apiVersion: v1
kind: ServiceAccount
metadata:
  name: everest-admin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: everest-admin-role
rules:
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "list"]
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: everest-admin-cluster-role
rules:
  - apiGroups: ["everest.percona.com"]
    resources: ["databaseengines"]
    verbs: ["get", "list"]
  - apiGroups: ["everest.percona.com"]
    resources: ["databaseclusters", "databaseclusterbackups", "databaseclusterrestores", "backupstorages", "monitoringconfigs"]
    verbs: ["*"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["*"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["*"]
  - apiGroups: [""]
    resources: ["nodes", "pods", "persistentvolumes"]
    verbs: ["get", "list"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["list"]
  - apiGroups: ["everest.percona.com"]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: everest-admin-cluster-role-binding
roleRef:
  kind: "ClusterRole"
  apiGroup: "rbac.authorization.k8s.io"
  name: everest-admin-cluster-role
subjects:
  - kind: "ServiceAccount"
    name: everest-admin
    namespace: percona-everest
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: everest-admin-role-binding
roleRef:
  kind: "Role"
  apiGroup: "rbac.authorization.k8s.io"
  name: everest-admin-role
subjects:
  - kind: "ServiceAccount"
    name: everest-admin
---
apiVersion: v1
kind: Secret
metadata:
  name: everest-admin-token
  annotations:
    kubernetes.io/service-account.name: everest-admin
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: percona-everest
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: percona-everest-backend
      app.kubernetes.io/component: everest
  template:
    metadata:
      labels:
        app.kubernetes.io/name: percona-everest-backend
        app.kubernetes.io/component: everest
    spec:
      serviceAccountName: everest-admin
      automountServiceAccountToken: true
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app.kubernetes.io/component: everest
                app.kubernetes.io/name: percona-everest-backend
            topologyKey: "kubernetes.io/hostname"
      containers:
        - name: everest
          image: perconalab/everest:0.0.0
          ports:
            - containerPort: 8080
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 300
            periodSeconds: 15
          resources:
            limits:
              cpu: 200m
              memory: 500Mi
            requests:
              cpu: 100m
              memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
  name: everest
  labels:
    app.kubernetes.io/name: percona-everest-backend
    app.kubernetes.io/component: everest
spec:
  selector:
    app.kubernetes.io/component: everest
    app.kubernetes.io/name: percona-everest-backend
  type: ClusterIP
  ports:
    - protocol: TCP
      port: 8080