---
apiVersion: v1
kind: Namespace
metadata:
  name: flame
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flame-sa
  namespace: flame
---
apiVersion: v1
kind: Secret
metadata:
  name: flame-secret
  namespace: flame
type: Opaque
data:
  app.password: MTIzNDU=
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: flame-role
  namespace: flame
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: flame-rolebinding
  namespace: flame
subjects:
- kind: ServiceAccount
  name: flame-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: flame-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: flame-config-pv
  labels:
    type: local
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  local:
    path: /home/ansible/k3s/makhiwane/flame
  nodeAffinity:
    required:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
                - lead
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: flame-config-pvc
  namespace: flame
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  resources:
    requests:
      storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: flame
  namespace: flame
spec:
  replicas: 1
  selector:
    matchLabels:
      app: flame
  template:
    metadata:
      labels:
        app: flame
    spec:
      serviceAccountName: flame-sa
      containers:
        - name: flame
          image: pawelmalak/flame
          env:
            - name: PASSWORD
              valueFrom:
                secretKeyRef:
                  name: flame-secret
                  key: app.password
          ports:
            - containerPort: 5005
          resources:
            requests:
              cpu: "100m"
              memory: "128Mi"
            limits:
              cpu: "250m"
              memory: "256Mi"
          volumeMounts:
            - name: flame-config
              mountPath: /app/data
          startupProbe:
            httpGet:
              path: /
              port: 5005
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 10
            timeoutSeconds: 5
          readinessProbe:
            httpGet:
              path: /
              port: 5005
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 10
            timeoutSeconds: 5
      volumes:
        - name: flame-config
          persistentVolumeClaim:
            claimName: flame-config-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: flame
  namespace: flame
spec:
  type: ClusterIP
  selector:
    app: flame
  ports:
    - name: web
      protocol: TCP
      port: 80
      targetPort: 5005
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: flame-web
  namespace: flame
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`dashboard.apps.mngoma.lab`)
      kind: Rule
      services:
        - name: flame
          port: 80
          scheme: http
  tls: {}