{{- $container_port := .Values.gateway.service.internalPort | default 8000 -}}
{{- $service_port := .Values.gateway.service.externalPort -}}
---
apiVersion: v1
kind: Service
metadata:
  namespace: {{ $.Release.Namespace }}
  labels:
    service: gateway
{{ include "helm.labels" . | indent 4 }}
  name: gateway
spec:
  ports:
  - name: http
    port: {{ $service_port }}
    targetPort: {{ $container_port }}
  selector:
    service: gateway
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: {{ $.Release.Namespace }}
  labels:
{{ include "helm.labels" . | indent 4 }}
    component: gateway
  name: gateway
spec:
  replicas: 1
  selector:
    matchLabels:
      service: gateway
  template:
    metadata:
      annotations:
        {{- include "k10.deploymentPodAnnotations" . | nindent 8 }}
      labels:
        {{- with merge (dict "requiredLabels" (dict "component" "gateway" "service" "gateway")) . }}
          {{- include "k10.deploymentPodLabels" . | nindent 8 }}
        {{- end }}
    spec:
      serviceAccountName: {{ template "serviceAccountName" . }}
      {{- dict "main" . "k10_deployment_name" "gateway" | include "k10.priorityClassName" | indent 6}}
      {{- include "k10.imagePullSecrets" . | indent 6 }}
      containers:
      - name: gateway
        {{- dict "main" . "k10_service" "gateway" | include "serviceImage" | indent 8 }}
        {{- if .Values.secrets.tlsSecret }}
        volumeMounts:
          - name: tls-volume
            mountPath: "/etc/tls"
            readOnly: true
        {{- end }}
        resources:
          limits:
            cpu: {{ .Values.gateway.resources.limits.cpu | quote }}
            memory: {{ .Values.gateway.resources.limits.memory | quote }}
          requests:
            cpu: {{ .Values.gateway.resources.requests.cpu | quote }}
            memory: {{ .Values.gateway.resources.requests.memory | quote }}
        env:
          - name: LOG_LEVEL
            valueFrom:
              configMapKeyRef:
                name: k10-config
                key: loglevel
          - name: VERSION
            valueFrom:
              configMapKeyRef:
                name: k10-config
                key: version
{{- if .Values.fips.enabled }}
          {{- include "k10.enforceFIPSEnvironmentVariables" . | indent 10 }}
{{- end }}
          {{- with $capabilities := include "k10.capabilities" . }}
          - name: K10_CAPABILITIES
            value: {{ $capabilities | quote }}
          {{- end }}
          {{- with $capabilities_mask := include "k10.capabilities_mask" . }}
          - name: K10_CAPABILITIES_MASK
            value: {{ $capabilities_mask | quote }}
          {{- end }}
          {{- if eq (include "check.dexAuth" .) "true" }}
          - name: {{ include "k10.gatewayEnableDex" . }}
            value: "true"
          {{- end }}
        envFrom:
        - configMapRef:
            name: k10-gateway
        livenessProbe:
          httpGet:
            path: /healthz
            port: {{ $container_port }}
            scheme: HTTP{{ if .Values.secrets.tlsSecret }}S{{ end }}
          initialDelaySeconds: 5
        readinessProbe:
          httpGet:
            path: /healthz
            port: {{ $container_port }}
            scheme: HTTP{{ if .Values.secrets.tlsSecret }}S{{ end }}
      restartPolicy: Always
      {{- if .Values.secrets.tlsSecret }}
      volumes:
        - name: tls-volume
          secret:
            secretName: {{ .Values.secrets.tlsSecret }}
      {{- end }}