apiVersion: v1
kind: ServiceAccount
metadata:
  name: skooner-user
  labels:
    app.kubernetes.io/name: skooner

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: skooner-user
  labels:
    app.kubernetes.io/name: skooner
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: skooner-user
  namespace: skooner

---

kind: Deployment
apiVersion: apps/v1
metadata:
  name: skooner
  labels:
    app.kubernetes.io/name: skooner
spec:
  replicas: 0
  selector:
    matchLabels:
      app.kubernetes.io/name: skooner
  template:
    metadata:
      labels:
        app.kubernetes.io/name: skooner
    spec:
      containers:
      - name: skooner
        image: ghcr.io/skooner-k8s/skooner:stable
        imagePullPolicy: Always
        ports:
        - containerPort: 4654
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 4654
          initialDelaySeconds: 30
          timeoutSeconds: 30
        resources:
          limits:
            memory: 80Mi
          requests:
            memory: 80Mi


---

kind: Service
apiVersion: v1
metadata:
  name: skooner
  labels:
    app.kubernetes.io/name: skooner
spec:
  ports:
    - port: 80
      targetPort: 4654
      name: web
  selector:
    app.kubernetes.io/name: skooner

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: skooner
  labels:
    app.kubernetes.io/name: skooner
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - skooner.cluster.fun
    secretName: skooner-ingress
  rules:
  - host: skooner.cluster.fun
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: skooner
            port:
              name: web