{{- if (and .Values.apiGateway.enabled .Values.apiGateway.managedGatewayClass.enabled) }}
apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
  name: consul-api-gateway
  labels:
    app: {{ template "consul.name" . }}
    chart: {{ template "consul.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    component: api-gateway
spec:
  consul:
    {{- if .Values.client.enabled }}
    {{/*
      We use client agent nodes if we have them to support backwards compatibility in <=0.4 releases which
      require connectivity between the registered Consul agent node and a deployment for health checking
      (originating from the Consul node). Always leveraging the agents in the case that they're explicitly
      opted into allows us to support users with agent node + "externalServers" configuration upgrading a
      helm chart without upgrading api gateways. Otherwise, using "externalServers" when provided
      without local agents will break gateways <=0.4.
    */}}
    address: $(HOST_IP)
    {{- else if .Values.externalServers.enabled }} 
    {{/*
      "externalServers" specified and running in "agentless" mode, this will only work 0.5+
    */}}
    address: {{ first .Values.externalServers.hosts }}
    {{- else }}
    {{/*
      We have local network connectivity between deployments and the internal cluster, this
      should be supported in all versions of api-gateway
    */}}
    address: {{ template "consul.fullname" . }}-server.{{ .Release.Namespace }}.svc
    {{- end }}
    authentication:
      {{- if .Values.global.acls.manageSystemACLs }}
      managed: true
      method: {{ template "consul.fullname" . }}-k8s-auth-method
      {{- if .Values.global.enablePodSecurityPolicies }}
      podSecurityPolicy: {{ template "consul.fullname" . }}-api-gateway
      {{- end }}
      {{- end }}
    {{- if .Values.global.tls.enabled }}
    scheme: https
    {{- else }}
    scheme: http
    {{- end }}
    ports:
      {{- if .Values.externalServers.enabled }}
      grpc: {{ .Values.externalServers.grpcPort }} 
      http: {{ .Values.externalServers.httpsPort }}
      {{- else }}
      grpc: 8502
      {{- if .Values.global.tls.enabled }}
      http: 8501
      {{- else }}
      http: 8500
      {{- end }}
      {{- end }}
  {{- with .Values.apiGateway.managedGatewayClass.deployment }}
  deployment:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  image:
    consulAPIGateway: {{ .Values.apiGateway.image }}
    envoy: {{ .Values.apiGateway.imageEnvoy }}
  {{- if .Values.apiGateway.managedGatewayClass.nodeSelector }}
  nodeSelector:
    {{ tpl .Values.apiGateway.managedGatewayClass.nodeSelector . | indent 4 | trim }}
  {{- end }}
  {{- if .Values.apiGateway.managedGatewayClass.tolerations }}
  tolerations:
    {{ tpl .Values.apiGateway.managedGatewayClass.tolerations . | indent 4 | trim }}
  {{- end }}
  {{- if .Values.apiGateway.managedGatewayClass.copyAnnotations.service }}
  copyAnnotations:
    service: 
      {{ tpl .Values.apiGateway.managedGatewayClass.copyAnnotations.service.annotations . | nindent 6 | trim }}
  {{- end }}
  serviceType: {{ .Values.apiGateway.managedGatewayClass.serviceType }}
  useHostPorts: {{ .Values.apiGateway.managedGatewayClass.useHostPorts }}
  logLevel: {{ default .Values.global.logLevel .Values.apiGateway.managedGatewayClass.logLevel }}
{{- end }}