---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kubernetes.io/metadata.name: coredb-operator
  name: coredb-operator

---
# Scoped service account
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredb-controller
  namespace: coredb-operator
automountServiceAccountToken: true

---
# Access for the service account
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: control-cdb
rules:
  - apiGroups: ["coredb.io"]
    resources: ["coredbs", "coredbs/status"]
    verbs: ["get", "list", "watch", "patch", "update"]
  - apiGroups: ["events.k8s.io"]
    resources: ["events"]
    verbs: ["create"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "patch"]
  - apiGroups: ["apps"]
    resources: ["statefulsets"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: [""]
    resources: ["services", "secrets", "pods", "pods/exec", "namespaces/status", "serviceaccounts", "secrets", "configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["roles", "rolebindings"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
  - apiGroups: ["batch"]
    resources: ["cronjobs"]
    verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
---
# Binding the role to the account in coredb-operator ns
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: coredb-controller-binding
subjects:
- kind: ServiceAccount
  namespace: coredb-operator
  name: coredb-controller
roleRef:
  kind: ClusterRole
  name: control-cdb
  apiGroup: rbac.authorization.k8s.io

---
# Expose the http port of the service
apiVersion: v1
kind: Service
metadata:
  name: coredb-controller
  namespace: coredb-operator
  labels:
    app: coredb-controller
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: coredb-controller

---
# Main deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredb-controller
  namespace: coredb-operator
  labels:
    app: coredb-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: coredb-controller
  template:
    metadata:
      labels:
        app: coredb-controller
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
    spec:
      serviceAccountName: coredb-controller
      containers:
      - name: coredb-controller
        image: quay.io/coredb/coredb-operator:latest
        imagePullPolicy: Always
        resources:
          limits:
            cpu: 200m
            memory: 256Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        env:
        # We are pointing to tempo or grafana tracing agent's otlp grpc receiver port
        - name: OPENTELEMETRY_ENDPOINT_URL
          value: "https://10.96.239.210:8080"
        - name: RUST_LOG
          value: "info,kube=debug,controller=debug"
        - name: ENABLE_INITIAL_BACKUP
          value: "false"
        readinessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 5
          periodSeconds: 5