apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: dch-webhooks
    app.kubernetes.io/component: dch-webhooks
    app.kubernetes.io/instance: dch-webhooks
    app.kubernetes.io/part-of: dch-webhooks
  name: dch-webhooks
spec:
  ports:
  - name: http
    port: 8000
  selector:
    app.kubernetes.io/name: dch-webhooks
    app.kubernetes.io/component: dch-webhooks
    app.kubernetes.io/instance: dch-webhooks
  type: ClusterIP

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dch-webhooks
  labels:
    app.kubernetes.io/name: dch-webhooks
    app.kubernetes.io/component: dch-webhooks
    app.kubernetes.io/instance: dch-webhooks
    app.kubernetes.io/part-of: dch-webhooks
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: dch-webhooks
      app.kubernetes.io/component: dch-webhooks
      app.kubernetes.io/instance: dch-webhooks
  template:
    metadata:
      labels:
        app.kubernetes.io/name: dch-webhooks
        app.kubernetes.io/component: dch-webhooks
        app.kubernetes.io/instance: dch-webhooks
    spec:
      containers:
      - name: dch-webhooks
        image: git.pyrocufflink.net/containerimages/dch-webhooks
        env:
        - name: FIREFLY_URL
          value: http://firefly-iii.firefly-iii.svc.cluster.local:8080
        - name: FIREFLY_AUTH_TOKEN
          value: /run/secrets/du5t1n.me/firefly/firefly.token
        - name: PAPERLESS_URL
          value: http://paperless-ngx.paperless-ngx.svc.cluster.local:8000
        - name: PAPERLESS_AUTH_TOKEN
          value: /run/secrets/du5t1n.me/paperless/paperless.token
        - name: UVICORN_HOST
          value: 0.0.0.0
        - name: UVICORN_LOG_LEVEL
          value: debug
        ports:
        - name: http
          containerPort: 8000
        startupProbe: &probe
          httpGet:
            path: /
            port: 8000
          periodSeconds: 1
          timeoutSeconds: 1
          successThreshold: 1
          failureThreshold: 10
        readinessProbe:
          <<: *probe
          periodSeconds: 60
          failureThreshold: 2
        securityContext:
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /run/secrets/du5t1n.me/firefly
          name: firefly-token
        - mountPath: /run/secrets/du5t1n.me/paperless
          name: paperless-token
      securityContext:
        runAsNonRoot: true
      volumes:
      - name: firefly-token
        secret:
          secretName: firefly-token
          optional: true
      - name: paperless-token
        secret:
          secretName: paperless-token
          optional: true