apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: database
spec:
  selector:
    matchLabels:
      app-service: db-internal
  template:
    metadata:
      labels:
        app-service: db-internal
    spec:
      serviceAccountName: mariadb-service-account
      initContainers:
      - name: create-secret
        image: bzl://hack/deps:kubectl_container_push
        command:
        - "/bin/sh"
        - "-c"
        args:
        - if ! kubectl get -n database secret credentials; then kubectl create -n database secret generic credentials --from-literal=name="database" --from-literal=user="user" --from-literal=password="$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 16)" --from-literal=root_password="$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 16)"; fi
      containers:
      - name: mariadb
        image: bzl://hack/deps:mariadb_container_push
        args:
        - --bind-address=0.0.0.0
        ports:
        - name: db-port
          containerPort: 3306
        env:
        - name: MARIADB_DATABASE
          valueFrom:
            secretKeyRef:
              name: credentials
              key: name
        - name: MARIADB_USER
          valueFrom:
            secretKeyRef:
              name: credentials
              key: user
        - name: MARIADB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: credentials
              key: password
        - name: MARIADB_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: credentials
              key: root_password
        resources:
          limits:
            cpu: "500m"
            memory: 256Mi
          requests:
            cpu: "10m"
            memory: 64Mi
        volumeMounts:
        - name: db-data
          mountPath: "/var/lib/mysql"
  volumeClaimTemplates:
  - metadata:
      name: db-data
    spec:
      resources:
        requests:
          storage: 5Gi
      accessModes: ["ReadWriteOncePod"]
  serviceName: db-internal