---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ui-acct
  namespace: kubeless
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: kubeless-ui
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - list
- apiGroups:
  - kubeless.io
  resources:
  - functions
  verbs:
  - get
  - list
  - watch
  - update
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - proxy
- apiGroups:
  - ""
  resources:
  - services/proxy
  verbs:
  - get
  # the 'create' verb is required because otherwise POST requests are blocked
  - create
  - proxy
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubeless-ui
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubeless-ui
subjects:
- kind: ServiceAccount
  name: ui-acct
  namespace: kubeless
---
apiVersion: apps/v1 
kind: Deployment
metadata:
  labels:
   controller: ui
  namespace: kubeless
  name: ui
spec:
  replicas: 1
  selector:
    matchLabels:
     controller: ui
  template:
    metadata:
      labels:
        controller: ui
    spec:
      containers:
      - name: ui
        image: bitnami/kubeless-ui:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 3000
          protocol: TCP
      - name: proxy
        image: lachlanevenson/k8s-kubectl:v1.13.1
        imagePullPolicy: Always
        args:
        - proxy
        - "-p"
        - "8080"
      serviceAccountName: ui-acct
---
apiVersion: v1
kind: Service
metadata:
  labels:
    controller: ui
  name: ui
  namespace: kubeless
spec:
  ports:
  - name: ui-port
    port: 3000
    protocol: TCP
    targetPort: 3000
  selector:
    controller: ui
  sessionAffinity: None
  type: NodePort