# Copyright BigchainDB GmbH and BigchainDB contributors
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0

apiVersion: v1
kind: Secret
metadata:
  name: threescale-credentials
  namespace: default
type: Opaque
data:
  secret-token: "<b64 encoded 3scale secret-token>"
  service-id: "<b64 encoded 3scale service-id>"
  version-header: "<b64 encoded 3scale version-header>"
  provider-key: "<b64 encoded 3scale provider-key>"
---
apiVersion: v1
kind: Service
metadata:
  name: openresty
  namespace: default
  labels:
    name: openresty
  annotations:
    service.beta.kubernetes.io/external-traffic: OnlyLocal
spec:
  selector:
    app: openresty-dep
  ports:
  - port: 80
    targetPort: 80
    name: openresty-svc-port
    protocol: TCP
  type: ClusterIP
  clusterIP: None
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: openresty-dep
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: openresty-dep
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx-openresty
        image: bigchaindb/nginx_3scale:2.0
        imagePullPolicy: Always
        env:
        - name: DNS_SERVER
          value: "10.0.0.10"
        - name: OPENRESTY_FRONTEND_PORT
          value: "80"
        - name: BIGCHAINDB_BACKEND_HOST
          value: "bdb.default.svc.cluster.local"
        - name: BIGCHAINDB_API_PORT
          value: "9984"
        ports:
        - containerPort: 80
          protocol: TCP
          name: openresty-port
        volumeMounts:
        - name: threescale-credentials
          mountPath: /usr/local/openresty/nginx/conf/threescale
          readOnly: true
        livenessProbe:
          httpGet:
            path: /
            port: openresty-port
          initialDelaySeconds: 15
          periodSeconds: 15
          failureThreshold: 3
          timeoutSeconds: 10
        resources:
          limits:
            cpu: 200m
            memory: 768Mi
      restartPolicy: Always
      volumes:
      - name: threescale-credentials
        secret:
          secretName: threescale-credentials
          defaultMode: 0400