apiVersion: v1
kind: Namespace
metadata:
  name: intranet
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: intranet-vector-store
  namespace: intranet
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: intranet-web
  namespace: intranet
  labels:
    app: intranet-web
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: intranet-web
  template:
    metadata:
      labels:
        app: intranet-web
    spec:
      initContainers:
        - name: clone-notes-corpus
          image: alpine/git:latest
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - -c
            - |
              set -e
              if [ -d /srv/flowercore-notes/.git ]; then
                cd /srv/flowercore-notes && git fetch --depth=1 origin && git reset --hard origin/codex/notes-pimanager-live-drift
              else
                rm -rf /srv/flowercore-notes/* /srv/flowercore-notes/.[!.]* 2>/dev/null || true
                git clone --depth=1 --branch codex/notes-pimanager-live-drift https://github.com/astoltz/FlowerCore.Notes.git /srv/flowercore-notes
              fi
              ls -la /srv/flowercore-notes/docs | head -10
          volumeMounts:
            - name: notes-corpus
              mountPath: /srv/flowercore-notes
      containers:
        - name: intranet-web
          image: localhost/fc-intranet-web:v202604240040search
          imagePullPolicy: Never
          ports:
            - containerPort: 5300
              name: http
          env:
            - name: ASPNETCORE_ENVIRONMENT
              value: Production
            - name: ASPNETCORE_URLS
              value: "http://+:5300"
          resources:
            requests:
              memory: "256Mi"
              cpu: "100m"
            limits:
              memory: "1Gi"
              cpu: "1000m"
          livenessProbe:
            httpGet:
              path: /health
              port: 5300
            initialDelaySeconds: 30
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /health
              port: 5300
            initialDelaySeconds: 10
            periodSeconds: 10
          volumeMounts:
            - name: notes-corpus
              mountPath: /srv/flowercore-notes
              readOnly: true
            - name: vector-store
              mountPath: /data
      volumes:
        - name: notes-corpus
          emptyDir:
            sizeLimit: 1Gi
        - name: vector-store
          persistentVolumeClaim:
            claimName: intranet-vector-store
---
apiVersion: v1
kind: Service
metadata:
  name: intranet-web
  namespace: intranet
spec:
  selector:
    app: intranet-web
  ports:
    - port: 5300
      targetPort: 5300
      name: http
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: intranet-tls
  namespace: intranet
spec:
  secretName: intranet-tls
  issuerRef:
    name: step-ca-acme
    kind: ClusterIssuer
  dnsNames:
    - intranet.iamworkin.lan
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: intranet
  namespace: intranet
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`intranet.iamworkin.lan`)
      kind: Rule
      services:
        - name: intranet-web
          port: 5300
  tls:
    secretName: intranet-tls