{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
{{- if .Release.IsInstall }}
{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }}
{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }}
{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }}
{{- end }}{{- end }}
apiVersion: v1
kind: Secret
metadata:
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
    "helm.sh/hook-weight": "3"
{{- if .Values.alertmanager.secret.annotations }}
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
{{- end }}
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
data:
{{- if .Values.alertmanager.tplConfig }}
  alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
{{- else }}
  alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
{{- end}}
{{- range $key, $val := .Values.alertmanager.templateFiles }}
  {{ $key }}: {{ $val | b64enc | quote }}
{{- end }}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
    "helm.sh/hook-weight": "5"
spec:
  template:
    metadata:
      name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
      labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }}
        app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
    spec:
      serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
{{- if .Values.alertmanager.secret.securityContext }}
      securityContext:
{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }}
{{- end }}
      containers:
        - name: copy-pre-install-secret
          image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }}
          imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }}
          command:
          - /bin/sh
          - -c
          - >
            if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then
              echo "Secret already exists"
              exit 1
            fi;
            kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml
            alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
            -p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}'
            | kubectl apply -f -;
            kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }}
            alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
            helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-;
      restartPolicy: OnFailure
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
    "helm.sh/hook-weight": "3"
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs: ['create', 'get', 'patch']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
    "helm.sh/hook-weight": "3"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
subjects:
- kind: ServiceAccount
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
    "helm.sh/hook-weight": "3"
{{- end }}