---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ambassador-consul-connect
rules:
  - apiGroups: [""]
    resources:
      - secrets
    verbs: ["get", "list", "create", "delete", "patch"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ambassador-consul-connect
  namespace: ambassador
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ambassador-consul-connect
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ambassador-consul-connect
subjects:
  - kind: ServiceAccount
    name: ambassador-consul-connect
    namespace: ambassador
---
apiVersion: getambassador.io/v3alpha1
kind: TLSContext
metadata:
  name: ambassador-consul
  namespace: ambassador
spec:
  hosts: []
  secret: ambassador-consul-connect
---
apiVersion: v1
kind: Service
metadata:
  name: ambassador-consul-connector
  namespace: ambassador
  annotations:
    a8r.io/owner: "Ambassador Labs"
    a8r.io/repository: github.com/datawire/ambassador
    a8r.io/description: "The Ambassador Edge Stack Consul Connect integration."
    a8r.io/documentation: https://www.getambassador.io/docs/edge-stack/latest/
    a8r.io/chat: http://a8r.io/Slack
    a8r.io/bugs: https://github.com/datawire/ambassador/issues
    a8r.io/support: https://www.getambassador.io/about-us/support/
    a8r.io/dependencies: "consul-server.default"
spec:
  ports:
  - name: ambassador-consul-connector
    port: 80
  selector:
    component: consul-connect
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ambassador-consul-connect-integration
  namespace: ambassador
  labels:
    app: ambassador
    component: consul-connect
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ambassador
      component: consul-connect
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: ambassador
        component: consul-connect
      annotations:
        "consul.hashicorp.com/connect-inject": "false"
    spec:
      serviceAccountName: ambassador-consul-connect
      terminationGracePeriodSeconds: 0
      containers:
        - name: consul-connect-integration
          image: docker.io/datawire/aes:$version$
          command: [ "consul_connect_integration" ]
          resources:
            limits:
              cpu: 200m
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 50Mi
          env:
            # Consul runs as a DaemonSet on each Node therefore we need to talk to the Host machine.
            # See: https://www.consul.io/docs/platform/k8s/run.html#architecture
            - name: _CONSUL_HOST
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP
            - name: _AMBASSADOR_TLS_SECRET_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace