apiVersion: v1
kind: Namespace
metadata:
  name: fastapi-dynamic-response
  namespace: fastapi-dynamic-response
---
apiVersion: v1
kind: Service
metadata:
  name: fastapi-dynamic-response
  namespace: fastapi-dynamic-response
spec:
  selector:
    app: fastapi-dynamic-response
  ports:
    - name: "8000"
      port: 8000
      targetPort: 8000
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: fastapi-dynamic-response
  namespace: fastapi-dynamic-response
  labels:
    app: fastapi-dynamic-response
    version: "0.0.3"
    owner: "waylonwalker"
  annotations:
    email: "fastapi-dynamic-response@fastapi-dynamic-response.com"
spec:
  replicas: 3
  selector:
    matchLabels:
      app: fastapi-dynamic-response
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  template:
    metadata:
      labels:
        app: fastapi-dynamic-response
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: fastapi-dynamic-response
              topologyKey: "kubernetes.io/hostname"
      containers:
        - image: docker.io/waylonwalker/fastapi-dynamic-response:0.0.2
          name: fastapi-dynamic-response
          ports:
            - containerPort: 8000
              protocol: TCP
          imagePullPolicy: Always
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            runAsUser: 10001
            runAsGroup: 10001
          readinessProbe:
            httpGet:
              path: /livez
              port: 8000
            initialDelaySeconds: 3
            periodSeconds: 10
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8000
            initialDelaySeconds: 3
            periodSeconds: 15
            failureThreshold: 3
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
              ephemeral-storage: 1Gi
            limits:
              cpu: 500m
              memory: 500Mi
              ephemeral-storage: 2Gi
      restartPolicy: Always
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: fastapi-dynamic-response
  namespace: fastapi-dynamic-response
spec:
  ingressClassName: nginx
  rules:
    - host: fastapi-dynamic-response.waylonwalker.com
      http:
        paths:
          - backend:
              service:
                name: fastapi-dynamic-response
                port:
                  number: 8000
            path: /
            pathType: Prefix
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-fastapi-dynamic-response
  namespace: fastapi-dynamic-response
spec:
  podSelector:
    matchLabels:
      app: fastapi-dynamic-response
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - podSelector: {}
          # - namespaceSelector:
          #     matchLabels:
          #       name: fastapi-dynamic-response
      ports:
        - protocol: TCP
          port: 8000
  egress:
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
      ports:
        - protocol: TCP
          port: 443
        - protocol: TCP
          port: 80
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: fastapi-dynamic-response-pdb
  namespace: fastapi-dynamic-response
spec:
  minAvailable: 1
  selector:
    matchLabels:
      app: fastapi-dynamic-response