---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    name: prod
  name: prod
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/managed-by: quarkus
    app.kubernetes.io/name: vault
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.kubernetes.io/part-of: vault
  name: vault
  namespace: prod
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: vault-view
  namespace: prod
roleRef:
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
  name: view
subjects:
  - kind: ServiceAccount
    name: vault
    namespace: prod
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: vault
    app.kubernetes.io/part-of: vault
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.kubernetes.io/managed-by: quarkus
  name: vault
  namespace: prod
spec:
  ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app.kubernetes.io/name: vault
    app.kubernetes.io/part-of: vault
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/managed-by: quarkus
    app.kubernetes.io/name: vault
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.kubernetes.io/part-of: vault
  name: vault
  namespace: prod
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: vault
      app.kubernetes.io/version: 1.0.0-SNAPSHOT
      app.kubernetes.io/part-of: vault
  template:
    metadata:
      labels:
        app.kubernetes.io/managed-by: quarkus
        app.kubernetes.io/name: vault
        app.kubernetes.io/version: 1.0.0-SNAPSHOT
        app.kubernetes.io/part-of: vault
      namespace: prod
    spec:
      containers:
        - env:
            - name: KUBERNETES_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: registry.hub.docker.com/cch0124/vault:788ed52
          imagePullPolicy: Always
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /q/health/live
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 60
            periodSeconds: 20
            successThreshold: 1
            timeoutSeconds: 3
          name: vault
          ports:
            - containerPort: 8080
              name: http
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /q/health/ready
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 60
            periodSeconds: 20
            successThreshold: 1
            timeoutSeconds: 3
          resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 10m
              memory: 64Mi
          startupProbe:
            failureThreshold: 3
            httpGet:
              path: /q/health/started
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
      securityContext:
        fsGroup: 185
        runAsGroup: 185
        runAsNonRoot: true
        runAsUser: 185
      serviceAccountName: vault
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  labels:
    app.kubernetes.io/name: vault
    app.kubernetes.io/part-of: vault
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.kubernetes.io/managed-by: quarkus
  name: vault
  namespace: prod
spec:
  ingressClassName: nginx
  rules:
    - host: vault-demo.cch.com
      http:
        paths:
          - backend:
              service:
                name: vault
                port:
                  name: http
            path: /api/v1(/|$)(.*)
            pathType: Prefix