---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers X-Frame-Options SAMEORIGIN;
      more_set_headers X-Content-Type-Options nosniff;
      more_set_headers X-XSS-Protection "1; mode=block";
      more_set_headers Content-Security-Policy "frame-ancestors 'self'";

    nginx.ingress.kubernetes.io/server-snippet: |
      if ($request_uri = "/") {
        more_set_headers "Cache-Control: no-cache";
      }
      if ($request_uri ~* "^/(config.*\.json|i18n|home|sites|index\.html)$") {
        more_set_headers "Cache-Control: no-cache, no-store, must-revalidate";
      }
spec:
  ingressClassName: nginx
  tls:
    - secretName: tls-app
      hosts:
        - "$BASE_URL"
  rules:
    - host: "$BASE_URL"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: app
                port:
                  name: http
---
apiVersion: v1
kind: Service
metadata:
  name: app
  labels:
    app: app
spec:
  selector:
    app: app
  ports:
    - name: http
      port: 80
      targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: app
spec:
  replicas: $NB_REPLICAS
  selector:
    matchLabels:
      app: app
  template:
    metadata:
      labels:
        app: app
    spec:
      containers:
        - name: app
          image: "$IMAGEAPP"
          ports:
            - name: http
              containerPort: 8080
          env:
            - name: ELEMENT_WEB_PORT
              value: "8080"
          volumeMounts:
            - name: config
              mountPath: /app/config.json
              subPath: config.json
      volumes:
        - name: config
          configMap:
            name: element