apiVersion: v1
kind: Namespace
metadata:
  name: scp
---
apiVersion: v1
kind: Secret
metadata:
  name: scp-s3
  namespace: scp
  annotations:
    kube-1password: d5dgclm3qrxd4fntivv26ec3ee
    kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
  name: scp
  namespace: scp
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80
    name: web
  selector:
    app: scp
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: scp
  namespace: scp
spec:
  replicas: 2
  selector:
    matchLabels:
      app: scp
  template:
    metadata:
      labels:
        app: scp
    spec:
      containers:
      - name: web
        image: pottava/s3-proxy:2.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
          name: web
        env:
        - name: AWS_REGION
          value: fr-par
        - name: AWS_S3_BUCKET
          value: scp-archives
        - name: AWS_API_ENDPOINT
          value: https://s3.fr-par.scw.cloud
        - name: AWS_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: scp-s3
              key: username
        - name: AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: scp-s3
              key: password
        resources:
          limits:
            memory: 200Mi
          requests:
            memory: 200Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: scp
  namespace: scp
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
  tls:
  - hosts:
    - scp-archives.cluster.fun
    secretName: scp-ingress
  rules:
  - host: scp-archives.cluster.fun
    http:
      paths:
      - path: /
        backend:
          serviceName: scp
          servicePort: 80