apiVersion: v1
kind: Service
metadata:
  name: index
  labels:
    run: index
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
  selector:
    run: index
#  type: LoadBalancer
# Uncomment the following if you wnat to expose an IP
#status:
#  loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: index
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/index
    server: 10.42.42.10
  claimRef:
    name: index
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: index
  annotations:
    nfs.io/storage-path: "index"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: index
spec:
  replicas: 2
  selector:
    matchLabels:
      run: index
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: index
    spec:
      containers:
        - image: nginx
          imagePullPolicy: "Always"
          name: index
          ports:
            - containerPort: 80
          resources: {}
          volumeMounts:
            - mountPath: /usr/share/nginx/html
              name: index
      restartPolicy: Always
# This didn't seem to do what I want/need
#      affinity:
#        podAntiAffinity:                                 
#          requiredDuringSchedulingIgnoredDuringExecution:  #<---- hard requirement not to schedule "nginx" pod if already one scheduled.
#          - topologyKey: kubernetes.io/hostname    # <---- Anti affinity scope is host     
#            labelSelector:                               
#              matchLabels:                               
#                app: index
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app: index
      volumes:
        - name: index
          persistentVolumeClaim:
            claimName: index
#      dnsPolicy: "None"
#      dnsConfig:
#        nameservers:
#          - 10.42.42.239
#          - 10.42.42.1
#        searches:
#          - default.svc.cluster.local
#          - svc.cluster.local 
#          - cluster.local
#        options:
#          - name: ndots
#            value: "2"
#          - name: edns0
#          - name: trust-ad
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: index-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    ## basic auth for index
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - IO'
spec:
  tls:
  - hosts:
    - io.monkeybox.org
    secretName: index-tls
  rules:
  - host: io.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: index
            port:
              number: 80