apiVersion: v1
kind: Namespace
metadata:
  name: proxmox
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: proxmox-proxy-deployment
  namespace: proxmox
  labels:
    app: proxmox-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: proxmox-proxy
  template:
    metadata:
      labels:
        app: proxmox-proxy
    spec:
      nodeSelector:
        kubernetes.io/hostname: premhome-falcon-1
      containers:
        - name: tcp-proxy
          image: harbor.yadunut.dev/yadunut/tcp_proxy:sha-582dd5f-1747336425 # {"$imagepolicy": "flux-system:tcp-proxy"}
          env:
            - name: LISTEN_ADDR
              value: ":8443"
            - name: UPSTREAM_ADDR
              value: "10.0.0.5:8006"
          ports:
            - containerPort: 8443
              name: https
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
  name: proxmox-tcp
  namespace: proxmox
spec:
  entryPoints:
    - websecure # the same entrypoint Traefik uses for HTTPS
  tls:
    passthrough: true
  routes:
    - match: HostSNI(`proxmox.i.yadunut.dev`)
      services:
        - name: proxmox-proxy
          port: 8443
---
apiVersion: v1
kind: Service
metadata:
  name: proxmox-proxy
  namespace: proxmox
spec:
  selector:
    app: proxmox-proxy
  ports:
    - name: https
      port: 8443
      targetPort: https
  type: ClusterIP
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
  name: tcp-proxy
  namespace: flux-system
spec:
  image: harbor.yadunut.dev/yadunut/tcp_proxy
  interval: 1m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
  name: tcp-proxy
  namespace: flux-system
spec:
  imageRepositoryRef:
    name: tcp-proxy
  filterTags:
    pattern: "^sha-[a-fA-F0-9]+-(?P<ts>.*)"
    extract: "$ts"
  policy:
    numerical:
      order: asc