variable "tls_secret_name" {}
# variable "dockerhub_password" {}

resource "kubernetes_namespace" "city-guesser" {
  metadata {
    name = "city-guesser"
  }
}

module "tls_secret" {
  source          = "../setup_tls_secret"
  namespace       = "city-guesser"
  tls_secret_name = var.tls_secret_name
}

# module "dockerhub_creds" {
#   source    = "../dockerhub_secret"
#   namespace = "website"
#   password  = var.dockerhub_password
# }

resource "kubernetes_deployment" "city-guesser" {
  metadata {
    name      = "city-guesser"
    namespace = "city-guesser"
    labels = {
      run = "city-guesser"
    }
  }
  spec {
    replicas = 1
    selector {
      match_labels = {
        run = "city-guesser"
      }
    }
    template {
      metadata {
        labels = {
          run = "city-guesser"
        }
      }
      spec {
        container {
          image = "viktorbarzin/city-guesser:latest"
          name  = "city-guesser"
          resources {
            limits = {
              cpu    = "0.5"
              memory = "512Mi"
            }
            requests = {
              cpu    = "250m"
              memory = "50Mi"
            }
          }
          port {
            container_port = 80
          }
        }
      }
    }
  }
}

resource "kubernetes_service" "city-guesser" {
  metadata {
    name      = "city-guesser"
    namespace = "city-guesser"
    labels = {
      "run" = "city-guesser"
    }
  }

  spec {
    selector = {
      run = "city-guesser"
    }
    port {
      name        = "http"
      port        = "80"
      target_port = "80"
    }
  }
}
# resource "kubernetes_service" "city-guesser-oauth" {
#   metadata {
#     name      = "city-guesser-oauth"
#     namespace = "city-guesser"
#     labels = {
#       "run" = "city-guesser-oauth"
#     }
#   }

#   spec {
#     type          = "ExternalName"
#     external_name = "oauth-proxy.oauth.svc.cluster.local"

#     # port {
#     #   name        = "tcp"
#     #   port        = "80"
#     #   target_port = "80"
#     # }
#   }
# }

resource "kubernetes_ingress_v1" "city-guesser" {
  metadata {
    name      = "city-guesser-ingress"
    namespace = "city-guesser"
    annotations = {
      "kubernetes.io/ingress.class" = "nginx"
      # "nginx.ingress.kubernetes.io/auth-url"              = "https://$host/oauth2/auth"
      # "nginx.ingress.kubernetes.io/auth-signin"           = "https://$host/oauth2/start?rd=$escaped_request_uri"
      # "nginx.ingress.kubernetes.io/auth-response-headers" = "X-Auth-Request-User,X-Auth-Request-Email"
    }
  }

  spec {
    tls {
      hosts       = ["city-guesser.viktorbarzin.me"]
      secret_name = var.tls_secret_name
    }
    rule {
      host = "city-guesser.viktorbarzin.me"
      http {
        path {
          path = "/"
          backend {
            service {
              name = "city-guesser"
              port {
                number = 80
              }
            }
          }
        }
      }
    }
  }
}

# resource "kubernetes_ingress_v1" "city-guesser-oauth" {
#   metadata {
#     name      = "city-guesser-ingress-oauth"
#     namespace = "city-guesser"
#     annotations = {
#       "kubernetes.io/ingress.class" = "nginx"
#     }
#   }

#   spec {
#     tls {
#       hosts       = ["city-guesser.viktorbarzin.me"]
#       secret_name = var.tls_secret_name
#     }
#     rule {
#       host = "city-guesser.viktorbarzin.me"
#       http {
#         path {
#           path = "/oauth2"
#           backend {
#             service_name = "city-guesser-oauth"
#             service_port = "80"
#           }
#         }
#       }
#     }
#   }
# }


module "oauth" {
  source = "../oauth-proxy"
  # oauth_client_id     = "3d8ce4bf7b893899d967"
  # oauth_client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
  client_id       = "3d8ce4bf7b893899d967"
  client_secret   = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
  namespace       = "city-guesser"
  host            = "city-guesser.viktorbarzin.me"
  tls_secret_name = var.tls_secret_name
  svc_name        = "city-guesser-oauth"
}