apiVersion: v1
kind: Namespace
metadata:
  name: crafty-system
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: crafty-port-reservations
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
data:
  README.txt: "Crafty Controller hostNetwork deployment.


    Reserved Minecraft TCP port range on the node: 25565-25575.

    Recommendation: only map/forward ports from this range on your router.

    In Crafty, assign each server a unique port within this range.


    Port 25565 is commonly used for the primary server.

    "
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: craftycontroller
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: crafty-app-config
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  storageClassName: longhorn-ssd2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: crafty-servers
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: longhorn-hdd
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: crafty-backups
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: longhorn-hdd
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: crafty-import
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: longhorn-hdd
---
apiVersion: v1
kind: Service
metadata:
  name: craftycontroller-headless
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  clusterIP: None
  selector:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
  ports:
    - name: https
      port: 8443
      targetPort: 8443
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: craftycontroller-https
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  type: ClusterIP
  selector:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
  ports:
    - name: https
      port: 8443
      targetPort: 8443
      protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: craftycontroller-https
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/hostname: crafty.dooplex.hu,crafty.home
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 200m
    nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-crafty-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
    nginx.ingress.kubernetes.io/auth-signin: https://crafty.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
    nginx.ingress.kubernetes.io/auth-snippet:
      "proxy_set_header X-Forwarded-Host $http_host;

      "
    nginx.ingress.kubernetes.io/configuration-snippet: |
      set $geo_allowed 0;
      if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
      if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
      if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
      if ($geo_allowed = 0) {
        return 403 "Access restricted to Hungary";
      }
spec:
  ingressClassName: nginx-internal
  tls:
    - secretName: crafty-tls
      hosts:
        - crafty.dooplex.hu
  rules:
    - host: crafty.dooplex.hu
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: craftycontroller-https
                port:
                  number: 8443
    - host: crafty.home
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: craftycontroller-https
                port:
                  number: 8443
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: craftycontroller
  namespace: crafty-system
  labels:
    app.kubernetes.io/name: craftycontroller
    app.kubernetes.io/instance: crafty
spec:
  serviceName: craftycontroller-headless
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: craftycontroller
      app.kubernetes.io/instance: crafty
  template:
    metadata:
      labels:
        app.kubernetes.io/name: craftycontroller
        app.kubernetes.io/instance: crafty
      annotations:
        match-regex.version-checker.io/craftycontroller: '^\d+\.\d+\.\d+$'
    spec:
      serviceAccountName: craftycontroller
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      securityContext:
        fsGroup: 0
      containers:
        - name: craftycontroller
          image: arcadiatechnology/crafty-4:4.9.0
          imagePullPolicy: IfNotPresent
          securityContext:
            runAsNonRoot: true
            runAsUser: 1000
            runAsGroup: 0
          ports:
            - name: https
              containerPort: 8443
              protocol: TCP
            - name: minecraft
              containerPort: 25565
              protocol: TCP
            - name: mc25566
              containerPort: 25566
              protocol: TCP
            - name: mc25567
              containerPort: 25567
              protocol: TCP
            - name: mc25568
              containerPort: 25568
              protocol: TCP
            - name: mc25569
              containerPort: 25569
              protocol: TCP
            - name: mc25570
              containerPort: 25570
              protocol: TCP
            - name: mc25571
              containerPort: 25571
              protocol: TCP
            - name: mc25572
              containerPort: 25572
              protocol: TCP
            - name: mc25573
              containerPort: 25573
              protocol: TCP
            - name: mc25574
              containerPort: 25574
              protocol: TCP
            - name: mc25575
              containerPort: 25575
              protocol: TCP
          livenessProbe:
            initialDelaySeconds: 30
            httpGet:
              path: /
              port: 8443
              scheme: HTTPS
          readinessProbe:
            initialDelaySeconds: 30
            periodSeconds: 10
            failureThreshold: 18
            httpGet:
              path: /
              port: 8443
              scheme: HTTPS
          resources: {}
          volumeMounts:
            - name: crafty-app-config
              mountPath: /crafty/app/config
            - name: crafty-servers
              mountPath: /crafty/servers
            - name: crafty-backups
              mountPath: /crafty/backups
            - name: crafty-import
              mountPath: /crafty/import
      volumes:
        - name: crafty-app-config
          persistentVolumeClaim:
            claimName: crafty-app-config
        - name: crafty-servers
          persistentVolumeClaim:
            claimName: crafty-servers
        - name: crafty-backups
          persistentVolumeClaim:
            claimName: crafty-backups
        - name: crafty-import
          persistentVolumeClaim:
            claimName: crafty-import