apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: caddyingresscontroller
  labels:
    app: caddyIngressController
    chart: "caddyingresscontroller-v0.1.0"
    release: "release-name"
    heritage: "Tiller"
    version: v0.1.0

spec:
  replicas: 1
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: caddyIngressController
      release: "release-name"
  template:
    metadata:
      labels:
        app: caddyIngressController
        chart: "caddyingresscontroller-v0.1.0"
        release: "release-name"
        heritage: "Tiller"
        version: v0.1.0

    spec:
      serviceAccountName: caddyingresscontroller
      containers:
      - name: caddyingresscontroller
        image: "caddy/ingresscontroller"
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            drop:
              - ALL
            add:
              - NET_BIND_SERVICE
          # www-data -> 33
          runAsUser: 0
          runAsGroup: 0
        ports:
          - name: http
            containerPort: 80
            hostPort: 80 # optional, required if running in minikube
          - name: https
            containerPort: 443
            hostPort: 443 # optional, required if running in minikube
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace