apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "vault-operator.fullname" . }}
  labels:
    helm.sh/chart: {{ include "vault-operator.chart" . }}
    app.kubernetes.io/name: {{ include "vault-operator.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- with .Values.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
  strategy:
    type: Recreate
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "vault-operator.name" . }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "vault-operator.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      {{- with .Values.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ include "vault-operator.vault-operator.version" . }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command:
            - vault-operator
            - -sync_period
            - {{ .Values.syncPeriod }}
          env:
            - name: WATCH_NAMESPACE
              value: {{ .Values.watchNamespace | quote }}
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: {{ include "vault-operator.name" . }}
            - name: OPERATOR_LOG_LEVEL
              value: debug
            - name: BANK_VAULTS_IMAGE
              value: "{{ .Values.image.bankVaultsRepository }}:{{ include "vault-operator.bank-vaults.version" . }}"
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: 8383
          {{- with .Values.securityContext }}
          securityContext:
          {{- toYaml . | nindent 12 }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: "/"
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.livenessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
          readinessProbe:
            httpGet:
              path: "/ready"
              port: {{ .Values.service.internalPort }}
            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.readinessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      affinity:
        {{- toYaml .Values.affinity | nindent 8 }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "vault-operator.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- include "vault-operator.imagePullSecrets" . | indent 6 }}