apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: ntfy-data
  namespace: monitoring
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ntfy-config
  namespace: monitoring
data:
  server.yml: |
    base-url: "https://ntfy.techarvest.co.zw"
    listen-http: ":80"
    auth-file: "/var/lib/ntfy/user.db"
    auth-default-access: "deny-all"
    cache-file: "/var/lib/ntfy/cache.db"
    attachment-cache-dir: "/var/lib/ntfy/attachments"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ntfy
  namespace: monitoring
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ntfy
  template:
    metadata:
      labels:
        app: ntfy
    spec:
      containers:
      - name: ntfy
        image: binwiederhier/ntfy:latest
        imagePullPolicy: Always
        args: ["serve"]
        ports:
        - containerPort: 80
        volumeMounts:
        - name: ntfy-config
          mountPath: /etc/ntfy/server.yml
          subPath: server.yml
          readOnly: true
        - name: ntfy-data
          mountPath: /var/lib/ntfy
      volumes:
      - name: ntfy-config
        configMap:
          name: ntfy-config
      - name: ntfy-data
        persistentVolumeClaim:
          claimName: ntfy-data
---
apiVersion: v1
kind: Service
metadata:
  name: ntfy
  namespace: monitoring
spec:
  selector:
    app: ntfy
  ports:
  - port: 80
    targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ntfy-ingress
  namespace: monitoring
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - ntfy.techarvest.co.zw
    secretName: ntfy-tls
  rules:
  - host: ntfy.techarvest.co.zw
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ntfy
            port:
              number: 80