apiVersion: v1
kind: Secret
metadata:
  name: outline
  namespace: outline
  annotations:
    kube-1password: maouivotrbgydslnsukbjrwgja
    kube-1password/vault: Kubernetes
    kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
  name: outline
  namespace: outline
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: web
    name: web
  selector:
    app: outline
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: outline
  namespace: outline
spec:
  selector:
    matchLabels:
      app: outline
  serviceName: outline
  replicas: 1
  template:
    metadata:
      labels:
        app: outline
    spec:
      containers:
      - name: postgres
        image: postgres:9-alpine
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5432
          name: db
        env:
        - name: POSTGRES_USER
          value: user
        - name: POSTGRES_PASSWORD
          value: pass
        - name: POSTGRES_DB
          value: outline
        - name: PGDATA
          value: /var/lib/postgresql/data/outline
        volumeMounts:
        - name: data
          mountPath: /var/lib/postgresql/data
      - name: redis
        image: redis:6
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 6379
          name: redis
      - name: outline
        image: outlinewiki/outline:0.59.0
        imagePullPolicy: IfNotPresent
        # command:
        #   - sh
        #   - -c
        #   - |
        #     sleep 10 && yarn sequelize db:migrate --env=production-ssl-disabled && yarn build && yarn start
        env:
        - name: PGSSLMODE
          value: disable
        - name: ALLOWED_DOMAINS
          value: marcusnoble.co.uk,marcusnoble.eu.auth0.com
        ports:
        - containerPort: 3000
          name: web
        volumeMounts:
          - mountPath: /opt/outline/.env
            subPath: .env
            name: outline-env
            readOnly: true
      volumes:
        - name: outline-env
          secret:
            secretName: outline
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 5Gi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: outline
  namespace: outline
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
  tls:
  - hosts:
    - outline.cluster.fun
    secretName: outline-ingress
  rules:
  - host: outline.cluster.fun
    http:
      paths:
      - path: /
        backend:
          serviceName: outline
          servicePort: 80