namePrefix: prod-
resources:
- ../base
- svc-db.yaml
- svc-netflux.yaml

configMapGenerator:
- name: prometheus-server
  behavior: merge
  files:
  - prometheus.yml=prometheus.yaml
- name: grafana
  behavior: merge
  files:
  - grafana.ini
  - datasources.yaml=grafana-datasources.yaml
- name: invidious-config
  files:
  - config.yml=invidious-config.yaml
- name: element-config
  files:
  - config.json=element-config.json

secretGenerator:
- name: prometheus-credentials
  files:
  - secrets/exporter-password
- name: grafana-credentials
  files:
  - admin-user=secrets/grafana-admin-user
  - admin-password=secrets/grafana-admin-password
- name: invidious-credentials
  literals:
  # Individual keys required by init-invidious-db:
  - database-host=prod-db
  - database-port=5432
  - database-name=invidious
  - database-user=kemal
  files:
  - database-url=secrets/invidious-database-url
  - database-password=secrets/invidious-database-password

patches:
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
    kind: Deployment
    name: ingress-nginx-controller
  path: deploy-ingress-nginx.yaml

# Patch the ingress-nginx-admission-create job to reference its webhook with a
# namePrefix.
- target:
    kind: Job
    name: ingress-nginx-admission-create
  path: job-ingress-nginx-admission-create.yaml

# Patch the ingress-nginx-admission-patch job to reference its webhook with a
# namePrefix.
- target:
    kind: Job
    name: ingress-nginx-admission-patch
  path: job-ingress-nginx-admission-patch.yaml

# Patch the ingress resource with stage-specific hostnames:
- target:
    kind: Ingress
    name: ingress
  path: ingress.yaml

# Patch prometheus-server pod to mount the secrets volume.
- target:
    kind: Deployment
    name: prometheus-server
  patch: |-
    - op: add
      path: /spec/template/spec/volumes/-
      value:
        secret:
          secretName: prod-prometheus-credentials
        name: secrets-volume
    - op: add
      path: /spec/template/spec/containers/1/volumeMounts/-
      value:
        mountPath: /etc/secrets
        name: secrets-volume
        readOnly: true

# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
    kind: Deployment
    name: grafana
  path: deploy-grafana.yaml