---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sarex-subscriptions
  namespace: subscriptions
  labels:
    app: sarex-subscriptions
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sarex-subscriptions
  template:
    metadata:
      labels:
        app: sarex-subscriptions
      annotations:
        traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
        vault.hashicorp.com/agent-init-first: "true"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/auth-path: auth/kubernetes
        vault.hashicorp.com/role: subscriptions
        vault.hashicorp.com/agent-inject-secret-subscriptions-postgresql: secrets/data/postgresql/apps/subscriptions
        vault.hashicorp.com/agent-inject-template-subscriptions-postgresql: |-
          {{- with secret "secrets/data/postgresql/apps/subscriptions" -}}
          DATABASE_HOST=postgresql.subscriptions.svc.cluster.local
          DATABASE_PORT=5432
          DATABASE_NAME=subscriptions_db
          DATABASE_USER={{ index .Data.data "username" }}
          DATABASE_PASSWORD={{ index .Data.data "password" }}
          {{- end -}}
        vault.hashicorp.com/agent-inject-secret-subscriptions-minio: secrets/data/minio/apps/subscriptions
        vault.hashicorp.com/agent-inject-template-subscriptions-minio: |-
          {{- with secret "secrets/data/minio/apps/subscriptions" -}}
          YC_S3_ACCESS_KEY_ID={{ index .Data.data "access_key" }}
          YC_S3_SECRET_ACCESS_KEY={{ index .Data.data "secret_key" }}
          YC_S3_BUCKET_NAME=subscriptions
          YC_S3_ENDPOINT_URL=https://minio.contour.infra.sarex.tech
          {{- end -}}
    spec:
      serviceAccountName: subscriptions-vault
      containers:
        - name: subscriptions
          image: cr.yandex/crp3ccidau046kdj8g9q/subscriptions:prod_a50928e1
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-ec"]
          args:
            - |
              set -a
              [ -f /vault/secrets/subscriptions-postgresql ] && . /vault/secrets/subscriptions-postgresql
              [ -f /vault/secrets/subscriptions-minio ] && . /vault/secrets/subscriptions-minio
              set +a
              exec /server/entrypoint.sh
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: API_ADDRESS
              value: "8000"
            - name: SYSTEM_LOG_HOST
              value: http://api-service.system-log
            - name: USER_SERVICE_HOST
              value: http://backend.django.svc.cluster.local:8000
            - name: IS_USE_TELEGRAM
              value: "false"
            - name: IS_MAILGUN_USE
              value: "0"
            - name: SMTP_EMAIL_FROM
              value: sarex@rwb.ru
            - name: SMTP_EMAIL_HOST
              value: mail.rwb.ru
            - name: SMTP_EMAIL_PORT
              value: "465"
          resources:
            requests:
              cpu: "25m"
              memory: 128Mi
      imagePullSecrets:
        - name: regcred