#   Copyright (c) 2019 AT&T Intellectual Property.
#   Copyright (c) 2019 Nokia.
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "appmgr.fullname" . }}
  labels:
    app.kubernetes.io/name: {{ include "appmgr.name" . }}
    helm.sh/chart: {{ include "appmgr.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "appmgr.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "appmgr.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.image.containerPort }}
              protocol: TCP
          volumeMounts:
            - name: config-volume
              mountPath: {{ .Values.appconfigpath }}
            - name: secret-volume
              mountPath: {{ .Values.appsecretpath }}
            - name: cert-volume
              mountPath: {{ .Values.appcertpath }}
          envFrom:
            - configMapRef:
                name: {{ .Release.Name }}-appenv
          livenessProbe:
            httpGet:
              path: {{ .Values.service.health_alive_check_endpoint }}
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 5
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: {{ .Values.service.health_ready_check_endpoint }}
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 5
            failureThreshold: 3
          restartPolicy: Always
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          securityContext:
            # ubuntu
            #runAsUser: 1000
            #allowPrivilegeEscalation: false
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}

      volumes:
        - name: config-volume
          configMap:
            name: {{ .Release.Name }}-appconfig
        - name: secret-volume
          secret:
            secretName: {{ .Values.appsecretobject }}
        - name: cert-volume
          configMap:
            name: {{ .Values.appcertobject }}