# Deployment for the node-balancer
apiVersion: apps/v1
kind: Deployment
metadata:
  name: node-balancer
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: node-balancer
  template:
    metadata:
      labels:
        app: node-balancer
    spec:
      nodeSelector:
        node.kubernetes.io/microk8s-controlplane: microk8s-controlplane
      serviceAccountName: node-balancer
      containers:
      - name: node-balancer
        image: allardkrings/node-balancer:1.0
        imagePullPolicy: Always
        env:
        - name: CPU_OVERLOAD_THRESHOLD
          value: "15"
        - name: CPU_UNDERLOAD_THRESHOLD
          value: "10"
        - name: MEMORY_OVERLOAD_THRESHOLD
          value: "50"
        - name: MEMORY_UNDERLOAD_THRESHOLD
          value: "45"
        - name: POD_EVICTION_INTERVAL
          value: "30"
        - name: POD_ANIMATION_DURATION
          value: "10"
        - name: POD_RESPAWN_TIMEOUT
          value: "45"
        - name: CLUSTER_NAME
          value: "PROD"
        ports:
        - name: webui
          containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: node-balancer-webui
  namespace: kube-system
spec:
  selector:
    app: node-balancer
  ports:
  - name: http
    protocol: TCP
    port: 8080
    targetPort: 8080
  type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: node-balancer-tls
  namespace: kube-system
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`nodebalancer-prod.allarddcs.nl`)
    kind: Rule
    services:
    - name: node-balancer-webui
      port: 8080
  tls:
    certResolver: letsencrypt
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-balancer
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-balancer
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch", "delete"]
  - apiGroups: ["metrics.k8s.io"]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
---
# Binding of role to account
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: node-balancer-binding
subjects:
  - kind: ServiceAccount
    name: node-balancer
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: node-balancer
  apiGroup: rbac.authorization.k8s.io