apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: gh-authz
    app.kubernetes.io/name: gh-authz
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    argocd.argoproj.io/hook: Synce
  name: gh-authz
  namespace: generations-heritage
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: gh-authz
      app.kubernetes.io/name: gh-authz
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: gh-authz
        app.kubernetes.io/name: gh-authz
    spec:
      containers:
        - image: vcscsvcscs/gheritage-auth-service:latest
          imagePullPolicy: Always
          name: gh-authz
          ports:
          - containerPort: 443
            name: gin
          securityContext:
            runAsUser: 0
          resources:
            limits:
              cpu: 250m
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 50Mi
          volumeMounts:
            - name: gh-authz-certs
              mountPath: /etc/gh-authz/ssl
            - name: zitadel-service-account
              mountPath: /etc/gh-authz/zitadel
      volumes:
      - name: gh-authz-certs
        secret:
          secretName: gh-authz-tls
      - name: zitadel-service-account
        secret:
          secretName: zitadel-service-account