apiVersion: v1
kind: Namespace
metadata:
  name: webrelay-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: webrelay
  namespace: webrelay-ingress
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webrelay
  name: webrelay
  namespace: webrelay-ingress
spec:
  selector:
    matchLabels:
      app: webrelay
  replicas: 1
  template:
    metadata:
      labels:
        app: webrelay
    spec:
      containers:
      - image: docker.io/webrelay/ingress:latest
        imagePullPolicy: Always
        name: webrelay
        command: ["reingress"]
        args: ["server", "--incluster"]           
        env:
          - name: KEY
            valueFrom:
              secretKeyRef:
                name: webrelay-credentials
                key: key
          - name: SECRET
            valueFrom:
              secretKeyRef:
                name: webrelay-credentials
                key: secret
        resources:
          limits:
            cpu: 300m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 128Mi
      dnsPolicy: ClusterFirst
      serviceAccountName: webrelay
      terminationGracePeriodSeconds: 10     
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: webrelay
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: webrelay
subjects:
- kind: ServiceAccount
  name: webrelay
  namespace: webrelay-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: webrelay
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods  
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch