{{/* Externally exposed service for gateway endpoint. */}}
{{- $container_port := .Values.service.internalPort -}}
{{- if .Values.externalGateway.create -}}
{{- include "authEnabled.check" . -}}
apiVersion: v1
kind: Service
metadata:
  namespace: {{ $.Release.Namespace }}
  name: gateway-ext
  labels:
    service: gateway
    {{- if eq "route53-mapper" (default " " .Values.externalGateway.fqdn.type) }}
    dns: route53
    {{- end }}
{{ include "helm.labels" . | indent 4 }}
  annotations:
    {{- if .Values.externalGateway.annotations }}
{{ toYaml .Values.externalGateway.annotations | indent 4 }}
    {{- end }}
{{ include "dnsAnnotations" . | indent 4 }}
    {{- if .Values.externalGateway.awsSSLCertARN }}
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.externalGateway.awsSSLCertARN }}
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    {{- end }}
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: {{ if or .Values.secrets.tlsSecret (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}443{{ else }}80{{ end }}
    targetPort: {{ $container_port }}
  selector:
    service: gateway
{{- end -}}