apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "zot.fullname" . }}
  namespace: {{ .Values.namespace | default .Release.Namespace }}
  labels:
    {{- include "zot.labels" . | nindent 4 }}
  {{- with .Values.deploymentAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
  {{- with .Values.strategy }}
  strategy:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "zot.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- if and .Values.mountConfig .Values.configFiles }}
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- end }}
        {{- if and .Values.mountSecret .Values.secretFiles }}
        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.forceRoll }}
        rollme: {{ randAlphaNum 5 | quote }}
        {{- end }}
      labels:
        {{- include "zot.selectorLabels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "zot.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- with .Values.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- with .Values.extraArgs }}
          args:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          env:
            {{- toYaml .Values.env | nindent 12 }}
          ports:
            - name: zot
              containerPort: 5000
              protocol: TCP
          {{- if or (not (empty .Values.extraVolumeMounts)) .Values.mountConfig .Values.mountSecret .Values.persistence .Values.externalSecrets }}
          volumeMounts:
          {{- if .Values.mountConfig }}
            - mountPath: '/etc/zot'
              name: {{ .Release.Name }}-config
          {{- end }}
          {{- if .Values.mountSecret }}
            - mountPath: '/secret'
              name: {{ .Release.Name }}-secret
          {{- end }}
          {{- range .Values.externalSecrets }}
            - mountPath: {{ .mountPath | quote }}
              name: {{ .secretName | quote }}
          {{- end }}
          {{- if .Values.persistence }}
            - mountPath: '/var/lib/registry'
              name: {{ .Release.Name }}-volume
          {{- end }}
          {{- with .Values.extraVolumeMounts }}
          {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- end }}
          livenessProbe:
            initialDelaySeconds: 5
            httpGet:
              path: /v2/
              port: 5000
              scheme: {{ .Values.httpGet.scheme }}
              {{- if .Values.authHeader }}
              httpHeaders:
                - name: Authorization
                  value: Basic {{ .Values.authHeader }}
              {{- end }}
          readinessProbe:
            initialDelaySeconds: 5
            httpGet:
              path: /v2/
              port: 5000
              scheme: {{ .Values.httpGet.scheme }}
              {{- if .Values.authHeader }}
              httpHeaders:
                - name: Authorization
                  value: Basic {{ .Values.authHeader }}
              {{- end }}
          startupProbe:
            initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.startupProbe.periodSeconds }}
            failureThreshold: {{ .Values.startupProbe.failureThreshold }}
            httpGet:
              path: /v2/
              port: 5000
              scheme: {{ .Values.httpGet.scheme }}
              {{- if .Values.authHeader }}
              httpHeaders:
                - name: Authorization
                  value: Basic {{ .Values.authHeader }}
              {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- if or .Values.mountConfig .Values.mountSecret .Values.persistence .Values.externalSecrets (not (empty .Values.extraVolumes))}}
      volumes:
      {{- if .Values.mountConfig }}
        - name: {{ .Release.Name }}-config
          configMap:
            name: {{ .Release.Name }}-config
      {{- end }}
      {{- if .Values.mountSecret }}
        - name: {{ .Release.Name }}-secret
          secret:
            secretName: {{ .Release.Name }}-secret
      {{- end }}
      {{- range .Values.externalSecrets }}
        - name: {{ .secretName }}
          secret:
            secretName: {{ .secretName }}
      {{- end }}
      {{- if .Values.persistence }}
        - name: {{ .Release.Name }}-volume
          persistentVolumeClaim:
            claimName: {{ .Values.pvc.name | default (printf "%s-pvc" .Release.Name) }}
      {{- end }}
      {{- with .Values.extraVolumes }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.dnsPolicy }}