apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: ngx-instance-0-dep
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: ngx-instance-0-dep
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx
        image: bigchaindb/nginx_https:2.0.0-alpha5
        imagePullPolicy: Always
        env:
        - name: NODE_FRONTEND_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-frontend-port
        - name: HEALTH_CHECK_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-health-check-port
        - name: NODE_FQDN
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-fqdn
        - name: DNS_SERVER
          valueFrom:
            configMapKeyRef:
              name: vars
              key: node-dns-server-ip
        - name: MONGODB_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vars
              key: ngx-mdb-instance-name
        - name: MONGODB_BACKEND_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: mongodb-backend-port
        - name: OPENRESTY_BACKEND_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: openresty-backend-port
        - name: OPENRESTY_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vars
              key: ngx-openresty-instance-name
        - name: BIGCHAINDB_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: vars
              key: ngx-bdb-instance-name
        - name: BIGCHAINDB_API_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: bigchaindb-api-port
        - name: BIGCHAINDB_WS_PORT
          valueFrom:
            configMapKeyRef:
              name: vars
              key: bigchaindb-ws-port
        - name: TM_PUB_KEY_ACCESS_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: bdb-pub-key-access
        - name: TM_P2P_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: bdb-p2p-port
        - name: AUTHORIZATION_MODE
          valueFrom:
            configMapKeyRef:
              name: vars
              key: authorization-mode
        - name: SECRET_ACCESS_TOKEN
          valueFrom:
            secretKeyRef:
              name: nginx-secret-header
              key: secret-token
        ports:
        # return a pretty error message on port 80, since we are expecting
        # HTTPS traffic.
        - containerPort: 80
          protocol: TCP
        - containerPort: 443
          protocol: TCP
        - containerPort: 8888
          protocol: TCP
          name: ngx-port
        - containerPort: 9986
          protocol: TCP
          name: bdb-pub-key
        - containerPort: 26656
          protocol: TCP
          name: bdb-p2p-port
        livenessProbe:
          httpGet:
            path: /health
            port: ngx-port
          initialDelaySeconds: 15
          periodSeconds: 15
          failureThreshold: 3
          timeoutSeconds: 10
        resources:
          limits:
            cpu: 200m
            memory: 768Mi
        volumeMounts:
        - name: https-certs
          mountPath: /etc/nginx/ssl/
          readOnly: true
      restartPolicy: Always
      volumes:
      - name: https-certs
        secret:
          secretName: https-certs
          defaultMode: 0400