apiVersion: apps/v1
kind: Deployment
metadata:
  name: loomio
spec:
  replicas: 1
  selector:
    matchLabels:
      component: web
  template:
    metadata:
      labels:
        component: web
    spec:
      containers:
      - name: loomio
        image: {{ .image }}
        ports:
        - containerPort: 3000
          name: http
        env:
        - name: RAILS_ENV
          value: production
        - name: SITE_NAME
          value: {{ .appName }}
        - name: CANONICAL_HOST
          value: {{ .domain }}
        - name: PUBLIC_APP_URL
          value: https://{{ .domain }}
        - name: SUPPORT_EMAIL
          value: {{ .supportEmail }}
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: loomio-secrets
              key: dbUrl
        - name: REDIS_URL
          value: {{ .redisUrl }}
        - name: DEVISE_SECRET
          valueFrom:
            secretKeyRef:
              name: loomio-secrets
              key: deviseSecret
        - name: SECRET_COOKIE_TOKEN
          valueFrom:
            secretKeyRef:
              name: loomio-secrets
              key: secretCookieToken
        - name: FORCE_SSL
          value: "{{ .forceSSL }}"
        - name: USE_RACK_ATTACK
          value: "{{ .useRackAttack }}"
        - name: PUMA_WORKERS
          value: "{{ .pumaWorkers }}"
        - name: MIN_THREADS
          value: "{{ .minThreads }}"
        - name: MAX_THREADS
          value: "{{ .maxThreads }}"
        - name: ACTIVE_STORAGE_SERVICE
          value: {{ .activeStorageService }}
        - name: SMTP_AUTH
          value: {{ .smtp.auth }}
        - name: SMTP_DOMAIN
          value: {{ .smtp.domain }}
        - name: SMTP_SERVER
          value: {{ .smtp.host }}
        - name: SMTP_PORT
          value: "{{ .smtp.port }}"
        - name: SMTP_USERNAME
          value: {{ .smtp.user }}
        - name: SMTP_PASSWORD
          valueFrom:
            secretKeyRef:
              name: loomio-secrets
              key: smtpPassword
        - name: SMTP_USE_SSL
          value: "{{ .smtp.tls }}"
        - name: REPLY_HOSTNAME
          value: {{ .smtp.from }}
        volumeMounts:
        - name: uploads
          mountPath: /loomio/public/system
        - name: storage
          mountPath: /loomio/storage
        - name: tmp
          mountPath: /loomio/tmp
        resources:
          requests:
            memory: 512Mi
            cpu: 200m
          limits:
            memory: 2Gi
            cpu: 1000m
        livenessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 60
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /health
            port: 3000
          initialDelaySeconds: 30
          periodSeconds: 10
        securityContext:
          runAsNonRoot: true
          runAsUser: 1000
          runAsGroup: 1000
          allowPrivilegeEscalation: false
          capabilities:
            drop: [ALL]
          readOnlyRootFilesystem: false
          seccompProfile:
            type: RuntimeDefault
      volumes:
      - name: uploads
        persistentVolumeClaim:
          claimName: loomio-uploads
      - name: storage
        persistentVolumeClaim:
          claimName: loomio-storage
      - name: tmp
        emptyDir: {}