apiVersion: apps/v1
kind: Deployment
metadata:
  name: management
  labels:
    app: management
    environment: {{ .Values.environment }}
    tier: frontend
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: management
  template:
    metadata:
      labels:
        app: management
    spec:
      imagePullSecrets:
        - name: {{ .Values.docker.registry }}
      containers:
        - name: management-app
          image: {{ .Values.docker.image }}
          imagePullPolicy: IfNotPresent
          envFrom:
            - configMapRef:
                name: management-environment
            - secretRef:
                name: management-environment
          env:
            - name: SERVER_SSL_KEY_STORE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.keystoreRef }}
                  key: keystore-password
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: keystore-volume
              mountPath: /app/resources/cert/keystore.p12
              subPath: keystore.p12
              readOnly: true
            - name: jwt-volume
              mountPath: /app/resources/cert/public_key.pem
              subPath: public_key.pem
              readOnly: true
      volumes:
        - name: keystore-volume
          secret:
            secretName: {{ .Values.keystoreRef }}
            items:
              - key: keystore.p12
                path: keystore.p12
        - name: jwt-volume
          secret:
            secretName: {{ .Values.jwtPublicKey.name }}
            items:
              - key: {{ .Values.jwtPublicKey.key }}
                path: public_key.pem