# rdev-api - Go REST API for controlling claudebox pods
# v0.5 - API Server with Authentication

apiVersion: apps/v1
kind: Deployment
metadata:
  name: rdev-api
  namespace: rdev
  labels:
    app.kubernetes.io/name: rdev-api
    app.kubernetes.io/part-of: rdev
spec:
  replicas: 1
  selector:
    matchLabels:
      app: rdev-api
  template:
    metadata:
      labels:
        app: rdev-api
        app.kubernetes.io/name: rdev-api
        app.kubernetes.io/part-of: rdev
    spec:
      serviceAccountName: rdev-api
      containers:
        - name: rdev-api
          image: ghcr.io/orchard9/rdev-api:v0.5.0
          imagePullPolicy: Always

          ports:
            - containerPort: 8080
              name: http

          resources:
            requests:
              cpu: "100m"
              memory: "128Mi"
            limits:
              cpu: "500m"
              memory: "256Mi"

          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 10
            periodSeconds: 30

          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10

          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: PORT
              value: "8080"
            - name: DB_HOST
              value: "postgres.databases.svc"
            - name: DB_PORT
              value: "5432"
            - name: DB_USER
              value: "appuser"
            - name: DB_NAME
              value: "rdev"
            - name: DB_SSL_MODE
              value: "disable"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: rdev-credentials
                  key: DB_PASSWORD
            - name: RDEV_ADMIN_KEY
              valueFrom:
                secretKeyRef:
                  name: rdev-credentials
                  key: RDEV_ADMIN_KEY

      imagePullSecrets:
        - name: ghcr-secret
---
# Service for rdev-api
apiVersion: v1
kind: Service
metadata:
  name: rdev-api
  namespace: rdev
  labels:
    app.kubernetes.io/name: rdev-api
    app.kubernetes.io/part-of: rdev
spec:
  type: ClusterIP
  selector:
    app: rdev-api
  ports:
    - port: 8080
      targetPort: http
      name: http
---
# ServiceAccount for rdev-api
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rdev-api
  namespace: rdev
---
# Role for rdev-api to exec into claudebox pods
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rdev-api
  namespace: rdev
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create"]
---
# RoleBinding for rdev-api
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rdev-api
  namespace: rdev
subjects:
- kind: ServiceAccount
  name: rdev-api
  namespace: rdev
roleRef:
  kind: Role
  name: rdev-api
  apiGroup: rbac.authorization.k8s.io