---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: semaphore
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: semaphore
  template:
    metadata:
      labels:
        app: semaphore
    spec:
      initContainers:
      - name: mysql
        image: mysql:8.4
        restartPolicy: Always
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_RANDOM_ROOT_PASSWORD
          value: "'yes'"
        - name: MYSQL_DATABASE
          value: "semaphore"
        - name: MYSQL_USER
          value: "semaphore"
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: semaphore-secrets
              key: mysql_password
        volumeMounts:
        - name: db
          mountPath: /var/lib/mysql
      containers:
      - name: semaphore
        image: public.ecr.aws/semaphore/pro/server:v2.15.0
        ports:
        - containerPort: 3000
        envFrom:
        - configMapRef:
            name: semaphore-config
        env:
        - name: SEMAPHORE_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: semaphore-secrets
              key: admin_password
        - name: SEMAPHORE_DB_PASS
          valueFrom:
            secretKeyRef:
              name: semaphore-secrets
              key: mysql_password
        - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
          valueFrom:
            secretKeyRef:
              name: semaphore-secrets
              key: key
        volumeMounts:
        - name: ssh
          mountPath: /home/semaphore/.ssh/
      volumes:
      - name: db
        persistentVolumeClaim:
          claimName: longhorn-semaphore
      - name: ssh
        persistentVolumeClaim:
          claimName: longhorn-semaphore-ssh