apiVersion: apps/v1
kind: Deployment
metadata:
  name: device-api
  labels:
    app: device-api
    environment: {{ .Values.environment }}
    tier: frontend
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: device-api
  template:
    metadata:
      labels:
        app: device-api
    spec:
      imagePullSecrets:
        - name: {{ .Values.docker.registry }}
      containers:
        - name: device-api-app
          image: {{ .Values.docker.image }}
          imagePullPolicy: IfNotPresent
          envFrom:
            - configMapRef:
                name: device-api-environment
            - secretRef:
                name: device-api-environment
          env:
            - name: SERVER_SSL_KEY_STORE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.keystoreRef }}
                  key: keystore-password
          ports:
            - containerPort: 8443
          volumeMounts:
            - name: keystore-volume
              mountPath: /app/resources/cert/keystore.p12
              subPath: keystore.p12
              readOnly: true
            - name: jwt-volume
              mountPath: /app/resources/cert/{{ .Values.jwtPublicKey.filename }}
              subPath: {{ .Values.jwtPublicKey.filename }}
              readOnly: true
      volumes:
        - name: keystore-volume
          secret:
            secretName: {{ .Values.keystoreRef }}
            items:
              - key: keystore.p12
                path: keystore.p12
        - name: jwt-volume
          secret:
            secretName: {{ .Values.jwtPublicKey.name }}
            items:
              - key: {{ .Values.jwtPublicKey.filename }}
                path: {{ .Values.jwtPublicKey.filename }}