apiVersion: apps/v1
kind: Deployment
metadata:
  name: csi-iam
  namespace: moh-prod
spec:
  selector:
    matchLabels:
      app: csi-iam
      tier: backend
      track: stable
  template:
    metadata:
      labels:
        app: csi-iam
        tier: backend
        track: stable
    spec:
      containers:
        - env:
            - name: PROXY_ADDRESS_FORWARDING
              value: 'true'
            - name: KEYCLOAK_LOGLEVEL
              value: INFO
              #- name: JGROUPS_DISCOVERY_PROTOCOL
              #value: kubernetes.KUBE_PING
              #- name: KUBERNETES_NAMESPACE
              #valueFrom:
              #  fieldRef:
              #    fieldPath: metadata.namespace
              #- name: KUBERNETES_LABELS
              #value: app=csi-iam
              #- name: JGROUPS_DISCOVERY_PROPERTIES
              #value: 'port_range=0,dump_requests=true'
            - name: KAFKA_BROKERS
              valueFrom:
                configMapKeyRef:
                  key: KAFKA_BOOTSTRAP_SERVERS
                  name: service-configs
            - name: INFINISPAN_HOST
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP
            - name: INFINISPAN_PORT
              value: '32123'
            - name: apm_server
              valueFrom:
                configMapKeyRef:
                  key: apm_server
                  name: service-configs
            - name: service_name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: GROUP_ID_CONFIG
              value: register-1
            - name: JAVA_OPTS
              value: >-
                -Xms2g -Xmx4g -XX:MetaspaceSize=96M
                -XX:+UseG1GC -XX:+UseStringDeduplication
                -XX:+HeapDumpOnOutOfMemoryError
                -XX:HeapDumpPath=/opt/jboss/memdump 
                -Djava.net.preferIPv4Stack=true
                -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
                -Djava.awt.headless=true
                -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts
                -Djavax.net.ssl.trustStorePassword=changeit
                -Delastic.apm.server_urls=$(apm_server) -Delastic.apm.service_name="csi-iam"
                -Delastic.apm.disable_instrumentations="" -Delastic.apm.application_packages=com.afrunt
                -Delastic.apm.environment=$(KUBERNETES_NAMESPACE)  -javaagent:/opt/jboss/elastic-apm-agent-1.17.0.jar
            - name: REPORTING_ROUTING_KEY
              value: ''
          envFrom:
            - configMapRef:
                name: iam-service-configs
            - secretRef:
                name: iam-service-secret
          image: harbor.moh.gov.sa/vidamoh/csi-iam:4.2.104.0 #4.2.100.1 #4.2.99.1 
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /auth/
              port: http
            initialDelaySeconds: 1200
            failureThreshold: 3
            timeoutSeconds: 10
          name: csi-iam-app
          ports:
            - containerPort: 8080
              name: http
            - containerPort: 8443
              name: https
          readinessProbe:
            httpGet:
              path: auth/realms/master
              port: http
            initialDelaySeconds: 20
            failureThreshold: 3
            timeoutSeconds: 10
          resources:
            limits:
              memory: 6Gi
            requests:
              cpu: 150m
              memory: 988Mi
          volumeMounts:
            - mountPath: /opt/key_files
              name: cacerts
      imagePullSecrets:
        - name: regcred
      volumes:
        - name: cacerts
          projected:
            sources:
              - secret:
                  name: iam-cacerts-secret