# services/quality/sonarqube-exporter-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sonarqube-exporter
  namespace: quality
  labels:
    app: sonarqube-exporter
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonarqube-exporter
  template:
    metadata:
      labels:
        app: sonarqube-exporter
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "quality"
        vault.hashicorp.com/agent-inject-secret-sonarqube-exporter-env.sh: "kv/data/atlas/quality/sonarqube-oidc"
        vault.hashicorp.com/agent-inject-template-sonarqube-exporter-env.sh: |
          {{- with secret "kv/data/atlas/quality/sonarqube-oidc" -}}
          export SONARQUBE_TOKEN="{{ .Data.data.sonarqube_exporter_token }}"
          {{- end -}}
        prometheus.io/scrape: "true"
        prometheus.io/port: "9798"
        prometheus.io/path: /metrics
    spec:
      serviceAccountName: quality-vault-sync
      nodeSelector:
        node-role.kubernetes.io/worker: "true"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values: ["arm64"]
                  - key: hardware
                    operator: In
                    values: ["rpi5"]
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi5"]
      containers:
        - name: exporter
          image: registry.bstein.dev/bstein/python:3.12-slim
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
            - -ec
          args:
            - |
              if [ -f /vault/secrets/sonarqube-exporter-env.sh ]; then
                . /vault/secrets/sonarqube-exporter-env.sh
              fi
              cp /config/exporter.py /app/exporter.py
              python /app/exporter.py
          env:
            - name: SONARQUBE_URL
              value: http://sonarqube.quality.svc.cluster.local:9000
            - name: SONARQUBE_EXPORTER_PORT
              value: "9798"
            - name: SONARQUBE_EXPORTER_CACHE_TTL_SECONDS
              value: "45"
            - name: SONARQUBE_PROJECT_LIMIT
              value: "250"
          ports:
            - name: metrics
              containerPort: 9798
          readinessProbe:
            httpGet:
              path: /-/healthy
              port: 9798
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /-/healthy
              port: 9798
            initialDelaySeconds: 20
            periodSeconds: 20
          resources:
            requests:
              cpu: 25m
              memory: 96Mi
            limits:
              cpu: 250m
              memory: 256Mi
          volumeMounts:
            - name: exporter-script
              mountPath: /config
              readOnly: true
            - name: app-tmp
              mountPath: /app
      volumes:
        - name: exporter-script
          configMap:
            name: sonarqube-exporter-script
            defaultMode: 493
        - name: app-tmp
          emptyDir: {}