---
# NOTE: Secret 'parts-inventory-secret' must be created manually:
#   kubectl create secret generic parts-inventory-secret \
#     --from-literal=MONGO_URI="mongodb://parts-db.infrastructure.svc.cluster.local:27017/parts" \
#     -n infrastructure
---
# MongoDB PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: parts-db-pvc
  namespace: infrastructure
spec:
  accessModes: [ReadWriteOnce]
  storageClassName: nfs-general
  resources:
    requests:
      storage: 5Gi
---
# MongoDB StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: parts-db
  namespace: infrastructure
spec:
  replicas: 1
  serviceName: parts-db
  selector:
    matchLabels:
      app: parts-db
  template:
    metadata:
      labels:
        app: parts-db
    spec:
      containers:
      - name: mongo
        image: mongo:4.4
        ports:
        - containerPort: 27017
          name: mongo
        resources:
          requests:
            cpu: 100m
            memory: 256Mi
          limits:
            cpu: 500m
            memory: 512Mi
        livenessProbe:
          exec:
            command: ["mongo", "--eval", "db.adminCommand('ping')"]
          initialDelaySeconds: 30
          periodSeconds: 20
          failureThreshold: 5
        readinessProbe:
          exec:
            command: ["mongo", "--eval", "db.adminCommand('ping')"]
          initialDelaySeconds: 15
          periodSeconds: 10
          failureThreshold: 3
        volumeMounts:
        - name: db-data
          mountPath: /data/db
      volumes:
      - name: db-data
        persistentVolumeClaim:
          claimName: parts-db-pvc
---
# MongoDB Headless Service
apiVersion: v1
kind: Service
metadata:
  name: parts-db
  namespace: infrastructure
spec:
  clusterIP: None
  selector:
    app: parts-db
  ports:
  - name: mongo
    port: 27017
    targetPort: 27017
---
# parts-api Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: parts-api
  namespace: infrastructure
spec:
  replicas: 2
  selector:
    matchLabels:
      app: parts-api
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: parts-api
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app: parts-api
            topologyKey: kubernetes.io/hostname
      containers:
      - name: parts-api
        image: parts-api:latest
        imagePullPolicy: Never
        ports:
        - containerPort: 3001
          name: http
        env:
        - name: MONGO_URI
          valueFrom:
            secretKeyRef:
              name: parts-inventory-secret
              key: MONGO_URI
        - name: PORT
          value: "3001"
        resources:
          requests:
            cpu: 50m
            memory: 64Mi
          limits:
            cpu: 200m
            memory: 128Mi
        livenessProbe:
          httpGet:
            path: /health
            port: 3001
          initialDelaySeconds: 15
          periodSeconds: 20
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /health
            port: 3001
          initialDelaySeconds: 10
          periodSeconds: 10
          failureThreshold: 3
---
# parts-api Service
apiVersion: v1
kind: Service
metadata:
  name: parts-api
  namespace: infrastructure
spec:
  selector:
    app: parts-api
  ports:
  - name: http
    port: 3001
    targetPort: 3001
  type: ClusterIP
---
# parts-ui Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: parts-ui
  namespace: infrastructure
spec:
  replicas: 2
  selector:
    matchLabels:
      app: parts-ui
  template:
    metadata:
      labels:
        app: parts-ui
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app: parts-ui
            topologyKey: kubernetes.io/hostname
      containers:
      - name: parts-ui
        image: parts-ui:latest
        imagePullPolicy: Never
        ports:
        - containerPort: 8080
          name: http
        resources:
          requests:
            cpu: 10m
            memory: 16Mi
          limits:
            cpu: 100m
            memory: 64Mi
        livenessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 20
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 3
          periodSeconds: 10
          failureThreshold: 3
---
# parts-ui Service
apiVersion: v1
kind: Service
metadata:
  name: parts-ui
  namespace: infrastructure
spec:
  selector:
    app: parts-ui
  ports:
  - name: http
    port: 80
    targetPort: 8080
  type: ClusterIP
---
# Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: parts-ui-ingress
  namespace: infrastructure
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/auth-url: "https://auth.vandachevici.ro/outpost.goauthentik.io/auth/nginx"
    nginx.ingress.kubernetes.io/auth-signin: "https://auth.vandachevici.ro/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri"
    nginx.ingress.kubernetes.io/auth-response-headers: >-
      Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
spec:
  ingressClassName: nginx
  rules:
  - host: parts.vandachevici.ro
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: parts-ui
            port:
              number: 80
  tls:
  - hosts:
    - parts.vandachevici.ro
    secretName: parts-ui-tls