local resfdeploy = import 'ci/resfdeploy.jsonnet';
local db = import 'ci/db.jsonnet';
local kubernetes = import 'ci/kubernetes.jsonnet';
local common = import 'hydra/deploy/common.jsonnet';

resfdeploy.new({
  name: 'hydra-admin',
  replicas: 1,
  dbname: 'hydra',
  backend: true,
  // Custom migration
  migrate: true,
  migrate_command: ['/bin/sh'],
  migrate_args: common.sh_args($.dsn, '/usr/bin/hydra migrate sql -e --yes'),
  legacyDb: common.legacyDb,
  command: '/bin/sh',
  // We can use dangerous-force-http because we're using mTLS internally
  // and terminate TLS at ingress point.
  args: common.sh_args($.dsn, '/usr/bin/hydra serve admin --dangerous-force-http'),
  image: common.image,
  tag: common.tag,
  dsn: {
    name: 'DSN',
    value: std.strReplace(db.dsn_legacy('hydra', false, 'hydra-admin'), 'postgresql://', 'postgres://') + "&max_conn_lifetime=5m",
  },
  requests: if kubernetes.prod() then {
    cpu: '0.2',
    memory: '512M',
  },
  limits: if kubernetes.prod() then {
    cpu: '2',
    memory: '8G',
  },
  ports: [
    {
      name: 'http',
      containerPort: 4445,
      protocol: 'TCP',
    },
  ],
  health: {
    path: '/health/alive',
    port: 4445,
  },
  env: common.env + [$.dsn],
})