apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}
  labels:
    app.kubernetes.io/name: {{ .Chart.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: "backend-api"
spec:
  replicas: {{ .Values.replicas }}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ .Chart.Name }}
      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: "backend-api"
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
      labels:
        app.kubernetes.io/name: {{ .Chart.Name }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/component: "backend-api"
    spec:
      automountServiceAccountToken: false
      imagePullSecrets:
        - name: {{ .Release.Name }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: Always
          ports:
            - name: {{ .Values.service.port.name }}
              containerPort: {{ .Values.config.port }}
              protocol: TCP
#          livenessProbe:
#            httpGet:
#              path: /livez
#              port: {{ .Values.service.port.name }}
#          readinessProbe:
#            httpGet:
#              path: /readyz
#              port: {{ .Values.service.port.name }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          envFrom:
            - configMapRef:
                name: {{ .Release.Name }}
          volumeMounts:
            - mountPath: /etc/yggdrasil/secrets
              name: secrets
              readOnly: true
      volumes:
        - name: secrets
          secret:
            secretName: {{ .Release.Name }}