apiVersion: apps/v1
kind: Deployment
metadata:
  name: "{{ .Release.Name }}-iam"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}-iam"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}-iam"
    spec:
      hostAliases:
      - ip: "{{ .Values.sharedService.keycloak.host.ip }}"
        hostnames:
        - "{{ .Values.sharedService.keycloak.host.name }}"
      containers:
      - name: "{{ .Release.Name }}-iam"
        image: "{{ .Values.harbor.host.name }}/{{ .Values.iam.image.name }}:{{ .Values.iam.image.version }}"
        imagePullPolicy: Always
        env:
        - name: SERVER_ERROR_INCLUDE_MESSAGE
          value: "always"
        - name: IAM_KEYCLOAK_AUTH_SERVER_URL
          value: "https://{{ .Values.sharedService.keycloak.host.name }}/auth"
        - name: IAM_KEYCLOAK_ADMIN_USER
          value: "{{ .Values.iam.keycloak.username }}"
        - name: IAM_KEYCLOAK_ADMIN_PASSWORD
          value: "{{ .Values.iam.keycloak.username }}"
        - name: SMA_JWT_ENABLED
          value: "true"
        - name: SMA_JWT_SECRET
          value: "456ae14462d049d3be76439ef379c7c6"
        ports:
        - containerPort: 8080
      initContainers:
      - name: init-keycloak
        image: busybox:1.28
        command: ['sh', '-c', "until nslookup {{ .Values.sharedService.keycloak.host.name }}; do echo waiting for keycloak; sleep 2; done"]
      imagePullSecrets:
      - name: "{{ .Values.smardigo.pull_secret }}"