apiVersion: apps/v1
kind: Deployment
metadata:
  name: bunkerized-nginx-ingress-controller
  labels:
    app: bunkerized-nginx-autoconf
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bunkerized-nginx-autoconf
  template:
    metadata:
      labels:
        app: bunkerized-nginx-autoconf
    spec:
      serviceAccountName: bunkerized-nginx-ingress-controller
      containers:
      - name: bunkerized-nginx-autoconf
        image: bunkerity/bunkerized-nginx-autoconf:1.3.0
        env:
        - name: KUBERNETES_MODE
          value: "yes"
        - name: API_URI
          value: "/ChangeMeToSomethingHardToGuess"
        volumeMounts:
        - name: config
          mountPath: /etc/nginx
        - name: certs
          mountPath: /etc/letsencrypt
        - name: challenges
          mountPath: /acme-challenge
        - name: cache
          mountPath: /cache
        - name: custom-modsec
          mountPath: /modsec-confs
          readOnly: true
        - name: custom-modsec-crs
          mountPath: /modsec-crs-confs
          readOnly: true
      volumes:
      - name: config
        hostPath:
          path: /shared/config
          type: Directory
      - name: certs
        hostPath:
          path: /shared/certs
          type: Directory
      - name: challenges
        hostPath:
          path: /shared/challenges
          type: Directory
      - name: cache
        hostPath:
          path: /shared/cache
          type: Directory
      - name: custom-modsec
        hostPath:
          path: /shared/custom-modsec
          type: Directory
      - name: custom-modsec-crs
        hostPath:
          path: /shared/custom-modsec-crs
          type: Directory
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: bunkerized-nginx
  labels:
    app: bunkerized-nginx
spec:
  selector:
    matchLabels:
      name: bunkerized-nginx
  template:
    metadata:
      labels:
        name: bunkerized-nginx
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: bunkerized-nginx
        image: bunkerity/bunkerized-nginx:1.3.0
        env:
        - name: KUBERNETES_MODE
          value: "yes"
        - name: USE_API
          value: "yes"
        - name: API_URI
          value: "/ChangeMeToSomethingHardToGuess"
        volumeMounts:
        - name: config
          mountPath: /etc/nginx
          readOnly: true
        - name: certs
          mountPath: /etc/letsencrypt
          readOnly: true
        - name: challenges
          mountPath: /acme-challenge
          readOnly: true
        - name: www
          mountPath: /www
          readOnly: true
        - name: custom-http
          mountPath: /http-confs
          readOnly: true
        - name: custom-server
          mountPath: /server-confs
          readOnly: true
        - name: custom-modsec
          mountPath: /modsec-confs
          readOnly: true
        - name: custom-modsec-crs
          mountPath: /modsec-crs-confs
          readOnly: true
      volumes:
      - name: config
        hostPath:
          path: /shared/config
          type: Directory
      - name: certs
        hostPath:
          path: /shared/certs
          type: Directory
      - name: challenges
        hostPath:
          path: /shared/challenges
          type: Directory
      - name: www
        hostPath:
          path: /shared/www
          type: Directory
      - name: custom-http
        hostPath:
          path: /shared/custom-http
          type: Directory
      - name: custom-server
        hostPath:
          path: /shared/custom-server
          type: Directory
      - name: custom-modsec
        hostPath:
          path: /shared/custom-modsec
          type: Directory
      - name: custom-modsec-crs
        hostPath:
          path: /shared/custom-modsec-crs
          type: Directory