apiVersion: apps/v1
kind: Deployment
metadata:
  name: cfb-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cfb-manager
  template:
    metadata:
      labels:
        app: cfb-manager
    spec:
      imagePullSecrets:
        - name: gitea-registry
      containers:
        - name: cfb-manager
          image: gitea.inouter.com/kaffa/cf-bouncer-manager:latest
          command: ["uv", "run", "uvicorn", "api_server:app", "--host", "0.0.0.0", "--port", "8000"]
          ports:
            - containerPort: 8000
          envFrom:
            - configMapRef:
                name: cfb-manager-config
          volumeMounts:
            - name: ssh-key
              mountPath: /root/.ssh
              readOnly: true
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              cpu: 200m
              memory: 256Mi
          readinessProbe:
            tcpSocket:
              port: 8000
            initialDelaySeconds: 10
            periodSeconds: 10
          livenessProbe:
            tcpSocket:
              port: 8000
            initialDelaySeconds: 60
            periodSeconds: 30
      volumes:
        - name: ssh-key
          secret:
            secretName: cfb-ssh-key
            defaultMode: 0600
            items:
              - key: id_rsa
                path: id_rsa