apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "sthome-webhook.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    app: {{ include "sthome-webhook.name" . }}
    chart: {{ include "sthome-webhook.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ include "sthome-webhook.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ include "sthome-webhook.name" . }}
        release: {{ .Release.Name }}
    spec:
      serviceAccountName: {{ include "sthome-webhook.fullname" . }}
      imagePullSecrets:
      - name: {{ .Values.imageCredentials.name }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
            - --tls-cert-file=/tls/tls.crt
            - --tls-private-key-file=/tls/tls.key
            - --secure-port=8443
        {{- range $key, $value := .Values.extraArgs }}
            {{- if $value }}
            - --{{ $key }}={{ $value }}
            {{- else }}
            - --{{ $key }}
            {{- end }}
        {{- end }}  
          env:
            - name: GROUP_NAME
              value: {{ .Values.groupName | quote }}
          ports:
            - name: https
              containerPort: 8443
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /healthz
              port: https
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: /healthz
              port: https
          volumeMounts:
            - name: certs
              mountPath: /tls
              readOnly: true
            - name: scriptdir
              mountPath: /acme
              readOnly: false
            - name: workdir
              mountPath: /workdir
              readOnly: false
            - name: webroot
              mountPath: /webroot
              readOnly: false
          resources:
{{ toYaml .Values.resources | indent 12 }}
      volumes:
        - name: certs
          secret:
            secretName: {{ include "sthome-webhook.servingCertificate" . }}
        - name: scriptdir
          hostPath:
            path: {{ .Values.host.scriptdir }}
        - name: workdir
          hostPath:
            path: {{ .Values.host.workdir }}
        - name: webroot
          hostPath:
            path: {{ .Values.host.webrootdir }}

    {{- with .Values.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.dnsPolicy }}
      dnsPolicy:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.dnsConfig }}
      dnsConfig:
{{ toYaml . | indent 8 }}
    {{- end }}