apiVersion: apps/v1
kind: Deployment
metadata:
  name: arcade
  namespace: devsecops
  labels:
    app: arcade
  annotations:
    app.onlionel.com/git-sha: "__GIT_SHA__"
spec:
  replicas: 1
  revisionHistoryLimit: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  selector:
    matchLabels:
      app: arcade
  template:
    metadata:
      labels:
        app: arcade
      annotations:
        app.onlionel.com/git-sha: "__GIT_SHA__"
    spec:
      imagePullSecrets:
        - name: gitea-registry
      containers:
        - name: arcade
          image: git.onlionel.com/lionel/arcade:__IMAGE_TAG__
          imagePullPolicy: Always
          ports:
            - containerPort: 5000
          readinessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 2
            failureThreshold: 6
          livenessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 15
            periodSeconds: 10
            timeoutSeconds: 2
            failureThreshold: 3
---
apiVersion: v1
kind: Service
metadata:
  name: arcade
  namespace: devsecops
spec:
  selector:
    app: arcade
  ports:
    - port: 80
      targetPort: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: arcade
  namespace: devsecops
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls.certresolver: le
spec:
  ingressClassName: traefik
  tls:
    - hosts:
        - arcade.onlionel.com
      secretName: arcade-tls
  rules:
    - host: arcade.onlionel.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: arcade
                port:
                  number: 80