manifests.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: tag
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tag-bot
  namespace: tag
---
apiVersion: v1
kind: Secret
metadata:
  name: tag-bot-secret
  namespace: tag
  annotations:
    kubernetes.io/service-account.name: tag-bot
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: tag-bot-role
  namespace: tag
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tag-bot-rolebinding
  namespace: tag
subjects:
  - kind: ServiceAccount
    name: tag-bot
    namespace: tag
roleRef:
  kind: Role
  name: tag-bot-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Pod
metadata:
  name: tag-bot
  namespace: tag
  labels:
    app: tag-bot
spec:
  serviceAccountName: tag-bot
  containers:
    - name: tag-bot
      imagePullPolicy: Always
      image: ghcr.io/cscosu/tag-bot:latest
      env:
        - name: NODE_TLS_REJECT_UNAUTHORIZED
          value: "0"
        - name: DISCORD_BOT_TOKEN
          valueFrom:
            secretKeyRef:
              name: bot-token
              key: DISCORD_BOT_TOKEN
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
---
apiVersion: v1
kind: Pod
metadata:
  name: tag-observer
  namespace: tag
  labels:
    app: tag-observer
spec:
  containers:
    - name: tag-observer
      imagePullPolicy: Always
      image: ghcr.io/cscosu/tag-observer:latest
      resources:
        limits:
          cpu: 500m
          memory: 512Mi
---
apiVersion: v1
kind: Service
metadata:
  name: tag-observer
  namespace: tag
spec:
  selector:
    app: tag-observer
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tag-observer
  namespace: tag
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: public
  rules:
    - host: tag.osucyber.club
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: tag-observer
                port:
                  name: http
  tls:
    - hosts:
        - tag.osucyber.club
      secretName: tag-tls-certificate
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: tag-network-policy
  namespace: tag
spec:
  podSelector:
    matchLabels:
      tag: "true"
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: ingress-nginx