{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}

{{- if .Values.manifests.deployment_drydock }}
{{- $envAll := . -}}
{{- $labels :=  tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
{{- $serviceAccountName := "drydock-api" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drydock-api
  labels:
{{ $labels | indent 4 }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
  replicas: {{ .Values.replicas.drydock }}
  selector:
    matchLabels:
{{ $labels | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
  template:
    metadata:
      labels:
{{ $labels | indent 8 }}
      annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "init" "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
{{ dict "envAll" $envAll "application" "drydock" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      nodeSelector:
        {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value | quote }}
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: Always
      affinity:
{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      initContainers:
{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: drydock-api
          image: {{ .Values.images.tags.drydock }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "drydock" "container" "drydock_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          env:
            - name: 'MAAS_API_KEY'
              valueFrom:
                secretKeyRef:
                  name: 'maas-api-key'
                  key: 'token'
            - name: 'DRYDOCK_API_WORKERS'
              value: {{ .Values.conf.uwsgi.workers | default 1 | quote }}
            - name: 'DRYDOCK_API_THREADS'
              value: {{ .Values.conf.uwsgi.threads | default 1 | quote }}
          ports:
            - name: drydock-api
              containerPort: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
          volumeMounts:
            - name: etc-drydock
              mountPath: /etc/drydock
            - name: drydock-etc
              subPath: drydock.conf
              mountPath: /etc/drydock/drydock.conf
              readOnly: true
            - name: drydock-etc
              subPath: api-paste.ini
              mountPath: /etc/drydock/api-paste.ini
              readOnly: true
            - name: drydock-etc
              subPath: policy.yaml
              mountPath: /etc/drydock/policy.yaml
              readOnly: true
{{- if .Values.manifests.secret_ssh_key }}
            - name: root-ssh
              mountPath: /root/.ssh
            - name: priv-key
              subPath: PRIVATE_KEY
              mountPath: /root/.ssh/id_rsa
              readOnly: true
            - name: drydock-etc
              subPath: ssh-config
              mountPath: /root/.ssh/config
              readOnly: true
{{- end }}
          workingDir: /tmp/drydock
      volumes:
{{- if .Values.manifests.secret_ssh_key }}
        - name: root-ssh
          emptyDir: {}
        - name: priv-key
          secret:
            secretName: {{ .Release.Name }}-{{ .Values.secrets.ssh_key }}
            defaultMode: 0400
{{- end }}
        - name: etc-drydock
          emptyDir: {}
        - name: drydock-etc
          configMap:
            name: drydock-etc
            defaultMode: 0444
...
{{- end }}