apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include ".fullname" . }}
  labels:
    app: {{ include ".fullname" . }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ include ".fullname" . }}
  template:
    metadata:
      labels:
        app: {{ include ".fullname" . }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - name: {{ include ".fullname" . }}
        image: "{{ .Values.image.repository }}:{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}

        # Limit rights
        securityContext:
          allowPrivilegeEscalation: false
          capabilities: {}
          privileged: false
          readOnlyRootFilesystem: false
          runAsNonRoot: true
        
        volumeMounts:
        - name: config-volume
          mountPath: /config/
          readOnly: true
        - name: secrets  
          mountPath: /config/
          readOnly: true

        env:
          # Aggregator settings
          - name: LOGGER_PRINTLEVEL
            value: {{ .Values.config.logLevel }}

        # Limit provided ressources
        resources:
          {{- toYaml .Values.resources | nindent 10 }}
      volumes:
      - name: config-volume
        configMap:
          name: {{ include ".fullname" . }}-config
          items:
          - key: config.yaml
            path: config.yaml
      - name: secrets
        secret:
          secretName: {{ .Values.dataSecret }}
          items:
          - key: data.json
            path: data.json