---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: message-hub
  namespace: message-hub
  labels:
    app: message-hub
    service: message-hub
spec:
  replicas: 1
  selector:
    matchLabels:
      app: message-hub
  template:
    metadata:
      labels:
        app: message-hub
        service: message-hub
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
        vault.hashicorp.com/agent-init-first: "true"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/auth-path: auth/kubernetes
        vault.hashicorp.com/role: message-hub
        vault.hashicorp.com/agent-inject-secret-message-hub-db: secrets/data/postgresql/apps/message-hub
        vault.hashicorp.com/agent-inject-template-message-hub-db: |-
          {{- with secret "secrets/data/postgresql/apps/message-hub" -}}
          DB_USERNAME={{ index .Data.data "username" }}
          DB_PASSWORD={{ index .Data.data "password" }}
          DB_DATABASE=pm_db
          DB_HOST=postgresql.pm.svc.cluster.local
          DB_PORT=5432
          {{- end -}}
        vault.hashicorp.com/agent-inject-secret-message-hub-s3: secrets/data/minio/apps/message-hub
        vault.hashicorp.com/agent-inject-template-message-hub-s3: |-
          {{- with secret "secrets/data/minio/apps/message-hub" -}}
          S3_HOST={{ index .Data.data.client "endpoint" }}
          S3_LOGIN={{ index .Data.data "access_key" }}
          S3_PASSWORD={{ index .Data.data "secret_key" }}
          {{- $buckets := index .Data.data "buckets" }}
          S3_BUCKET={{- if gt (len $buckets) 0 -}}{{ index (index $buckets 0) "name" }}{{- else -}}rfi{{- end -}}
          {{- end -}}
        vault.hashicorp.com/agent-inject-secret-message-hub-kafka: secrets/data/kafka/apps/message-hub
        vault.hashicorp.com/agent-inject-template-message-hub-kafka: |-
          {{- with secret "secrets/data/kafka/apps/message-hub" -}}
          KAFKA_USERNAME={{ index .Data.data "username" }}
          KAFKA_PASSWORD={{ index .Data.data "password" }}
          KAFKA_HOST=kafka-kafka-contour-controller-headless.kafka.svc.cluster.local
          KAFKA_PORT=9094
          KAFKA_SECURITY_PROTOCOL={{ index .Data.data.auth "security_protocol" }}
          KAFKA_SASL_MECHANISM={{ index .Data.data.auth "sasl_mechanism" }}
          {{- end -}}
    spec:
      serviceAccountName: message-hub-vault
      containers:
        - name: message-hub
          image: cr.yandex/crp3ccidau046kdj8g9q/message-hub:production_24425472
          imagePullPolicy: IfNotPresent
          command: ["/bin/bash", "-ec"]
          args:
            - |
              set -a
              [ -f /vault/secrets/message-hub-db ] && . /vault/secrets/message-hub-db
              [ -f /vault/secrets/message-hub-s3 ] && . /vault/secrets/message-hub-s3
              [ -f /vault/secrets/message-hub-kafka ] && . /vault/secrets/message-hub-kafka
              set +a
              exec /opt/entrypoint.sh
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: WORKER_TIMEOUT
              value: "60"
            - name: PYTHONPATH
              value: src
            - name: SETTINGS_MAX_RETRIES
              value: "1"
            - name: SETTINGS_TOPICS
              value: '{"planning": "pm", "assets": "assets_broadcast", "project_entity": "issues_broadcast"}'
            - name: SETTINGS_PDF_CONVERTER_HOST
              value: http://export-project-service.django.svc.cluster.local:8000
            - name: SAREX_BASE_HOST
              value: http://backend-service.pm.svc.cluster.local:8000
            - name: CACHE_HOST
              value: redis.pm.svc.cluster.local
            - name: CACHE_PORT
              value: "6379"
          resources:
            requests:
              cpu: "1"
              memory: 1Gi
      imagePullSecrets:
        - name: regcred