apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hub
  name: hub
  namespace: hub
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hub
  template:
    metadata:
      labels:
        app: hub
    spec:
      volumes:
        - name: server-certs
          projected:
            sources:
              - secret:
                  name: hub-dev-stg-cert-tls
              - secret:
                  name: hub-ca-crt
      containers:
      - image: amohd/servicedemon:v2
        name: servicedemon
        command: ["/hub"]
        env:
          - name: HUB_CA_CERT_FILE
            value: /etc/hub/certs/ca.crt
          - name: HUB_SERVER_CERT_FILE
            value: /etc/hub/certs/tls.crt
          - name: HUB_SERVER_KEY_FILE
            value: /etc/hub/certs/tls.key
        volumeMounts:
          - name: server-certs
            mountPath: /etc/hub/certs/
---
apiVersion: v1
kind: Service
metadata:
  name: hub-svc
  namespace: hub
spec:
  type: ClusterIP
  selector:
    app: hub
  ports:
    - port: 443
      targetPort: 3001
      protocol: "TCP"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  namespace: hub
  name: hub-dev-fixergrid-net
spec:
  entryPoints:
    - websecure
  tls:
    passthrough: true
  routes:
  - match: HostSNI(`hub.dev.fixergrid.net`)
    priority: 1
    services:
      - name: hub-svc
        port: 443
        weight: 1