{{- if eq (include "frontend.deployMethod" .) "haMode" }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "frontend.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cost-analyzer.commonLabels" . | nindent 4 }}
    {{- with .Values.global.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }}
    {{- toYaml .Values.kubecostDeployment.labels | nindent 4 }}
    {{- end }}
  {{- if and .Values.kubecostDeployment .Values.kubecostDeployment.annotations }}
  annotations:
    {{- toYaml .Values.kubecostDeployment.annotations | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.kubecostFrontend.haReplicas | default 2 }}
  selector:
    matchLabels:
      {{- include "frontend.selectorLabels" . | nindent 6 }}
  {{- if .Values.kubecostFrontend.deploymentStrategy }}
  {{- with .Values.kubecostFrontend.deploymentStrategy }}
  strategy: {{ toYaml . | nindent 4 }}
  {{- end }}
  {{- else }}
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  {{- end }}
  template:
    metadata:
      labels:
        {{- include "frontend.selectorLabels" . | nindent 8 }}
        {{- if .Values.global.additionalLabels }}
        {{- toYaml .Values.global.additionalLabels | nindent 8 }}
        {{- end }}
        {{- if and .Values.kubecostDeployment .Values.kubecostDeployment.labels }}
        {{- toYaml .Values.kubecostDeployment.labels | nindent 8 }}
        {{- end }}
      annotations:
        {{- with .Values.global.podAnnotations}}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        checksum/configs: {{ include "configsChecksum" . }}
    spec:
      {{- if .Values.global.platforms.openshift.enabled }}
      securityContext:
        {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }}
      {{- else if .Values.global.securityContext }}
      securityContext:
        {{- toYaml .Values.global.securityContext | nindent 8 }}
      {{- else }}
      securityContext:
        runAsUser: 1001
        runAsGroup: 1001
        fsGroup: 1001
      {{- end }}
      restartPolicy: Always
      serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }}
      volumes:
        - name: tmp
          emptyDir: {}
        - name: nginx-conf
          configMap:
            name: nginx-conf
            items:
              - key: nginx.conf
                path: default.conf
        {{- if .Values.global.containerSecuritycontext }}
        - name: var-run
          emptyDir: {}
        - name: cache
          emptyDir: {}
        {{- end }}
        {{- if .Values.kubecostFrontend.tls }}
        {{- if .Values.kubecostFrontend.tls.enabled }}
        - name: tls
          secret:
            secretName : {{ .Values.kubecostFrontend.tls.secretName }}
            items:
            - key: tls.crt
              path: kc.crt
            - key: tls.key
              path: kc.key
        {{- end }}
        {{- end }}
        {{- if .Values.kubecostAdmissionController }}
        {{- if .Values.kubecostAdmissionController.enabled }}
        {{- if .Values.kubecostAdmissionController.secretName }}
        - name: webhook-server-tls
          secret:
            secretName: {{ .Values.kubecostAdmissionController.secretName }}
            items:
            - key: tls.crt
              path: tls.crt
            - key: tls.key
              path: tls.key
        {{- end }}
        {{- end }}
        {{- end }}
      containers:
        {{- if .Values.kubecostFrontend }}
        {{- if .Values.kubecostFrontend.fullImageName }}
        - image: {{ .Values.kubecostFrontend.fullImageName }}
        {{- else if .Values.imageVersion }}
        - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }}
        {{- else if eq "development" .Chart.AppVersion }}
        - image: gcr.io/kubecost1/frontend-nightly:latest
        {{- else }}
        - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }}
        {{- end }}
        {{- else }}
        - image: gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }}
        {{- end }}
          name: cost-analyzer-frontend
          ports:
          - name: tcp-frontend
            containerPort: 9090
            protocol: TCP
          env:
            - name: GET_HOSTS_FROM
              value: dns
            {{- if .Values.kubecostFrontend.extraEnv -}}
            {{ toYaml .Values.kubecostFrontend.extraEnv | nindent 12 }}
            {{- end }}
        {{- if .Values.kubecostFrontend.securityContext }}
          securityContext:
            {{- toYaml .Values.kubecostFrontend.securityContext | nindent 12 }}
          {{- else  }}
          securityContext:
            {{- toYaml .Values.global.containerSecurityContext | nindent 12 }}
        {{- end }}
          volumeMounts:
            - name: tmp
              mountPath: /tmp
            - name: tmp
              mountPath: /var/lib/nginx/tmp
            - name: tmp
              mountPath: /var/run
            - name: nginx-conf
              mountPath: /etc/nginx/conf.d/
            {{- if .Values.global.containerSecuritycontext }}
            - mountPath: /var/cache/nginx
              name: cache
            - mountPath: /var/run
              name: var-run
            {{- end }}
            {{- if .Values.kubecostFrontend.tls }}
            {{- if .Values.kubecostFrontend.tls.enabled }}
            - name: tls
              mountPath: /etc/ssl/certs
            {{- end }}
            {{- end }}
          resources:
          {{- toYaml .Values.kubecostFrontend.resources | nindent 12 }}
        {{- if .Values.kubecostFrontend.imagePullPolicy }}
          imagePullPolicy: {{ .Values.kubecostFrontend.imagePullPolicy }}
        {{- else }}
          imagePullPolicy: Always
        {{- end }}
          {{- if .Values.kubecostFrontend.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: 9090
            initialDelaySeconds: {{ .Values.kubecostFrontend.readinessProbe.initialDelaySeconds  }}
            periodSeconds: {{ .Values.kubecostFrontend.readinessProbe.periodSeconds  }}
            failureThreshold: {{ .Values.kubecostFrontend.readinessProbe.failureThreshold  }}
          {{- end }}
          {{- if .Values.kubecostFrontend.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: 9090
            initialDelaySeconds: {{ .Values.kubecostFrontend.livenessProbe.initialDelaySeconds  }}
            periodSeconds: {{ .Values.kubecostFrontend.livenessProbe.periodSeconds  }}
            failureThreshold: {{ .Values.kubecostFrontend.livenessProbe.failureThreshold  }}
          {{- end }}
          {{- if .Values.global.containerSecuritycontext }}
          securityContext:
          {{- toYaml .Values.global.containerSecuritycontext | nindent 12 }}
          {{- end }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
      {{ toYaml .Values.imagePullSecrets | indent 2 }}
    {{- end }}
      {{- if .Values.priority }}
      {{- if .Values.priority.enabled }}
      {{- if gt (len .Values.priority.name) 0 }}
      priorityClassName: {{ .Values.priority.name }}
      {{- else }}
      priorityClassName: {{ template "cost-analyzer.fullname" . }}-priority
      {{- end }}
      {{- end }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}