---
apiVersion: v1
kind: Namespace
metadata:
  name: atat
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: atst
  name: atst
  namespace: atat
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: atst
    spec:
      containers:
        - name: atst
          image: registry.atat.codes:443/atst-prod:c06b0f6
          volumeMounts:
            - name: atst-config
              mountPath: "/opt/atat"
            - name: uswgi-socket-dir
              mountPath: "/var/run/uwsgi"
        - name: atst-nginx
          image: nginx:alpine
          ports:
            - containerPort: 8080
              name: http
            - containerPort: 8443
              name: http
          volumeMounts:
            - name: nginx-auth-tls
              mountPath: "/etc/ssl/private"
            - name: nginx-config
              mountPath: "/etc/nginx/conf.d"
            - name: nginx-dhparam
              mountPath: "/etc/ssl"
            - name: nginx-htpasswd
              mountPath: "/etc/nginx"
            - name: uswgi-socket-dir
              mountPath: "/var/run/uwsgi"
      imagePullSecrets:
        - name: regcred
      volumes:
        - name: atst-config
          configMap:
            name: atst
            items:
            - key: atst-config
              path: atst-overrides.ini
              mode: 0644
        - name: nginx-auth-tls
          secret:
            secretName: auth-atst-ingress-tls
            items:
            - key: tls.crt
              path: auth.atat.crt
              mode: 0644
            - key: tls.key
              path: auth.atat.crt
              mode: 0640
        - name: nginx-config
          configMap:
            name: atst-nginx
            items:
            - key: nginx-config
              path: atst.conf
        - name: nginx-dhparam
          secret:
            secretName: dhparam-4096
            items:
            - key: dhparam.pem
              path: dhparam.pem
              mode: 0640
        - name: nginx-htpasswd
          configMap:
            name: atst-nginx
            items:
            - key: httpasswd
              path: .htpasswd
              mode: 0640
        - name: uswgi-socket-dir
          emptyDir:
            medium: Memory
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: atst
  name: atst
  namespace: atat
spec:
  ports:
  - name: "http"
    port: 80
    targetPort: 8080
  - name: "https"
    port: 443
    targetPort: 8443
  selector:
    app: atst
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: atst
  namespace: atat
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
spec:
  tls:
  - hosts:
    - www.atat.codes
    secretName: atst-ingress-tls
  rules:
  - host: www.atat.codes
    http:
      paths:
      - path: /
        backend:
          serviceName: atst
          servicePort: 80
---
apiVersion: extensions/v1beta1
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: atst-auth
  namespace: atat
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  rules:
  - host: auth.atat.codes
    http:
      paths:
      - path: /
        backend:
          serviceName: atst
          servicePort: 443