---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ghostfolio
  namespace: default
spec:
  selector:
    matchLabels:
      app: ghostfolio
  template:
    metadata:
      labels:
        app: ghostfolio
    spec:
      initContainers:
      - name: cleanup-postgres
        image: busybox
        command:
        - /bin/sh
        - -c
        - rm -rf /var/lib/postgresql/data/lost+found
        volumeMounts:
        - name: ghostfolio-data
          mountPath: /var/lib/postgresql/data
      - name: redis
        image: docker.io/library/redis:alpine
        command:
        - /bin/sh
        - -c
        - redis-server --requirepass "$(redis-password)"
        envFrom:
        - secretRef:
            name: ghostfolio-secrets
        restartPolicy: Always
        securityContext:
          runAsUser: 999
          runAsGroup: 1000
          capabilities:
            drop:
            - ALL
          allowPrivilegeEscalation: false
        env:
        - name: REDIS_HOST
          value: "redis"
        - name: REDIS_PORT
          value: "6379"
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: redis-password
      - name: postgres
        image: docker.io/library/postgres:15-alpine
        restartPolicy: Always
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - CHOWN
            - DAC_READ_SEARCH
            - FOWNER
            - SETGID
            - SETUID
          allowPrivilegeEscalation: false
        env:
        - name: POSTGRES_USER
          value: "ghostfolio"
        - name: POSTGRES_DB
          value: "ghostfolio"
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: postgres-password
      containers:
      - name: ghostfolio
        image: docker.io/ghostfolio/ghostfolio:2.186.0
        securityContext:
          capabilities:
            drop:
            - ALL
          allowPrivilegeEscalation: false
        ports:
        - containerPort: 3333
        volumeMounts:
        - name: ghostfolio-data
          mountPath: /var/lib/postgresql/data
        env:
        - name: REDIS_HOST
          value: "localhost"
        - name: REDIS_PORT
          value: "6379"
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: redis-password
        - name: POSTGRES_DB
          value: "ghostfolio"
        - name: POSTGRES_USER
          value: "ghostfolio"
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: postgres-password
        - name: ACCESS_TOKEN_SALT
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: access-token-salt
        - name: JWT_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: ghostfolio-secrets
              key: jwt-secret-key
        - name: DATABASE_URL
          value: "postgresql://ghostfolio:akshun9501@localhost:5432/ghostfolio?connect_timeout=300&sslmode=prefer"
      volumes:
      - name: ghostfolio-data
        persistentVolumeClaim:
          claimName: ghostfolio-ceph