# Copyright (c) 2020-present, The kubequery authors
#
# This source code is licensed as defined by the LICENSE file found in the
# root directory of this source tree.
#
# SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)

---
apiVersion: v1
kind: Namespace
metadata:
  name: kubequery
  labels:
    app.kubernetes.io/name: kubequery
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubequery-sa
  namespace: kubequery
  labels:
    app.kubernetes.io/name: kubequery-sa
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubequery-clusterrole
  labels:
    app.kubernetes.io/name: kubequery-clusterrole
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest
rules:
- apiGroups: ["", "admissionregistration.k8s.io", "apps", "autoscaling", "batch", "events.k8s.io", "networking.k8s.io", "policy", "rbac.authorization.k8s.io", "storage.k8s.io"]
  resources: ["*"]
  verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubequery-clusterrolebinding
  labels:
    app.kubernetes.io/name: kubequery-clusterrolebinding
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest
roleRef:
  kind: ClusterRole
  name: kubequery-clusterrole
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: kubequery-sa
  namespace: kubequery

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubequery-config
  namespace: kubequery
  labels:
    app.kubernetes.io/name: kubequery-config
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest
data:
  enroll.secret: TODO
  kubequery.flags: |
  kubequery.conf: |

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubequery
  namespace: kubequery
  labels:
    app.kubernetes.io/name: kubequery
    app.kubernetes.io/part-of: kubequery
    app.kubernetes.io/version: latest
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: kubequery
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kubequery
        app.kubernetes.io/part-of: kubequery
        app.kubernetes.io/version: latest
    spec:
      hostname: my-cluster # TODO: Give a friendly cluster name
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      terminationGracePeriodSeconds: 10
      serviceAccountName: kubequery-sa
      containers:
      - name: kubequery
        image: uptycs/kubequery:latest
        imagePullPolicy: Always
        resources:
          requests:
            cpu: 200m
            memory: 128Mi
          limits:
            cpu: 1000m
            memory: 512Mi
        volumeMounts:
        - name: config
          mountPath: /opt/uptycs/config
      volumes:
      - name: config
        configMap:
          name: kubequery-config