apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: bunkerized-nginx
  labels:
    app: bunkerized-nginx
spec:
  selector:
    matchLabels:
      name: bunkerized-nginx
  template:
    metadata:
      labels:
        name: bunkerized-nginx
        # this label is mandatory
        bunkerized-nginx: "yes"
    spec:
      containers:
      - name: bunkerized-nginx
        image: bunkerity/bunkerized-nginx
        ports:
        - containerPort: 8080
          hostPort: 80
        - containerPort: 8443
          hostPort: 443
        env:
        - name: KUBERNETES_MODE
          value: "yes"
        - name: DNS_RESOLVERS
          value: "kube-dns.kube-system.svc.cluster.local"
        - name: USE_API
          value: "yes"
        - name: API_URI
          value: "/ChangeMeToSomethingHardToGuess"
        - name: SERVER_NAME
          value: ""
        - name: MULTISITE
          value: "yes"
        volumeMounts:
        - name: confs
          mountPath: /etc/nginx
          readOnly: true
        - name: letsencrypt
          mountPath: /etc/letsencrypt
          readOnly: true
        - name: acme-challenge
          mountPath: /acme-challenge
          readOnly: true
        - name: www
          mountPath: /www
          readOnly: true
      volumes:
      - name: confs
        hostPath:
          path: /shared/confs
          type: Directory
      - name: letsencrypt
        hostPath:
          path: /shared/letsencrypt
          type: Directory
      - name: acme-challenge
        hostPath:
          path: /shared/acme-challenge
          type: Directory
      - name: www
        hostPath:
          path: /shared/www
          type: Directory
---
apiVersion: v1
kind: Service
metadata:
  name: bunkerized-nginx-service
  # this label is mandatory
  labels:
    bunkerized-nginx: "yes"
  # this annotation is mandatory
  annotations:
    bunkerized-nginx.AUTOCONF: "yes"
spec:
  clusterIP: None
  selector:
    name: bunkerized-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bunkerized-nginx-ingress-controller
  labels:
    app: bunkerized-nginx-autoconf
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bunkerized-nginx-autoconf
  template:
    metadata:
      labels:
        app: bunkerized-nginx-autoconf
    spec:
      serviceAccountName: bunkerized-nginx-ingress-controller
      containers:
      - name: bunkerized-nginx-autoconf
        image: bunkerity/bunkerized-nginx-autoconf
        env:
        - name: KUBERNETES_MODE
          value: "yes"
        - name: API_URI
          value: "/ChangeMeToSomethingHardToGuess"
        volumeMounts:
        - name: confs
          mountPath: /etc/nginx
        - name: letsencrypt
          mountPath: /etc/letsencrypt
        - name: acme-challenge
          mountPath: /acme-challenge
      volumes:
      - name: confs
        hostPath:
          path: /shared/confs
          type: Directory
      - name: letsencrypt
        hostPath:
          path: /shared/letsencrypt
          type: Directory
      - name: acme-challenge
        hostPath:
          path: /shared/acme-challenge
          type: Directory