---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: "iam"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: "iam"
  template:
    metadata:
      labels:
        app: "iam"
    spec:
{{ if ((.Values.iam).hostAliases) }}
      hostAliases:
{{- range $hostAliase := .Values.iam.hostAliases }}
      - ip: "{{ $hostAliase.ip }}"
        hostnames:
        - "{{ $hostAliase.name }}"
{{- end }}
{{ end }}
      containers:
      - name: "iam"
        image: "{{ .Values.harbor.host.name }}/{{ .Values.iam.image.name }}:{{ .Values.iam.image.version }}"
        imagePullPolicy: Always
        env:
        - name: SMA_JWT_ENABLED
          value: "true"
        - name: SMA_JWT_SECRET
          valueFrom:
            secretKeyRef:
              name: "iam-secrets"
              key: JWT_SECRET

        - name: IAM_KEYCLOAK_AUTH_SERVER_URL
          value: "https://{{ .Values.iam.keycloak.host }}/auth"
        - name: IAM_KEYCLOAK_ADMIN_USER
          value: "{{ .Values.iam.keycloak.username }}"
        - name: IAM_KEYCLOAK_ADMIN_PASSWORD
          value: "{{ .Values.iam.keycloak.username }}"

        - name: SERVER_ERROR_INCLUDE_MESSAGE
          value: "always"
        ports:
        - containerPort: 8080
        - containerPort: 8081
      imagePullSecrets:
      - name: "{{ .Values.harbor.pull_secret }}"