MjcwMTcvYWRtaW4=
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nosqlclient-sa
  namespace: nosqlclient
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: nosqlclient-role
  namespace: nosqlclient
rules:
- apiGroups: [""]
  resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: nosqlclient-rolebinding
  namespace: nosqlclient
subjects:
- kind: ServiceAccount
  name: nosqlclient-sa
  namespace: nosqlclient
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nosqlclient-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nosqlclient
  namespace: nosqlclient
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nosqlclient
  template:
    metadata:
      labels:
        app: nosqlclient
    spec:
      serviceAccountName: nosqlclient-sa
      containers:
      - name: nosqlclient
        image: mongoclient/mongoclient:latest
        env:
        - name: MONGO_URL
          valueFrom:
            secretKeyRef:
              name: nosqlclient-secret
              key: mongodb-uri
        ports:
        - containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
  name: nosqlclient
  namespace: nosqlclient
spec:
  type: ClusterIP
  selector:
    app: nosqlclient
  ports:
    - port: 3000
      targetPort: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: nosqlclient-ingress
  namespace: nosqlclient
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`mongodb.apps.mngoma.lab`)
      kind: Rule
      services:
        - name: nosqlclient
          port: 3000
  tls: {}