apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.app.name }}
spec:
  replicas: {{ .Values.app.replicas }}
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: {{ .Values.app.name }}
  template:
    metadata:
      labels:
        app: {{ .Values.app.name }}
    spec:
      containers:
        - name: {{ .Values.app.name }}
          image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop: [ "ALL" ]
          ports:
            - containerPort: {{ .Values.app.port }}
          env:
            - name: MARIADB_HOST
              value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
            - name: MARIADB_PORT
              value: '3306'
            - name: MARIADB_DB
              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
            - name: MARIADB_USER
              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
            - name: MARIADB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
                  key: password
            - name: RABBITMQ_USERNAME
              value: {{ .Values.rabbitmq.username | quote }}
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
                  key: password
            - name: RABBITMQ_HOST
              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
            - name: RABBITMQ_PORT
              value: {{ .Values.rabbitmq.port | quote }}
            - name: RABBITMQ_VHOST
              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
            - name: MAIL_QUEUE
              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
            - name: MOJEID_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MOJEID_CLIENT_ID
            - name: MOJEID_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MOJEID_CLIENT_SECRET
            - name: BANKID_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: BANKID_CLIENT_ID
            - name: BANKID_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: BANKID_CLIENT_SECRET
            - name: DOMAIN
              value: {{ required "Set .Values.domain" .Values.domain | quote }}
            - name: DOMAIN_SCHEME
              value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }}
            - name: FRONTEND_DOMAIN
              value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }}
            - name: FRONTEND_DOMAIN_SCHEME
              value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }}
          livenessProbe:
            httpGet:
              path: /
              port: {{ .Values.app.port }}
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /
              port: {{ .Values.app.port }}
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3