apiVersion: apps/v1
kind: Deployment
metadata:
  name: codimd
  namespace: codimd
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      component: web
  template:
    metadata:
      labels:
        component: web
    spec:
      securityContext:
        fsGroup: 1500
        runAsGroup: 1500
        runAsNonRoot: true
        runAsUser: 1500
      containers:
        - name: codimd
          image: "{{ .apps.codimd.image }}"
          imagePullPolicy: IfNotPresent
          env:
            - name: CMD_DOMAIN
              value: "{{ .apps.codimd.domain }}"
            - name: CMD_URL_ADDPORT
              value: "false"
            - name: CMD_PROTOCOL_USESSL
              value: "{{ .apps.codimd.useSSL }}"
            - name: CMD_USECDN
              value: "{{ .apps.codimd.useCDN }}"
            - name: CMD_DB_URL
              value: "postgres://{{ .apps.codimd.dbUser }}:$(CMD_DB_PASSWORD)@{{ .apps.codimd.dbHost }}:{{ .apps.codimd.dbPort }}/{{ .apps.codimd.dbName }}"
            - name: CMD_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: codimd-secrets
                  key: apps.codimd.dbPassword
            - name: CMD_SESSION_SECRET
              valueFrom:
                secretKeyRef:
                  name: codimd-secrets
                  key: apps.codimd.sessionSecret
            - name: CMD_SESSION_LIFE
              value: "{{ .apps.codimd.sessionLifeTime }}"
            - name: CMD_HSTS_ENABLE
              value: "{{ .apps.codimd.hstsEnable }}"
            - name: CMD_HSTS_MAX_AGE
              value: "{{ .apps.codimd.hstsMaxAge }}"
            - name: CMD_HSTS_INCLUDE_SUBDOMAINS
              value: "false"
            - name: CMD_HSTS_PRELOAD
              value: "true"
            - name: CMD_CSP_ENABLE
              value: "{{ .apps.codimd.cspEnable }}"
            - name: CMD_ALLOW_GRAVATAR
              value: "{{ .apps.codimd.allowGravatar }}"
            - name: CMD_RESPONSE_MAX_LAG
              value: "70"
            - name: CMD_IMAGE_UPLOAD_TYPE
              value: "{{ .apps.codimd.imageUploadType }}"
            - name: CMD_ALLOW_FREEURL
              value: "{{ .apps.codimd.allowFreeURL }}"
            - name: CMD_FORBIDDEN_NOTE_IDS
              value: "robots.txt,favicon.ico,api"
            - name: CMD_DEFAULT_PERMISSION
              value: "{{ .apps.codimd.defaultPermission }}"
            - name: CMD_ALLOW_ANONYMOUS_EDITS
              value: "{{ .apps.codimd.allowAnonymousEdits }}"
            - name: CMD_ALLOW_ANONYMOUS_VIEWS
              value: "{{ .apps.codimd.allowAnonymousViews }}"
            - name: CMD_ALLOW_PDF_EXPORT
              value: "{{ .apps.codimd.allowPdfExport }}"
            - name: CMD_DEFAULT_USE_HARD_BREAK
              value: "{{ .apps.codimd.useHardBreak }}"
            - name: CMD_LINKIFY_HEADER_STYLE
              value: "{{ .apps.codimd.linkifyHeaderStyle }}"
            - name: CMD_AUTO_VERSION_CHECK
              value: "{{ .apps.codimd.autoVersionCheck }}"
          ports:
            - name: http
              containerPort: {{ .apps.codimd.port }}
          volumeMounts:
            - mountPath: /home/hackmd/app/public/uploads
              name: uploads
          readinessProbe:
            httpGet:
              port: {{ .apps.codimd.port }}
              path: /status
            initialDelaySeconds: 3
            failureThreshold: 2
            successThreshold: 3
            timeoutSeconds: 2
            periodSeconds: 5
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /status
              port: {{ .apps.codimd.port }}
              scheme: HTTP
            initialDelaySeconds: 3
            periodSeconds: 5
            successThreshold: 1
            timeoutSeconds: 2
      restartPolicy: Always
      volumes:
        - name: uploads
          persistentVolumeClaim:
            claimName: codimd-uploads