apiVersion: apps/v1
kind: Deployment
metadata:
  name: salt-master
  namespace: webserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: salt
  template:
    metadata:
      labels:
        app: salt
    spec:
      containers:
        - name: salt
          image: saltstack/salt
          envFrom:
            - configMapRef:
                name: salt-master-config

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: salt-master-config
  namespace: webserver
data:
  SALT_API_CONFIG: |
    {
      "rest_cherrypy": {
        "port": 8000,
        "ssl_crt": "/etc/pki/tls/certs/localhost.crt",
        "ssl_key": "/etc/pki/tls/certs/localhost.key"
      },
      "external_auth": {
        "sharedsecret": {
          "salt": [
            ".*",
            "@wheel",
            "@jobs",
            "@runner"
          ]
        }
      },
      "sharedsecret": "saFGGAIGJitwajisajT612QTjq3ifap14"
    }
---
apiVersion: v1
kind: Service
metadata:
  name: salt-master-service
  namespace: webserver
spec:
  selector:
    app: salt    # Select the Pods based on their labels (should match the Deployment labels)
  ports:
    - name: rest
      protocol: TCP
      port: 8000    # Port for REST API
      targetPort: 8000    # Port on the container to which REST API traffic will be forwarded
    - name: minion
      protocol: TCP
      port: 4505    # Port for Salt Minion
      targetPort: 4505    # Port on the container to which Salt Minion traffic will be forwarded
    - name: master
      protocol: TCP
      port: 4506    # Port for Salt Master
      targetPort: 4506    # Port on the container to which Salt Master traffic will be forwarded
  type: ClusterIP    # This creates an internal ClusterIP Service
  clusterIP: 10.43.14.232