---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: memelord
  namespace: memelord-jake
spec:
  replicas: 1
  selector:
    matchLabels:
      app: memelord
  template:
    metadata:
      labels:
        app: memelord
    spec:
      containers:
        - name: memelord
          image: ghcr.io/l4rm4nd/memelord:latest
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 8000

          env:
            - name: DOMAIN
              value: "memelord-jake.ee-lte-1.codemowers.io"

            # Database Configuration
            - name: DB_ENGINE
              value: "postgres"
            - name: POSTGRES_HOST
              value: "memelord-jake-database-rw"
            - name: POSTGRES_PORT
              value: "5432"
            - name: POSTGRES_DB
              value: "memelord-jake"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: memelord-jake-database
                  key: username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: memelord-jake-database
                  key: password

            # Redis Configuration
            - name: REDIS_HOST
              value: "memelord-jake-redis"
            - name: REDIS_PORT
              value: "6379"
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: memelord-jake-redis
                  key: redis-password

            # S3/MinIO Storage Configuration
            - name: STORAGE_BACKEND
              value: "s3"
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: memelord-jake-bucket
                  key: accessKey
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: memelord-jake-bucket
                  key: secretKey
            - name: AWS_STORAGE_BUCKET_NAME
              value: "memelord-jake"
            - name: AWS_S3_ENDPOINT_URL
              value: "https://minio.ee-lte-1.codemowers.io"
            - name: AWS_S3_REGION_NAME
              value: "ee-lte-1"

            # OIDC Configuration
            - name: OIDC_ENABLED
              value: "True"
            - name: OIDC_CREATE_USER
              value: "True"
            - name: OIDC_RP_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: oidc-client-memelord-jake-owner-secrets
                  key: OIDC_CLIENT_ID
            - name: OIDC_RP_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: oidc-client-memelord-jake-owner-secrets
                  key: OIDC_CLIENT_SECRET

            # Browser-facing endpoint (external URL)
            - name: OIDC_OP_AUTHORIZATION_ENDPOINT
              value: "https://auth.ee-lte-1.codemowers.io/auth"

            # Server-to-server endpoints (internal URLs)
            - name: OIDC_OP_TOKEN_ENDPOINT
              value: "http://passmower.passmower.svc.cluster.local/token"
            - name: OIDC_OP_USER_ENDPOINT
              value: "http://passmower.passmower.svc.cluster.local/me"
            - name: OIDC_OP_JWKS_ENDPOINT
              value: "http://passmower.passmower.svc.cluster.local/jwks"

            - name: OIDC_RP_SIGN_ALGO
              value: "RS256"
            - name: OIDC_AUTOLOGIN
              value: "False"

            # General Configuration
            - name: DEBUG
              value: "True"
            - name: SECURE_COOKIES
              value: "True"

          # Use the patched app code (including patched settings.py)
          volumeMounts:
            - name: settings
              mountPath: /opt/app/myproject/settings.py
              subPath: settings.py
              readOnly: true

      volumes:
        - name: settings
          configMap:
            name: settings