apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

labels:
- pairs:
    app.kubernetes.io/instance: ansible
  includeSelectors: true
  includeTemplates: true
- pairs:
    app.kubernetes.io/part-of: ansible

namespace: ansible

resources:
- ../dch-root-ca
- ../ssh-host-keys
- rbac.yaml
- secrets.yaml
- namespace.yaml
- ara.yaml
- postgres-cert.yaml
- ingress.yaml

configMapGenerator:
- name: ara
  files:
  - ara/settings.toml
  options:
    labels:
      app.kubernetes.io/name: ara

patches:
- patch: |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: ara
    spec:
      template:
        spec:
          containers:
          - name: ara-api
            volumeMounts:
            - mountPath: /run/dch-ca/dch-root-ca.crt
              name: dch-root-ca
              subPath: dch-root-ca.crt
              readOnly: true
            - mountPath: /run/secrets/ara/postgresql
              name: postgresql-cert
              readOnly: true
          securityContext:
            fsGroup: 7653
          volumes:
          - name: postgresql-cert
            secret:
              secretName: ara-postgres-cert
              defaultMode: 0640
          - name: dch-root-ca
            configMap:
              name: dch-root-ca