apiVersion: apps/v1
kind: Deployment
metadata:
  name: desci-server-demo
  labels:
    App: DesciServerDemo
spec:
  replicas: 2
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      App: DesciServerDemo
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        vault.hashicorp.com/agent-inject: 'true'
        vault.hashicorp.com/agent-inject-status: 'update'
        vault.hashicorp.com/role: app-vault-reader
        vault.hashicorp.com/agent-inject-secret-config: secrets/desci-server/demo/db
        vault.hashicorp.com/agent-inject-template-config: |
          {{- with secret "secrets/desci-server/demo/db" -}}
          export PG_HOST={{ .Data.host }}
          export PG_PORT={{ .Data.port }}
          export POSTGRES_USER={{ .Data.user }}
          export POSTGRES_PASSWORD={{ .Data.password }}
          export POSTGRES_DB={{ .Data.db }}
          export DATABASE_URL={{ .Data.url }}
          export IPFS_NODE_URL="http://ipfs-gateway-staging-internal.default.svc.cluster.local:5001"
          export NODE_ENV=production
          echo "dbset"; 
          {{- end -}}
          {{- with secret "secrets/desci-server/demo/app" -}}
          echo "appstart"; 
          export JWT_SECRET={{ .Data.JWT_SECRET }}
          export JWT_EXPIRATION=15m
          export SESSION_KEY={{ .Data.SESSION_KEY }}
          export ORCID_CLIENT_ID={{ .Data.ORCID_CLIENT_ID }}
          export ORCID_CLIENT_SECRET={{ .Data.ORCID_CLIENT_SECRET }}
          export ARWEAVE_ENABLED=0
          export ARWEAVE_HOST=
          export ARWEAVE_PORT=1984
          export ARWEAVE_PROTOCOL=http
          export ARWEAVE_PUBKEY=
          export ARWAVE_SECRET_PRIVATE_KEY_SECRET=
          export REDIS_HOST={{ .Data.REDIS_HOST }}
          export REDIS_PORT={{ .Data.REDIS_PORT }}
          export REDIS_URL={{ .Data.REDIS_URL }}
          export SERVER_URL={{ .Data.SERVER_URL }}
          export DAPP_URL={{ .Data.DAPP_URL }}
          export SENDGRID_API_KEY={{ .Data.SENDGRID_API_KEY }}
          export SHOULD_SEND_EMAIL=true
          export AWS_ACCESS_KEY_ID={{ .Data.AWS_ACCESS_KEY_ID }}
          export AWS_SECRET_ACCESS_KEY={{ .Data.AWS_SECRET_ACCESS_KEY }}
          export AWS_S3_BUCKET_NAME={{ .Data.AWS_S3_BUCKET_NAME }}
          export AWS_S3_BUCKET_REGION={{ .Data.AWS_S3_BUCKET_REGION }}
          export THEGRAPH_API_URL={{ .Data.THEGRAPH_API_URL }}
          export HOT_WALLET_KEY={{ .Data.HOT_WALLET_KEY }}
          export CSO_CLASSIFIER_API={{ .Data.CSO_CLASSIFIER_API }}
          export VSCODE_ACCESS_TOKEN={{ .Data.VSCODE_ACCESS_TOKEN }}
          export NODES_MEDIA_SERVER_URL={{ .Data.NODES_MEDIA_SERVER_URL }}
          {{- end -}}
      labels:
        App: DesciServerDemo
    spec:
      containers:
        - image: 523044037273.dkr.ecr.us-east-2.amazonaws.com/desci-server-demo:latest
          name: desci-server-demo
          command: ['/bin/bash', '-c']
          args:
            - echo "SOURCING ENV"; source /vault/secrets/config; NODE_PATH=./dist node ./dist/index.js;
          ports:
            - containerPort: 5420
          resources:
            limits:
              cpu: '0.5'
              memory: 512Mi
            requests:
              cpu: 250m
              memory: 50Mi
      serviceAccountName: 'vault-auth'