apiVersion: v1
kind: Service
metadata:
  name: jenkins
  labels:
    kiamol: ch11
spec:
  ports:
    - port: 8080
      targetPort: jenkins
  selector:
    app: jenkins
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name:  jenkins
  labels:
    kiamol: ch11
spec:
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      serviceAccountName: jenkins
      containers:
        - name: jenkins
          image: kiamol/ch11-jenkins
          ports:
            - name: jenkins
              containerPort: 8080
          volumeMounts:
            - name: registry-creds
              mountPath: /root/.docker
              readOnly: true
      volumes:
        - name: registry-creds
          secret:
            secretName: registry-creds
            defaultMode: 0400
            items:
            - key: .dockerconfigjson
              path: config.json
---
# RBAC configuration - ignore this until we get to chapter 17 :)
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
  labels:
    kiamol: ch11
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
  labels:
    kiamol: ch11
rules:
- apiGroups: [""]
  resources: [pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: [pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: [pods/log"]
  verbs: [get","list","watch"]
- apiGroups: [""]
  resources: ["services","secrets","configmaps"]
  verbs: ["get","list","create","delete"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get","list","create","delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: jenkins
  labels:
    kiamol: ch11
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: default