apiVersion: v1
kind: Service
metadata:
  name: ara
  labels: &labels
    app.kubernetes.io/name: ara
    app.kubernetes.io/component: ara
spec:
  selector: *labels
  type: ClusterIP
  ports:
  - name: http
    port: 8000
    targetPort: 8000

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ara
  labels: &labels
    app.kubernetes.io/name: ara
    app.kubernetes.io/component: ara
spec:
  selector:
    matchLabels: *labels
  template:
    metadata:
      labels: *labels
    spec:
      enableServiceLinks: false
      containers:
      - name: ara-api
        image: quay.io/recordsansible/ara-api
        env:
        - name: ARA_BASE_DIR
          value: /etc/ara
        - name: ARA_SETTINGS
          value: /etc/ara/settings.toml
        - name: SECRETS_FOR_DYNACONF
          value: /etc/ara/.secrets.toml
        ports:
        - containerPort: 8000
          name: http
        readinessProbe: &probe
          httpGet:
            port: 8000
            path: /api/
            httpHeaders:
            - name: Host
              value: ara.ansible.pyrocufflink.blue
          failureThreshold: 3
          periodSeconds: 60
          successThreshold: 1
          timeoutSeconds: 5
        startupProbe:
          <<: *probe
          failureThreshold: 30
          initialDelaySeconds: 1
          periodSeconds: 1
          timeoutSeconds: 1
        volumeMounts:
        - mountPath: /etc/ara/settings.toml
          name: config
          subPath: settings.toml
          readOnly: true
        - mountPath: /etc/ara/.secrets.toml
          name: secrets
          subPath: .secrets.toml
          readOnly: true
        - mountPath: /tmp
          name: tmp
          subPath: tmp
      securityContext:
        runAsNonRoot: true
        runAsUser: 7653
        runAsGroup: 7653
      volumes:
      - name: config
        configMap:
          name: ara
      - name: secrets
        secret:
          secretName: ara
      - name: tmp
        emptyDir:
          medium: Memory