apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: {{ template "pomerium.databroker.name" . }}
    helm.sh/chart: {{ template "pomerium.chart" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: databroker
  name: {{ template "pomerium.databroker.fullname" . }}
  annotations:
 {{- if .Values.databroker.deployment.annotations }}
 {{- range $key, $value := .Values.databroker.deployment.annotations }}
   {{ $key }}: {{ $value | quote }}
 {{- end }}
{{- else if .Values.annotations }}
 {{- range $key, $value := .Values.annotations }}
   {{ $key }}: {{ $value | quote }}
 {{- end }}
{{- end }}
spec:
  replicas: {{ include "pomerium.databroker.replicaCount" . }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "pomerium.databroker.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      annotations:
        checksum: {{ include "pomerium.static.checksum" . }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.databroker.deployment.podAnnotations }}
{{ toYaml .Values.databroker.deployment.podAnnotations | indent 8 }}
{{- end }}
      labels:
        app.kubernetes.io/name: {{ template "pomerium.databroker.name" . }}
        helm.sh/chart: {{ template "pomerium.chart" . }}
        app.kubernetes.io/managed-by: {{ .Release.Service }}
        app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
    spec:
{{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
      containers:
      - name: {{ .Chart.Name }}
        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        args:
          - --config=/etc/pomerium/config.yaml
{{- range $key, $value := .Values.extraArgs }}
{{- if $value }}
          - --{{ $key }}={{ $value }}
{{- else }}
          - --{{ $key }}
{{- end }}
{{- end }}
        env:
{{- if or ( or ( and .Values.databroker.tls.cert .Values.databroker.tls.key ) .Values.databroker.existingTLSSecret ) .Values.config.generateTLS }}
{{- include "pomerium.tls.internal.envVars" . | indent 8 }}
{{- end }}
        - name: SERVICES
          value: databroker
        - name: DATABROKER_STORAGE_TYPE
          value: {{ include "pomerium.databroker.storage.type" . }}
{{- include "pomerium.metrics.envVars" . | indent 8}}
{{- include "pomerium.databroker.tlsEnv" . | indent 8 }}
{{- range $name, $value := .Values.extraEnv }}
        - name: {{ $name }}
          value: {{ quote $value }}
{{- end }}
{{- range $name, $value := .Values.databroker.deployment.extraEnv }}
        - name: {{ $name }}
          value: {{ quote $value }}
{{- end }}
        envFrom:
          - secretRef:
              name: {{ include "pomerium.sharedSecretName" . }}
{{- if or .Values.redis.enabled .Values.databroker.storage.connectionString }}
          - secretRef:
              name: {{ include "pomerium.databroker.storage.secret" . }}
{{- end }}
{{- if .Values.extraEnvFrom }}
{{        toYaml .Values.extraEnvFrom | indent 10 }}
{{- end }}
        ports:
          - containerPort: {{ template "pomerium.trafficPort.number" . }}
            name: {{ template "pomerium.grpcTrafficPort.name" . }}
            protocol: TCP
          - containerPort: {{ .Values.metrics.port }}
            name: metrics
            protocol: TCP
        livenessProbe:
          tcpSocket:
            port: {{ template "pomerium.grpcTrafficPort.name" . }}
          initialDelaySeconds: 15
        readinessProbe:
          tcpSocket:
            port: {{ template "pomerium.grpcTrafficPort.name" . }}
        resources:
{{ toYaml .Values.resources | indent 10 }}
        volumeMounts:
          - mountPath: {{ include "pomerium.databroker.storage.clientTLS.path" . }}
            name: databroker-client-tls
{{ include "pomerium.volumeMounts" . | indent 10 }}
      serviceAccountName: {{ template "pomerium.databroker.serviceAccountName" . }}
      volumes:
        - name: databroker-client-tls
          secret:
            secretName: {{ include "pomerium.databroker.storage.clientTLS.secret" . }}
{{ include "pomerium.volumes.shared" . | indent 8 }}
{{- $ctx := . }}
{{- $_ := set $ctx "currentServiceName" "databroker" }}
{{ include "pomerium.volumes.service" $ctx | indent 8 }}
{{- if .Values.imagePullSecrets }}
      imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
      nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
      tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
      affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}