---
apiVersion: v1
kind: Secret
metadata:
  name: punchmole-configuration
  namespace: ${ENVIRONMENT}
type: Opaque
stringData:
  API_KEYS: "${PUNCHMOLE_API_KEYS}"

---
# pod for cronjob apple-crawl-active-keywords
apiVersion: apps/v1
kind: Deployment
metadata:
  name: punchmole-server
  namespace: ${ENVIRONMENT}
spec:
  selector:
    matchLabels:
      app: punchmole-server
  replicas: 1
  template:
    metadata:
      labels:
        app: punchmole-server
    spec:
      imagePullSecrets:
        - name: gitlab-registry-credentials
      containers:
        - name: punchmole-server
          image: ${CI_REGISTRY_FULL_IMAGE}
          resources:
            requests:
              memory: 1G
          env:
            - name: API_KEYS
              valueFrom:
                secretKeyRef:
                  name: punchmole-configuration
                  key: API_KEYS
            - name: PORT
              value: "10000"
---
# service for keywords rest service
kind: Service
apiVersion: v1
metadata:
  name: punchmole-server
  namespace: ${ENVIRONMENT}
spec:
  selector:
    app: punchmole-server
  ports:
    - port: 10000 # Default port for image
      targetPort: 10000
---
# ingress for keywords rest service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: punchmole-server
  namespace: ${ENVIRONMENT}
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "360s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "360s"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true" # Ensure forwarded headers are used
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"  # Disable forced HTTPS redirection
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable SSL passthrough
spec:
  rules:
    - host: "*.${PUNCHMOLE_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: punchmole-server
                port:
                  number: 10000
---
# ingress for keywords rest service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: punchmole-server-secondary-domain
  namespace: ${ENVIRONMENT}
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "360s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "360s"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true" # Ensure forwarded headers are used
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"  # Disable forced HTTPS redirection
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable SSL passthrough
spec:
  rules:
    - host: "*.${PUNCHMOLE_SECONDARY_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: punchmole-server
                port:
                  number: 10000
---
# ingress for keywords rest service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: punchmole-server-third-domain
  namespace: ${ENVIRONMENT}
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "360s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "360s"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true" # Ensure forwarded headers are used
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"  # Disable forced HTTPS redirection
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable SSL passthrough
spec:
  rules:
    - host: "*.${PUNCHMOLE_THIRD_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: punchmole-server
                port:
                  number: 10000
---
# ingress for keywords rest service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: punchmole-server-third-domain
  namespace: ${ENVIRONMENT}
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "360s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "360s"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true" # Ensure forwarded headers are used
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"  # Disable forced HTTPS redirection
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable SSL passthrough
spec:
  rules:
    - host: "*.${PUNCHMOLE_FOURTH_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: punchmole-server
                port:
                  number: 10000
---
# ingress for keywords rest service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: punchmole-server-third-domain
  namespace: ${ENVIRONMENT}
  annotations:
    nginx.ingress.kubernetes.io/proxy-send-timeout: "360s"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "360s"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true" # Ensure forwarded headers are used
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"  # Disable forced HTTPS redirection
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable SSL passthrough
spec:
  rules:
    - host: "*.${PUNCHMOLE_FIFTH_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: punchmole-server
                port:
                  number: 10000