apiVersion: v1
kind: Namespace
metadata:
  labels:
    app: redis
  name: redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: redis-operator
  name: redis-operator
  namespace: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis-operator
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: redis-operator
    spec:
      serviceAccountName: redis-operator
      containers:
        - name: app
          #image: quay.io/spotahome/redis-operator:latest
          image: harbor.uenpay.com/base/redis-operator:latest
          imagePullPolicy: IfNotPresent
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          resources:
            limits:
              cpu: 200m
              memory: 200Mi
            requests:
              cpu: 200m
              memory: 200Mi
      restartPolicy: Always
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: redis-operator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: redis-operator
subjects:
  - kind: ServiceAccount
    name: redis-operator
    namespace: redis
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: redis-operator
rules:
  - apiGroups:
      - databases.spotahome.com
    resources:
      - redisfailovers
      - redisfailovers/finalizers
    verbs:
      - "*"
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions
    verbs:
      - "*"
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - events
      - configmaps
      - persistentvolumeclaims
      - persistentvolumeclaims/finalizers
    verbs:
      - "*"
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - "get"
  - apiGroups:
      - apps
    resources:
      - deployments
      - statefulsets
    verbs:
      - "*"
  - apiGroups:
      - policy
    resources:
      - poddisruptionbudgets
    verbs:
      - "*"
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - "*"
      
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: redis-operator
  namespace: redis
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    prometheus.io/path: /metrics
    prometheus.io/port: http
    prometheus.io/scrape: "true"
  name: redis-operator
  namespace: redis
  labels:
    app: redis-operator
spec:
  type: ClusterIP
  ports:
  - name: metrics
    port: 9710
    protocol: TCP
    targetPort: metrics
  selector:
    app: redis-operator
---

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: redis-operator-metrics
  namespace: redis
  labels:
    app: redis-operator
    release: prometheus
spec:
  selector:
    matchLabels:
      app: redis-operator
  endpoints:
  - port: metrics
  namespaceSelector:
    matchNames:
    - redis
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: redis-operator
  namespace: redis
  labels:
    app: redis-operator
    release: prometheus
spec:
  selector:
    matchLabels:
      app: redis-operator
  podMetricsEndpoints:
  - port: metrics