# Copyright BigchainDB GmbH and BigchainDB contributors
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: web-proxy-instance-0-dep
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: web-proxy-instance-0-dep
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: web-proxy
        image: bigchaindb/nginx-https-web-proxy:0.10
        imagePullPolicy: Always
        env:
        - name: PROXY_FQDN
          valueFrom:
            configMapKeyRef:
              name: proxy-vars
              key: proxy-fqdn
        - name: PROXY_FRONTEND_PORT
          valueFrom:
            configMapKeyRef:
              name: proxy-vars
              key: proxy-frontend-port
        - name: PROXY_REFERRER_POLICY
          valueFrom:
            configMapKeyRef:
              name: proxy-vars
              key: proxy-referrer-policy
        - name: PROXY_EXPECTED_REFERER_HEADER
          valueFrom:
            configMapKeyRef:
              name: proxy-vars
              key: expected-http-referer
        - name: PROXY_EXPECTED_ORIGIN_HEADER
          valueFrom:
            configMapKeyRef:
              name: proxy-vars
              key: expected-http-origin
        - name: OPENRESTY_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vars
              key: ngx-openresty-instance-name
        - name: OPENRESTY_BACKEND_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: openresty-backend-port
        - name: DNS_SERVER
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-dns-server-ip
        - name: HEALTH_CHECK_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-health-check-port
        - name: BIGCHAINDB_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vars
              key: ngx-bdb-instance-name
        - name: BIGCHAINDB_API_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: bigchaindb-api-port
        ports:
        - containerPort: <port where the proxy is listening for requests>
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: <node-health-check-port from the ConfigMap>
          initialDelaySeconds: 15
          periodSeconds: 15
          failureThreshold: 3
          timeoutSeconds: 10
        resources:
          limits:
            cpu: 200m
            memory: 256Mi
        volumeMounts:
        - name: proxy-https-certs
          mountPath: /etc/nginx/ssl/
          readOnly: true
        - name: proxy-credentials
          mountPath: /etc/nginx/proxy/credentials/
          readOnly: true
      restartPolicy: Always
      volumes:
      - name: proxy-https-certs
        secret:
          secretName: proxy-https-certs
          defaultMode: 0400
      - name: proxy-credentials
        secret:
          secretName: proxy-credentials
          defaultMode: 0400