apiVersion: apps/v1
kind: Deployment
metadata:
  name:  {{ template "openldap.fullname" . }}
  labels:
    app: {{ template "openldap.name" . }}
    chart: {{ template "openldap.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
{{- if .Values.extraLabels }}
{{ toYaml .Values.extraLabels | indent 4 }}
{{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
{{- if .Values.strategy }}
  strategy:
{{ toYaml .Values.strategy | indent 4 }}
{{- end }}
  selector:
    matchLabels:
      app: {{ template "openldap.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      annotations:
        checksum/configmap-env: {{ include (print $.Template.BasePath "/configmap-env.yaml") . | sha256sum }}
{{- if .Values.customLdifFiles}}
        checksum/configmap-customldif: {{ include (print $.Template.BasePath "/configmap-customldif.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations}}
{{ toYaml .Values.podAnnotations | indent 8}}
{{- end }}
      labels:
        app: {{ template "openldap.name" . }}
        release: {{ .Release.Name }}
    spec:
      {{- if or .Values.customLdifFiles .Values.tls.enabled }}
      initContainers:
      {{- end }}
      {{- if .Values.customLdifFiles }}
      - name: {{ .Chart.Name }}-init-ldif
        image: busybox
        command: ['sh', '-c', 'cp /customldif/* /ldifworkingdir']
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        volumeMounts:
        - name: customldif
          mountPath: /customldif
        - name: ldifworkingdir
          mountPath: /ldifworkingdir
        resources:
{{ toYaml .Values.initResources | indent 10 }}
      {{- end }}
      {{- if .Values.tls.enabled }}
      - name: {{ .Chart.Name }}-init-tls
        image: busybox
        command: ['sh', '-c', 'cp /tls/* /certs']
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        volumeMounts:
          - name: tls
            mountPath: /tls
          - name: certs
            mountPath: /certs
        resources:
{{ toYaml .Values.initResources | indent 10 }}
      {{- if .Values.tls.CA.enabled }}
      - name: {{ .Chart.Name }}-init-catls
        image: busybox
        command: ['sh', '-c', 'cp /catls/ca.crt /certs']
        volumeMounts:
          - name: catls
            mountPath: /catls
          - name: certs
            mountPath: /certs
        resources:
{{ toYaml .Values.initResources | indent 10 }}
      {{- end }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
            - -l
            - {{ .Values.logLevel }}
{{- if .Values.customLdifFiles }}
            - --copy-service
{{- end }}
          ports:
            - name: ldap-port
              containerPort: 389
            - name: ssl-ldap-port
              containerPort: 636
          envFrom:
            - configMapRef:
                name: {{ template "openldap.fullname" . }}-env
            - secretRef:
                name: {{ template "openldap.secretName" . }}
          volumeMounts:
            - name: data
              mountPath: /var/lib/ldap
              subPath: data
            - name: data
              mountPath: /etc/ldap/slapd.d
              subPath: config-data
            {{- if .Values.customLdifFiles }}
            - name: ldifworkingdir
              mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom
            {{- end }}
            {{- if .Values.tls.enabled }}
            - name: certs
              mountPath: /container/service/slapd/assets/certs
            {{- end }}
          env:
          {{- if .Values.tls.enabled }}
            - name: LDAP_TLS_CRT_FILENAME
              value: tls.crt
            - name: LDAP_TLS_KEY_FILENAME
              value: tls.key
          {{- if .Values.tls.CA.enabled }}
            - name: LDAP_TLS_CA_CRT_FILENAME
              value: ca.crt
          {{- end }}
          {{- end }}
          livenessProbe:
            tcpSocket:
              port: ldap-port
            initialDelaySeconds: 20
            periodSeconds: 10
            failureThreshold: 10
          readinessProbe:
            tcpSocket:
              port: ldap-port
            initialDelaySeconds: 20
            periodSeconds: 10
            failureThreshold: 10
          resources:
{{ toYaml .Values.resources | indent 12 }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
      volumes:
        {{- if .Values.customLdifFiles }}
        - name: customldif
          configMap:
            name: {{ template "openldap.fullname" . }}-customldif
        - name: ldifworkingdir
          emptyDir: {}
        {{- end }}
        {{- if .Values.tls.enabled }}
        - name: tls
          secret:
            secretName: {{ .Values.tls.secret }}
        {{- if .Values.tls.CA.enabled }}
        - name: catls
          secret:
            secretName: {{ .Values.tls.CA.secret }}
        {{- end }}
        {{- end }}
        - name: certs
          emptyDir:
            medium: Memory
        - name: data
        {{- if .Values.persistence.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.existingClaim | default (include "openldap.fullname" .) }}
        {{- else }}
          emptyDir: {}
        {{- end -}}