apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "pypiserver.fullname" . }}
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    app.kubernetes.io/name: {{ template "pypiserver.name" . }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
        app.kubernetes.io/name: {{ template "pypiserver.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ template "pypiserver.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        {{- if .Values.podLabels }}
        {{- toYaml .Values.podLabels | nindent 8 }}
        {{- end }}
      annotations:
        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
        {{- if .Values.podAnnotations }}
          {{- range $key, $value := .Values.podAnnotations }}
            {{$key|quote}}: {{$value|quote}}
          {{- end }}
        {{- end }}
    spec:
      {{- with .Values.image.pullSecrets }}
      imagePullSecrets:
      {{- range . }}
        - name: {{ . }}
      {{- end }}
      {{- end }}
      {{- if .Values.securityContext.enabled }}
      securityContext:
        runAsUser: {{ .Values.securityContext.runAsUser }}
        runAsGroup: {{ .Values.securityContext.runAsGroup }}
        fsGroup: {{ .Values.securityContext.fsGroup }}
      {{- end }}
      containers:
        - name: {{ template "pypiserver.name" . }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: ["pypi-server"]
          args:
            - --passwords={{ if .Values.auth.actions }}/config/.htpasswd{{ else }}.{{ end }}
            - --authenticate={{ .Values.auth.actions | default "." }}
            - --port=8080
            {{- range .Values.pypiserver.extraArgs }}
            - {{ . }}
            {{- end }}
            - /data/packages
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          volumeMounts:
            - mountPath: /data/packages
              name: packages
              mountPropagation: {{ .Values.persistence.mountPropagation }}
            - mountPath: /config
              name: secrets
              readOnly: true
          livenessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 30
            timeoutSeconds: 5
            failureThreshold: 6
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 5
            timeoutSeconds: 3
            periodSeconds: 5
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
        - name: secrets
          secret:
            secretName: {{ template "pypiserver.fullname" . }}
        - name: packages
        {{- if .Values.persistence.enabled }}
          persistentVolumeClaim:
            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "pypiserver.fullname" . }}{{- end }}
        {{- else }}
          emptyDir: {}
        {{ end }}

    {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}