apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    application: kube-ops-view
    component: frontend
  name: kube-ops-view
spec:
  replicas: 1
  selector:
    matchLabels:
      application: kube-ops-view
      component: frontend
  template:
    metadata:
      labels:
        application: kube-ops-view
        component: frontend
    spec:
      serviceAccountName: kube-ops-view
      containers:
      - name: service
        # see https://github.com/hjacobs/kube-ops-view/releases
        image: hjacobs/kube-ops-view:23.5.0
        args:
        # remove this option to use built-in memory store
        - --redis-url=redis://kube-ops-view-redis:6379
        # example to add external links for nodes and pods
        # - --node-link-url-template=https://kube-web-view.example.org/clusters/{cluster}/nodes/{name}
        # - --pod-link-url-template=https://kube-web-view.example.org/clusters/{cluster}/namespaces/{namespace}/pods/{name}
        ports:
        - containerPort: 8080
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 10
          failureThreshold: 5
        resources:
          limits:
            cpu: 750m
            memory: 512Mi
          requests:
            cpu: 500m
            memory: 512Mi
        securityContext:
          readOnlyRootFilesystem: true
#          runAsNonRoot: true
#          runAsUser: 1000
      - name: oauth-proxy
        env:
        - name: MY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: registry.redhat.io/openshift4/ose-oauth-proxy:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8443
          name: public
        args:
        - --https-address=:8443
        - --provider=openshift
        - --openshift-service-account=kube-ops-view
        - '-openshift-sar={"namespace":"$(MY_POD_NAMESPACE)","resource": "namespaces", "verb": "get"}'
        - --upstream=http://localhost:8080
        - --tls-cert=/etc/tls/private/tls.crt
        - --tls-key=/etc/tls/private/tls.key
        - --client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
        - --openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        - --openshift-ca=/etc/pki/tls/cert.pem
        - --cookie-secret=dGVzdGNvb2tpZQo=
        - -skip-provider-button
        resources:
          limits:
            cpu: 200m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 256Mi
        livenessProbe:
          httpGet:
            path: /oauth/healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 60
          failureThreshold: 60
          periodSeconds: 10
          timeoutSeconds: 10
        readinessProbe:
          httpGet:
            path: /oauth/healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 5
          failureThreshold: 20
          periodSeconds: 10
          timeoutSeconds: 5
        volumeMounts:
        - mountPath: /etc/tls/private
          name: proxy-tls
      volumes:
      - name: proxy-tls
        secret:
          secretName: proxy-tls