################################################################################
#   Copyright (c) 2019 AT&T Intellectual Property.                             #
#   Copyright (c) 2019 Nokia.                                                  #
#                                                                              #
#   Licensed under the Apache License, Version 2.0 (the "License");            #
#   you may not use this file except in compliance with the License.           #
#   You may obtain a copy of the License at                                    #
#                                                                              #
#       http://www.apache.org/licenses/LICENSE-2.0                             #
#                                                                              #
#   Unless required by applicable law or agreed to in writing, software        #
#   distributed under the License is distributed on an "AS IS" BASIS,          #
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
#   See the License for the specific language governing permissions and        #
#   limitations under the License.                                             #
################################################################################
{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
{{- $topCtx :=  . }}
{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
{{- $certName := include "common.tillerHelmClientTLSSecret" $ctx }} 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "common.deploymentname.appmgr" . }}
  namespace: {{ include "common.namespace.platform" . }}
  labels:
    app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.appmgr.replicaCount }}
  selector:
    matchLabels:
      app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      {{- if .Values.appmgr.annotations }}
      annotations:
        {{- .Values.appmgr.annotations | nindent 8 -}}
      {{ end }}
      labels:
        app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
        release: {{ .Release.Name }}
    spec:
      hostname: {{ include "common.name.appmgr" . }}
      serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }}
      imagePullSecrets:
        {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }}
        - name: {{ include "common.dockerregistry.credential" $newctx -}}
{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" )  (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
      initContainers:
        - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
          {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.init.registry }}
          image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
          {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
          imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
          env:
            - name: SVCACCT_NAME
              value: {{ include "common.serviceaccountname.appmgr" . }}
            - name: CLUSTER_NAME
              value: {{ default "kubernetes" .Values.appmgr.clusterName }}
            - name: KUBECONFIG
              value: /tmp/kubeconfig
            - name: K8S_API_HOST
              value: {{ default "https://kubernetes.default.svc.cluster.local/" .Values.common.k8sAPIHost }}
            - name: SECRET_NAMESPACE
              value: {{ include "common.tillerDeployNameSpace" $ctx }}
            - name: SECRET_NAME
              value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
          envFrom:
            - configMapRef:
                name: {{ include "common.configmapname.appmgr" . }}-env
          command: ["/appmgr-tiller-secret-copier.sh"]
          volumeMounts:
            - name: helm-secret-volume
              mountPath: {{ $secretPath }}
              readOnly: false
            - name: appmgr-bin-volume
              mountPath: /svcacct-to-kubeconfig.sh
              subPath: svcacct-to-kubeconfig.sh
            - name: appmgr-bin-volume
              mountPath: /appmgr-tiller-secret-copier.sh
              subPath: appmgr-tiller-secret-copier.sh
{{- end }}      
      containers:
        - name: {{ include "common.containername.appmgr.chartmuseum" . }}
          {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.chartmuseum.registry }}
          image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.chartmuseum.name }}:{{ .Values.appmgr.image.chartmuseum.tag }}
          {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
          imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
          securityContext:
            fsGroup: 0
            runAsUser: 0
          envFrom:
            - configMapRef:
                name: {{ include "common.configmapname.appmgr" . }}-chartmuseum-env
          ports:
            - name: chartmuseum
              containerPort: {{ include "common.serviceport.appmgr.chartmuseum.http" . }}
              protocol: TCP
        - name: {{ include "common.containername.appmgr" . }}
          {{- $newctx := dict "ctx" $topCtx "defaultregistry" .Values.appmgr.image.appmgr.registry }}
          image: {{ include "common.dockerregistry.url" $newctx }}/{{ .Values.appmgr.image.appmgr.name }}:{{ .Values.appmgr.image.appmgr.tag }}
          {{- $newctx := dict "ctx" $topCtx "defaultpullpolicy" .Values.appmgr.imagePullPolicy }}
          imagePullPolicy: {{ include "common.dockerregistry.pullpolicy" $newctx }}
          ports:
            - name: http
              containerPort: {{ include "common.serviceport.appmgr.http" . }}
              protocol: TCP
            - name: rmrroute
              containerPort: {{ include "common.serviceport.appmgr.rmr.route" . }}
              protocol: TCP
            - name: rmrdata
              containerPort: {{ include "common.serviceport.appmgr.rmr.data" . }}
              protocol: TCP
          volumeMounts:
            - name: config-volume
              mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml
              subPath: appmgr.yaml
            - name: helm-secret-volume
              mountPath: {{ $secretPath }}
              readOnly: false
            - name: secret-volume
              mountPath: {{ $secretPath }}/helm_repo_username
              subPath: helm_repo_username
            - name: secret-volume
              mountPath: {{ $secretPath }}/helm_repo_password
              subPath: helm_repo_password
          envFrom:
            - configMapRef:
                name: {{ include "common.configmapname.appmgr" . }}-env
          livenessProbe:
            #exec:
            #  command:
            #    - /bin/bash
            #    - -c
            #    - ps -ef | grep {{ .Values.livenessprocessname }}| grep -v "grep"
            #initialDelaySeconds: 120
            #periodSeconds: 30
          readinessProbe:
          #  httpGet:
          #    path: /
          #    port: http
          restartPolicy: Always
          securityContext:
            # ubuntu
            #runAsUser: 1000
            #allowPrivilegeEscalation: false
      volumes:
        - name: config-volume
          configMap:
            name: {{ include "common.configmapname.appmgr" . }}-appconfig
        - name: secret-volume
          secret:
            secretName: {{ include "common.secretname.appmgr" . }}
        - name: helm-secret-volume
          emptyDir: {}
        - name: appmgr-bin-volume
          configMap:
            name: {{ include "common.configmapname.appmgr" . }}-bin
            defaultMode: 0755