# Copyright 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# kong deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: apigw-kong
  name: apigw-kong
  namespace: mep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: apigw-kong
  template:
    metadata:
      labels:
        app: apigw-kong
    spec:
      initContainers:
        - name: check-db-ready
          image: postgres:9.6
          command: ['sh', '-c', 'until pg_isready -h postgres-db -p 5432;
                   do echo waiting for database; sleep 2; done;']
      containers:
        - name: kong-proxy
          image: kong:1.5.1-alpine
          env:
            - name: KONG_DATABASE
              value: "postgres"
            - name: KONG_NGINX_WORKER_PROCESSES
              value: "1"
            - name: KONG_ADMIN_ACCESS_LOG
              value: /dev/stdout
            - name: KONG_ADMIN_ERROR_LOG
              value: /dev/stderr
            - name: KONG_ADMIN_ACCESS_LOG
              value: /dev/stdout
            - name: KONG_ADMIN_ERROR_LOG
              value: /dev/stderr
            - name: KONG_ADMIN_LISTEN
              value: 127.0.0.1:8444 ssl
            - name: KONG_PROXY_LISTEN
              value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
            - name: KONG_ADMIN_LISTEN
              value: 0.0.0.0:8001
            - name: KONG_PG_DATABASE
              value: kong
            - name: KONG_PG_HOST
              value: postgres-db
            - name: KONG_PG_USER
              value: kong
            - name: KONG_PG_PASSWORD
              value: kong
            - name: KONG_PROXY_ACCESS_LOG
              value: /dev/stdout
            - name: KONG_PROXY_ERROR_LOG
              value: /dev/stderr
            #- name: KONG_SSL_CERT
              #value: /run/kongssl/server.cer
            #- name: KONG_SSL_CERT_KEY
              #value: /run/kongssl/server_key.pem
          ports:
            - containerPort: 8000
              name: proxy
              protocol: TCP
            - containerPort: 8443
              name: proxy-ssl
              protocol: TCP
            - containerPort: 8001
              name: admin-api
              protocol: TCP
            - containerPort: 8444
              name: admin-api-ssl
              protocol: TCP
          #volumeMounts:
            #- name: kongssl
              #mountPath: "/run/kongssl"
              #readOnly: true
      #volumes:
        #- name: kongssl
          #secret:
            #secretName: kongssl-secret


# kong service
---
apiVersion: v1
kind: Service
metadata:
  name: kong-service
  namespace: mep
spec:
  selector:
    app: apigw-kong
  type: NodePort
  ports:
    - port: 8000
      name: proxy
      nodePort: 30010
    - port: 8443
      name: proxy-ssl
      nodePort: 30011
    - port: 8001
      name: admin-api
      nodePort: 30012
    - port: 8444
      name: admin-api-ssl
      nodePort: 30013