apiVersion: v1
kind: Namespace
metadata:
  name: pgadmin
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pgadmin-config
  namespace: pgadmin
data:
  server.email: "khwezi@mngoma.lab"
---
apiVersion: v1
kind: Secret
metadata:
  name: pgadmin-secret
  namespace: pgadmin
type: Opaque
data:
  server.password: M3pDQTQz
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pgadmin-sa
  namespace: pgadmin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pgadmin-role
  namespace: pgadmin
rules:
- apiGroups: [""]
  resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pgadmin-rolebinding
  namespace: pgadmin
subjects:
- kind: ServiceAccount
  name: pgadmin-sa
  namespace: pgadmin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pgadmin-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pgadmin-pv
spec:
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  local:
    path: /home/ansible/k3s/makhiwane/pgadmin
  nodeAffinity:
    required:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
                - lead
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pgadmin-pvc
  namespace: pgadmin
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-pvs
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin
  namespace: pgadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      serviceAccountName: pgadmin-sa
      securityContext:
        runAsUser: 5050
        runAsGroup: 5050
        fsGroup: 5050
      containers:
      - name: pgadmin
        image: dpage/pgadmin4:latest        
        ports:
        - containerPort: 80
        volumeMounts:
        - name: pgadmin-data
          mountPath: /var/lib/pgadmin
        env:
        - name: PGADMIN_DEFAULT_EMAIL
          valueFrom:
            configMapKeyRef:
              name: pgadmin-config
              key: server.email
        - name: PGADMIN_DEFAULT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: pgadmin-secret
              key: server.password
      volumes:
      - name: pgadmin-data
        persistentVolumeClaim:
          claimName: pgadmin-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin
  namespace: pgadmin
spec:
  type: ClusterIP
  selector:
    app: pgadmin
  ports:
    - port: 80
      targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: pgadmin-ingress
  namespace: pgadmin
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`pgadmin.apps.mngoma.lab`)
      kind: Rule
      services:
        - name: pgadmin
          port: 80
  tls: {}