apiVersion: apps/v1
kind: Deployment
metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: ghcr.io/jordan-dalby/bytestash:latest
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ALLOW_NEW_ACCOUNTS
              value: "true"
            - name: DISABLE_INTERNAL_ACCOUNTS
              value: "true"
            - name: OIDC_ENABLED
              value: "true"
            - name: OIDC_DISPLAY_NAME
              value: OIDC
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientId
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientSecret
            - name: OIDC_ISSUER_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: configurationIssuer

          volumeMounts:
            - mountPath: /data/snippets
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"