---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: workspaces-api
  namespace: workspaces
  labels:
    app: workspaces-api
spec:
  replicas: 1
  selector:
    matchLabels:
      app: workspaces-api
  template:
    metadata:
      labels:
        app: workspaces-api
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
        vault.hashicorp.com/agent-init-first: "true"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/auth-path: auth/kubernetes
        vault.hashicorp.com/role: workspaces
        vault.hashicorp.com/agent-inject-secret-workspaces-db: secrets/data/postgresql/apps/workspaces
        vault.hashicorp.com/agent-inject-template-workspaces-db: |-
          {{- with secret "secrets/data/postgresql/apps/workspaces" -}}
          POSTGRES_ADDRESS=postgresql.workspaces.svc.cluster.local
          POSTGRES_PORT=5432
          POSTGRES_DB=workspaces_db
          POSTGRES_USER={{ index .Data.data "username" }}
          POSTGRES_PASSWORD={{ index .Data.data "password" }}
          {{- end -}}
        vault.hashicorp.com/agent-inject-secret-workspaces-django-auth: secrets/data/vault/common/django_auth
        vault.hashicorp.com/agent-inject-template-workspaces-django-auth: |-
          {{- with secret "secrets/data/vault/common/django_auth" -}}
          DJANGO_BASIC_AUTH={{ index .Data.data "key" }}
          {{- end -}}
    spec:
      serviceAccountName: workspaces-vault
      containers:
        - name: workspaces-api
          image: cr.yandex/crp3ccidau046kdj8g9q/workspaces:prod_4961b1f1
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-ec"]
          args:
            - |
              set -a
              [ -f /vault/secrets/workspaces-db ] && . /vault/secrets/workspaces-db
              [ -f /vault/secrets/workspaces-django-auth ] && . /vault/secrets/workspaces-django-auth
              set +a
              exec /api
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: POSTGRES_POOL_SIZE
              value: "3"
            - name: BUNDLES_RETRY_COUNT
              value: "5"
            - name: BUNDLES_NJOBS
              value: "5"
            - name: API_ADDRESS
              value: 0.0.0.0:8000
            - name: NAMESPACE
              value: workspaces
            - name: ENABLE_SQL_QUERY
              value: "0"
            - name: ENABLE_SSL
              value: "0"
            - name: DOCUMENTATION_HOST
              value: http://backend-api-svc.documentations.svc.cluster.local:80
            - name: DOCUMENTATION_LOGGER_FEATURE
              value: "0"
            - name: DOCUMENTATION_ORIGINATOR
              value: prod_ws
            - name: ENVIRONMENT
              value: prod
            - name: DJANGO_HOST
              value: http://backend.django.svc.cluster.local:8000
            - name: DJANGO_ORIGINATOR
              value: docs_prod

          resources:
            requests:
              cpu: 25m
              memory: 100Mi
          livenessProbe:
            httpGet:
              path: /ping
              port: 8000
            initialDelaySeconds: 10
            periodSeconds: 60
            failureThreshold: 10
          readinessProbe:
            httpGet:
              path: /ping
              port: 8000
            initialDelaySeconds: 5
            periodSeconds: 5
            failureThreshold: 20
      imagePullSecrets:
        - name: regcred