resource "kubectl_manifest" "deploy" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
      annotations:
        configmap.reloader.stakater.com/reload: "${kubectl_manifest.config.name}"
        secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}"
    spec:
      replicas: ${var.replicas}
      selector:
        matchLabels: ${jsonencode(local.common_labels)}
      template:
        metadata:
          labels: ${jsonencode(local.common_labels)}
        spec:
          containers:
          - name: infisical-backend
            image: "${var.images.infisical.registry}/${var.images.infisical.repository}:${var.images.infisical.tag}"
            imagePullPolicy: "${var.images.infisical.pull_policy}"
            readinessProbe:
              httpGet:
                path: /api/status
                port: 8080
              initialDelaySeconds: 10
              periodSeconds: 10
            ports:
            - containerPort: 8080
              name: http
              protocol: TCP
            envFrom:
            - configMapRef:
                name: "${kubectl_manifest.config.name}"
            - secretRef:
                name: "${kubectl_manifest.secret.name}"
            volumeMounts:
            - name: certs
              mountPath: /etc/local-ca
              readOnly: true
          restartPolicy: Always
          volumes:
          - name: certs
            secret:
              secretName: "${module.ingress.sercret_name}"
              defaultMode: 0444
 EOF
}