apiVersion: apps/v1
kind: Deployment
metadata:
  name: crane-ui-plugin
  namespace: openshift-migration-toolkit
  labels:
    app: crane-ui-plugin
    app.kubernetes.io/component: crane-ui-plugin
    app.kubernetes.io/instance: crane-ui-plugin
    app.kubernetes.io/part-of: crane-ui-plugin
    app.openshift.io/runtime-namespace: openshift-migration-toolkit
spec:
  replicas: 1
  selector:
    matchLabels:
      app: crane-ui-plugin
  template:
    metadata:
      labels:
        app: crane-ui-plugin
    spec:
      containers:
      - name: crane-ui-plugin
        image: quay.io/konveyor/crane-ui-plugin
        ports:
        - containerPort: 9443
          protocol: TCP
        imagePullPolicy: Always
        volumeMounts:
        - name: plugin-serving-cert
          readOnly: true
          mountPath: /var/serving-cert
        - name: nginx-conf
          readOnly: true
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      volumes:
      - name: plugin-serving-cert
        secret:
          secretName: plugin-serving-cert
          defaultMode: 420
      - name: nginx-conf
        configMap:
          name: nginx-conf
          defaultMode: 420
      restartPolicy: Always
      dnsPolicy: ClusterFirst
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: openshift-migration-toolkit
  labels:
    app: crane-ui-plugin
    app.kubernetes.io/part-of: crane-ui-plugin
data:
  nginx.conf: |
    error_log /dev/stdout info;
    events {}
    http {
      access_log         /dev/stdout;
      include            /etc/nginx/mime.types;
      default_type       application/octet-stream;
      keepalive_timeout  65;
      server {
        listen              9443 ssl;
        ssl_certificate     /var/serving-cert/tls.crt;
        ssl_certificate_key /var/serving-cert/tls.key;
        root                /opt/app-root/src;
      }
    }
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.alpha.openshift.io/serving-cert-secret-name: plugin-serving-cert
  name: crane-ui-plugin
  namespace: openshift-migration-toolkit
  labels:
    app: crane-ui-plugin
    app.kubernetes.io/component: crane-ui-plugin
    app.kubernetes.io/instance: crane-ui-plugin
    app.kubernetes.io/part-of: crane-ui-plugin
spec:
  ports:
    - name: 9443-tcp
      protocol: TCP
      port: 9443
      targetPort: 9443
  selector:
    app: crane-ui-plugin
  type: ClusterIP
  sessionAffinity: None
---
apiVersion: console.openshift.io/v1alpha1
kind: ConsolePlugin
metadata:
  name: crane-ui-plugin
spec:
  displayName: 'Konveyor Crane UI Plugin'
  service:
    name: crane-ui-plugin
    namespace: openshift-migration-toolkit
    port: 9443
    basePath: '/'
  proxy:
    - type: Service
      alias: remote-cluster
      authorize: false
      service:
        name: proxy
        namespace: openshift-migration-toolkit
        port: 8443
    - type: Service
      alias: secret-service
      authorize: true
      service:
        name: secret-service
        namespace: openshift-migration-toolkit
        port: 8443