apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: namespace
    app.kubernetes.io/instance: system
    app.kubernetes.io/component: manager
    app.kubernetes.io/created-by: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
    app.kubernetes.io/managed-by: kustomize
  name: system
---
apiVersion: v1
kind: Secret
metadata:
  name: container-mom-secrets
  namespace: system
  labels:
    app.kubernetes.io/name: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
type: Opaque
data:
  # These will be replaced during deployment
  STRIPE_API_KEY: ""
  CLOUDFLARE_API_TOKEN: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller-manager
  namespace: system
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: deployment
    app.kubernetes.io/instance: controller-manager
    app.kubernetes.io/component: manager
    app.kubernetes.io/created-by: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
    app.kubernetes.io/managed-by: kustomize
spec:
  selector:
    matchLabels:
      control-plane: controller-manager
  replicas: 1
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: manager
        prometheus.io/scrape: "true"
        prometheus.io/port: "3000"
        prometheus.io/path: "/metrics"
      labels:
        control-plane: controller-manager
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
      - name: manager
        image: container-mom-operator:latest
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - "ALL"
        ports:
        - containerPort: 3000
          name: http
        env:
        - name: KUBERNETES_SERVICE_HOST
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        - name: KUBERNETES_SERVICE_PORT
          value: "6443"
        - name: LOG_LEVEL
          value: "info"
        - name: KEMAL_ENV
          value: "production"
        - name: PORT
          value: "3000"
        - name: STRIPE_API_KEY
          valueFrom:
            secretKeyRef:
              name: container-mom-secrets
              key: STRIPE_API_KEY
        - name: CLOUDFLARE_API_TOKEN
          valueFrom:
            secretKeyRef:
              name: container-mom-secrets
              key: CLOUDFLARE_API_TOKEN
        - name: OTEL_EXPORTER_OTLP_ENDPOINT
          value: "http://otel-collector:4317"
        volumeMounts:
        - name: config
          mountPath: /app/config
        livenessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 5
          periodSeconds: 10
      volumes:
      - name: config
        configMap:
          name: manager-config
      serviceAccountName: controller-manager
      terminationGracePeriodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
  name: controller-manager
  namespace: system
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: service
    app.kubernetes.io/instance: controller-manager
    app.kubernetes.io/component: manager
    app.kubernetes.io/created-by: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
    app.kubernetes.io/managed-by: kustomize
spec:
  type: ClusterIP
  ports:
  - port: 80
    targetPort: http
    protocol: TCP
    name: http
  selector:
    control-plane: controller-manager
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: controller-manager
  namespace: system
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: servicemonitor
    app.kubernetes.io/instance: controller-manager
    app.kubernetes.io/component: manager
    app.kubernetes.io/created-by: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
    app.kubernetes.io/managed-by: kustomize
spec:
  endpoints:
  - port: http
    path: /metrics
    interval: 15s
  selector:
    matchLabels:
      control-plane: controller-manager
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: controller-manager
  namespace: system
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: ingress
    app.kubernetes.io/instance: controller-manager
    app.kubernetes.io/component: manager
    app.kubernetes.io/created-by: container-mom-operator
    app.kubernetes.io/part-of: container-mom-operator
    app.kubernetes.io/managed-by: kustomize
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - portal.container.mom
    secretName: container-mom-tls
  rules:
  - host: portal.container.mom
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: controller-manager
            port:
              name: http