#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "cloudnative-pg.fullname" . }}
  labels:
    {{- include "cloudnative-pg.labels" . | nindent 4 }}
  {{- with .Values.commonAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "cloudnative-pg.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
      {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "cloudnative-pg.selectorLabels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.hostNetwork }}
      hostNetwork: {{ .Values.hostNetwork }}
      {{- end }}
      {{- if .Values.dnsPolicy }}
      dnsPolicy: {{ .Values.dnsPolicy }}
      {{- end }}
      containers:
      - args:
        - controller
        - --leader-elect
        {{- if .Values.config.name }}
        {{- if not .Values.config.secret }}
        - --config-map-name={{ .Values.config.name }}
        {{- else }}
        - --secret-name={{ .Values.config.name }}
        {{- end }}
        {{- end }}
        - --webhook-port={{ .Values.webhook.port }}
        {{- range .Values.additionalArgs }}
        - {{ . }}
        {{- end }}
        command:
        - /manager
        env:
        - name: OPERATOR_IMAGE_NAME
          value: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        - name: OPERATOR_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MONITORING_QUERIES_CONFIGMAP
          value: "{{ .Values.monitoringQueriesConfigMap.name }}"
        {{- if .Values.additionalEnv }}
        {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
        {{- end }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        livenessProbe:
          httpGet:
            path: /readyz
            port: {{ .Values.webhook.port }}
            scheme: HTTPS
          {{- if .Values.webhook.livenessProbe.initialDelaySeconds }}
          initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
          {{- end }}
        name: manager
        ports:
        - containerPort: 8080
          name: metrics
          protocol: TCP
        - containerPort: {{ .Values.webhook.port }}
          name: webhook-server
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /readyz
            port: {{ .Values.webhook.port }}
            scheme: HTTPS
          {{- if .Values.webhook.readinessProbe.initialDelaySeconds }}
          initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
          {{- end }}
        resources:
          {{- toYaml .Values.resources | nindent 10 }}
        securityContext:
          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
        volumeMounts:
        - mountPath: /controller
          name: scratch-data
        - mountPath: /run/secrets/cnpg.io/webhook
          name: webhook-certificates
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      serviceAccountName: {{ include "cloudnative-pg.serviceAccountName" . }}
      terminationGracePeriodSeconds: 10
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
      - emptyDir: {}
        name: scratch-data
      - name: webhook-certificates
        secret:
          defaultMode: 420
          optional: true
          secretName: cnpg-webhook-cert