# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cic-meta-server
  namespace: grassroots
  labels:
    app: cic-meta-server
  annotations:
      keel.sh/policy: "glob:master-*"
      keel.sh/trigger: poll
      keel.sh/pollSchedule: "@every 5m"
spec:
  selector:
    matchLabels:
      app: cic-meta-server
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: cic-meta-server
        group: cic
    spec:
      containers:
      - name: cic-meta-server
        #image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"} 
        image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
        imagePullPolicy: Always   
        resources:
          requests:
            cpu: 50m
            memory: 250Mi
          limits:
            cpu: 100m
            memory: 500Mi
        env:
        - name: DATABASE_USER
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_USER
        - name: DATABASE_HOST
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_HOST
        - name: DATABASE_PORT
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_PORT
        - name: DATABASE_ENGINE
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_ENGINE
        - name: DATABASE_DRIVER
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_DRIVER
        - name: DATABASE_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: postgresql-conn-common
              key: DATABASE_PASSWORD
        - name: SCHEMA_SQL_PATH
          value: scripts/initdb/server.postgres.sql
        - name: DATABASE_NAME
          value: cic_meta
        - name: SERVER_HOST
          value: localhost
        - name: SERVER_PORT
          value: "8000"
        - name: DATABASE_SCHEMA_SQL_PATH
          value: ""
        - name: PGP_EXPORTS_DIR
          value: /tmp/src/keys
        - name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
          value: privatekey.asc
        - name: PGP_PASSPHRASE
          value: queenmarlena # TODO move to secret
        - name: PGP_PUBLICKEY_TRUSTED_FILE
          value: publickeys.asc
        - name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
          value: publickeys.asc
        - name: PGP_PUBLICKEY_ENCRYPT_FILE
          value: publickeys.asc
        ports:
        - containerPort: 8000
          name: cic-meta-server
        volumeMounts:
        - mountPath: /tmp/src/keys
          readOnly: true
          name: pgp
      volumes:
      - name: pgp
        configMap:
          name: pgp-meta-test
          items:
      restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
  name: cic-meta-server
  namespace: grassroots
spec:
  selector:
    app: cic-meta-server
  type: ClusterIP
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8000