---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: "wordpress"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: "wordpress"
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: "wordpress"
    spec:
{{ if ((.Values.wordpress).hostAliases) }}
      hostAliases:
{{- range $hostAliase := .Values.wordpress.hostAliases }}
      - ip: "{{ $hostAliase.ip }}"
        hostnames:
        - "{{ $hostAliase.name }}"
{{- end }}
{{ end }}
#      securityContext:
#        runAsUser: 33
#        runAsGroup: 33
#        fsGroup: 33
      volumes:
      - name: wordpress-content
        persistentVolumeClaim:
          claimName: wordpress-content-pvc
      hostAliases:
      - ip: "{{ .Values.sharedService.keycloak.host.ip }}"
        hostnames:
        - "{{ .Values.sharedService.keycloak.host.name }}"
      - ip: "{{ .Values.sharedService.maria.host.ip }}"
        hostnames:
        - "{{ .Values.sharedService.maria.host.name }}"
      containers:
      - name: "wordpress"
        image: "{{ .Values.harbor.host.name }}/{{ .Values.wordpress.image.name }}:{{ .Values.wordpress.image.version }}"
        imagePullPolicy: Always
        env:
        - name: WORDPRESS_DB_HOST
          value: "{{ .Values.wordpress.database.host }}:{{ .Values.wordpress.database.port }}"
        - name: WORDPRESS_DB_USER
          value: "{{ .Values.wordpress.database.username }}"
        - name: WORDPRESS_DB_PASSWORD
          value: "{{ .Values.wordpress.database.password }}"
        - name: WORDPRESS_DB_NAME
          value: "{{ .Values.wordpress.database.name }}"
        - name: WORDPRESS_DEBUG
          value: "1"
        - name: WORDPRESS_DOMAIN
          value: "https://{{ .Values.wordpress.domain }}"
        - name: WORDPRESS_CONFIG_EXTRA
          value: |-
            define( 'WP_HOME', 'https://{{ .Values.wordpress.domain }}' );
            define( 'WP_SITEURL', 'https://{{ .Values.wordpress.domain }}' );
            define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );
        - name: AUTH_API
          value: "https://{{ .Values.wordpress.oidc.issuer_host }}"
        - name: RESOURCE_API
          value: "https://{{ .Values.connect.domain }}"
        - name: REALM_ID
          value: "{{ .Values.wordpress.oidc.realm }}"
        - name: REGISTRATION_ID
          value: "{{ .Values.wordpress.oidc.registration_id }}"
        - name: CLIENT_ID
          value: "{{ .Values.wordpress.oidc.client_id }}"
        - name: CLIENT_SECRET
          value: "{{ .Values.wordpress.oidc.client_secret }}"
        - name: CLIENT_USERNAME
          value: "{{ .Values.wordpress.oidc.client_id }}"
        - name: CLIENT_PASSWORD
          value: "{{ .Values.wordpress.oidc.client_id }}"
        - name: SK_NRW_ISSUER
          value: "https://{{ .Values.wordpress.oidc.issuer_host }}/auth/realms/{{ .Values.wordpress.oidc.realm }}"
        - name: SK_NRW_PROVIDER_URL
          value: "https://{{ .Values.wordpress.oidc.issuer_host }}/auth/realms/{{ .Values.wordpress.oidc.realm }}"
        - name: SK_NRW_CLIENT_ID
          value: "{{ .Values.wordpress.oidc.client_id }}"
        - name: SK_NRW_CLIENT_SECRET
          value: "{{ .Values.wordpress.oidc.client_secret }}"
        - name: SMARDIGO_AUTH_TOKEN_NAME
          value: "Smardigo-User-Token"
        - name: SMARDIGO_AUTH_TOKEN_VALUE
          valueFrom:
            secretKeyRef:
              name: "wordpress-secrets"
              key: SMA_WORKFLOW_AUTH_TOKEN
        ports:
        - containerPort: 80
#      - name: "ubuntu"
#        image: "ubuntu:20.04"
#        command:
#        - sleep
#        args:
#        - "3600"
      initContainers:
      - name: init-maria
        image: busybox:1.28
        command: ['sh', '-c', "until nslookup {{ .Values.wordpress.database.host }}; do echo waiting for maria; sleep 2; done"]
        volumeMounts:
          - name: wordpress-content
            mountPath: /var/www/html/wp-content
      imagePullSecrets:
      - name: "{{ .Values.harbor.pull_secret }}"