---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: inventory-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: inventory-app
  template:
    metadata:
      labels:
        app: inventory-app
    spec:
      enableServiceLinks: false
      imagePullSecrets:
        - name: regcred
      serviceAccountName: oidc-gateway
      containers:
        - name: inventory-app
          image: inventory-app
          env:
            - name: INVENTORY_API_KEY
              value: "sptWL6XFxl4b8"
            - name: PYTHONUNBUFFERED
              value: "1"
            - name: RECAPTCHA_PUBLIC_KEY
              value: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
            - name: RECAPTCHA_PRIVATE_KEY
              value: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
            - name: MEMBERS_HOST
              value: "https://members.k-space.ee"
            - name: INVENTORY_ASSETS_BASE_URL
              value: "https://minio.codemowers.eu:9000"
            - name: MONGO_URI
              valueFrom:
                secretKeyRef:
                  name: mongodb-application-readwrite
                  key: connectionString.standard
            - name: AWS_ENDPOINT_URL
              valueFrom:
                secretKeyRef:
                  name: miniobucket-inventory-app-owner-secrets
                  key: MINIO_URI
            - name: SECRET_KEY
              value: "bad_secret"
            - name: ENVIRONMENT_TYPE
              value: "DEV"
            - name: MY_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          envFrom:
          - secretRef:
              name: oidc-client-inventory-app-owner-secrets
          ports:
            - containerPort: 5000
              name: metrics
---
apiVersion: v1
kind: Service
metadata:
  name: inventory-app
  labels:
    app: inventory-app
spec:
  selector:
    app: inventory-app
  ports:
  - protocol: TCP
    port: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: inventory-app
  annotations:
    kubernetes.io/ingress.class: shared
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee
spec:
  rules:
  - host: inventory-app-72zn4.codemowers.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: inventory-app
            port:
              number: 5000
  tls:
  - hosts:
    - "*.codemowers.ee"
---
apiVersion: codemowers.io/v1alpha1
kind: OIDCGWClient
metadata:
  name: inventory-app
spec:
  uri: 'https://inventory-app-72zn4.codemowers.ee'
  redirectUris:
    - 'https://inventory-app-72zn4.codemowers.ee/login-callback'
  grantTypes:
    - 'authorization_code'
  responseTypes:
    - 'code'
  availableScopes:
    - 'openid'
    - 'profile'
  tokenEndpointAuthMethod: 'client_secret_basic'
  pkce: false