# Copyright BigchainDB GmbH and BigchainDB contributors
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0

apiVersion: v1
kind: Secret
metadata:
  name: https-certs
  namespace: default
type: Opaque
data:
  # Base64-encoded HTTPS private key
  cert.key: "<b64 encoded HTTPS private key>"
  # Base64-encoded HTTPS certificate chain
  # starting with your primary SSL cert (e.g. your_domain.crt)
  # followed by all intermediate certs.
  # If cert if from DigiCert, download "Best format for nginx".
  cert.pem: "<b64 encoded HTTPS certificate chain"
  # Base64-encoded HTTPS private key
---
apiVersion: v1
kind: Service
metadata:
  name: ngx-https
  namespace: default
  labels:
    name: ngx-https
  annotations:
    service.beta.kubernetes.io/external-traffic: OnlyLocal
spec:
  selector:
    app: ngx-https-dep
  ports:
  - port: 443
    targetPort: 443
    name: public-secure-node-port
    protocol: TCP
  - port: 80
    targetPort: 80
    name: public-insecure-node-port
    protocol: TCP
  - port: 27017
    targetPort: 27017
    name: public-mdb-port
    protocol: TCP
  type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: ngx-https-dep
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: ngx-https-dep
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx-https
        image: bigchaindb/nginx_https:1.0
        imagePullPolicy: Always
        env:
        - name: CLUSTER_FRONTEND_PORT
          value: "443"
        - name: HEALTH_CHECK_PORT
          value: "8888"
        - name: CLUSTER_FQDN
          value: "unfake.io"
        - name: DNS_SERVER
          value: "10.0.0.10"
        - name: MONGODB_FRONTEND_PORT
          value: "27017"
        - name: MONGODB_BACKEND_HOST
          value: "mdb.default.svc.cluster.local"
        - name: MONGODB_BACKEND_PORT
          value: "27017"
        - name: OPENRESTY_BACKEND_PORT
          value: "80"
        - name: OPENRESTY_BACKEND_HOST
          value: "openresty.default.svc.cluster.local"
        - name: BIGCHAINDB_BACKEND_HOST
          value: "bdb.default.svc.cluster.local"
        - name: BIGCHAINDB_API_PORT
          value: "9984"
        - name: BIGCHAINDB_WS_PORT
          value: "9985"
        ports:
        - containerPort: 80
          protocol: TCP
        - containerPort: 27017
          protocol: TCP
        - containerPort: 8888
          protocol: TCP
        - containerPort: 443
          protocol: TCP
        - containerPort: 44433
          protocol: TCP
        resources:
          limits:
            cpu: 200m
            memory: 768Mi
        volumeMounts:
        - name: https-certs
          mountPath: /etc/nginx/ssl/
          readOnly: true
        resources:
          limits:
            cpu: 200m
            memory: 768Mi
        livenessProbe:
          httpGet:
            path: /health
            port: 8888
          initialDelaySeconds: 15
          periodSeconds: 15
          failureThreshold: 3
          timeoutSeconds: 10
      restartPolicy: Always
      volumes:
      - name: https-certs
        secret:
          secretName: https-certs
          defaultMode: 0400