apiVersion: v1
kind: Namespace
metadata:
  name: hairpin-proxy

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hairpin-proxy-haproxy
  name: hairpin-proxy-haproxy
  namespace: hairpin-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hairpin-proxy-haproxy
  template:
    metadata:
      labels:
        app: hairpin-proxy-haproxy
    spec:
      containers:
        - image: compumike/hairpin-proxy-haproxy:0.1.2
          name: main
          resources:
            requests:
              memory: "100Mi"
              cpu: "10m"
            limits:
              memory: "200Mi"
              cpu: "50m"

---

apiVersion: v1
kind: Service
metadata:
  name: hairpin-proxy
  namespace: hairpin-proxy
spec:
  selector:
    app: hairpin-proxy-haproxy
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
    - name: https
      protocol: TCP
      port: 443
      targetPort: 443

---

kind: ServiceAccount
apiVersion: v1
metadata:
  name: hairpin-proxy-controller-sa
  namespace: hairpin-proxy

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: hairpin-proxy-controller-cr
rules:
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: hairpin-proxy-controller-crb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: hairpin-proxy-controller-cr
subjects:
  - kind: ServiceAccount
    name: hairpin-proxy-controller-sa
    namespace: hairpin-proxy

---

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: hairpin-proxy-controller-r
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources:
      - configmaps
    resourceNames:
      - coredns
    verbs:
      - get
      - watch
      - update

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: hairpin-proxy-controller-rb
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: hairpin-proxy-controller-r
subjects:
  - kind: ServiceAccount
    name: hairpin-proxy-controller-sa
    namespace: hairpin-proxy

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hairpin-proxy-controller
  name: hairpin-proxy-controller
  namespace: hairpin-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hairpin-proxy-controller
  template:
    metadata:
      labels:
        app: hairpin-proxy-controller
    spec:
      serviceAccountName: hairpin-proxy-controller-sa
      securityContext:
        runAsUser: 405
        runAsGroup: 65533
      containers:
        - image: compumike/hairpin-proxy-controller:0.1.2
          name: main
          resources:
            requests:
              memory: "50Mi"
              cpu: "10m"
            limits:
              memory: "100Mi"
              cpu: "50m"