{{- include "hydra.automigration.typeVerification" . -}}
{{- $migrationExtraEnv := ternary .Values.deployment.automigration.extraEnv .Values.deployment.extraEnv (not (empty .Values.deployment.automigration.extraEnv )) -}}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "hydra.fullname" . }}
  {{- if .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
  {{- end }}
  labels:
    {{- include "hydra.labels" . | nindent 4 }}
    {{- with .Values.deployment.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    {{- with .Values.deployment.annotations }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
spec:
{{- if not .Values.deployment.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
{{- end }}
  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
  strategy:
    {{- toYaml .Values.deployment.strategy | nindent 4 }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "hydra.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        {{- include "hydra.labels" . | nindent 8 }}
        {{- with .Values.deployment.labels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $.Values.deployment.podMetadata.labels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      annotations:
        {{- include "hydra.annotations.checksum" . | nindent 8 -}}
        {{- with .Values.deployment.annotations }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with $.Values.deployment.podMetadata.annotations }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
        - name: {{ include "hydra.name" . }}-config-volume
          configMap:
            name: {{ include "hydra.fullname" . }}
        {{- if .Values.deployment.extraVolumes }}
          {{- toYaml .Values.deployment.extraVolumes | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ include "hydra.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.deployment.automountServiceAccountToken }}
      terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command: {{- toYaml .Values.hydra.command | nindent 12 }}
          {{- if .Values.hydra.customArgs }}
          args: {{- toYaml .Values.hydra.customArgs | nindent 12 }}
          {{- else }}
          args:
            - serve
            - all
            {{- if .Values.hydra.dev }}
            - "--dev"
            {{- end }}
            - --config
            - /etc/config/hydra.yaml
          {{- end }}
          volumeMounts:
            - name: {{ include "hydra.name" . }}-config-volume
              mountPath: /etc/config
              readOnly: true
            {{- if .Values.deployment.extraVolumeMounts }}
              {{- toYaml .Values.deployment.extraVolumeMounts | nindent 12 }}
            {{- end }}
          ports:
            - name: http-public
              containerPort: {{ .Values.hydra.config.serve.public.port }}
              protocol: TCP
            - name: http-admin
              containerPort: {{ .Values.hydra.config.serve.admin.port }}
              protocol: TCP
          {{- if .Values.deployment.customLivenessProbe }}
          livenessProbe:
            {{- toYaml .Values.deployment.customLivenessProbe | nindent 12 }}
          {{- end }}
          readinessProbe:
            {{- if .Values.deployment.customReadinessProbe }}
              {{- toYaml .Values.deployment.customReadinessProbe | nindent 12 }}
            {{- else }}
            httpGet:
              path: /health/alive
              port: {{ .Values.hydra.config.serve.admin.port }}
              httpHeaders:
                - name: Host
                  value: '127.0.0.1'
            {{- toYaml .Values.deployment.readinessProbe | nindent 12 }}
            {{- end }}
          startupProbe:
            {{- if .Values.deployment.customStartupProbe }} 
              {{- toYaml .Values.deployment.customStartupProbe | nindent 12 }}
            {{- else }}
            httpGet:
              path: /health/ready
              port: {{ .Values.hydra.config.serve.admin.port }}
              httpHeaders:
                - name: Host
                  value: '127.0.0.1'
            {{- toYaml .Values.deployment.startupProbe | nindent 12 }}
            {{- end }}
          env:
            {{- $issuer := include "hydra.config.urls.issuer" . -}}
            {{- if $issuer }}
            - name: URLS_SELF_ISSUER
              value: {{ $issuer | quote }}
            {{- end }}
            {{- if not (empty ( include "hydra.dsn" . )) }}
              {{- if not (include "ory.extraEnvContainsEnvName" (list .Values.deployment.extraEnv "DSN")) }}
            - name: DSN
              valueFrom:
                secretKeyRef:
                  name: {{ include "hydra.secretname" . }}
                  key: dsn
              {{- end }}
            {{- end }}
            - name: SECRETS_SYSTEM
              valueFrom:
                secretKeyRef:
                  name: {{ include "hydra.secretname" . }}
                  key: secretsSystem
            - name: SECRETS_COOKIE
              valueFrom:
                secretKeyRef:
                  name: {{ include "hydra.secretname" . }}
                  key: secretsCookie
            {{- if .Values.deployment.extraEnv }}
              {{- tpl (toYaml .Values.deployment.extraEnv) . | nindent 12 }}
            {{- end }}
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}
          {{- if .Values.deployment.securityContext }}
          securityContext:
            {{- toYaml .Values.deployment.securityContext | nindent 12 }}
          {{- end }}
          lifecycle:
            {{- toYaml .Values.deployment.lifecycle | nindent 12 }}
        {{- if .Values.deployment.extraContainers }}
          {{- tpl .Values.deployment.extraContainers . | nindent 8 }}
        {{- end }}
      initContainers:
      {{- if .Values.deployment.extraInitContainers }}
        {{- tpl .Values.deployment.extraInitContainers . | nindent 8 }}
      {{- end }}
      {{- if and ( .Values.hydra.automigration.enabled ) ( eq .Values.hydra.automigration.type "initContainer" ) }}
        - name: {{ .Chart.Name }}-automigrate
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- if .Values.hydra.automigration.customCommand }}
          command: {{- toYaml .Values.hydra.automigration.customCommand | nindent 12 }}
          {{- else }}
          command: ["hydra"]
          {{- end }}
          {{- if .Values.hydra.automigration.customArgs }}
          args: {{- toYaml .Values.hydra.automigration.customArgs | nindent 12 }}
          {{- else }}
          args: ["migrate", "sql", "-e", "--yes", "--config", "/etc/config/hydra.yaml"]
          {{- end }}
          volumeMounts:
            - name: {{ include "hydra.name" . }}-config-volume
              mountPath: /etc/config
              readOnly: true
          {{- with .Values.deployment.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          env:
            {{- if not (empty ( include "hydra.dsn" . )) }}
              {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}
            - name: DSN
              valueFrom:
                secretKeyRef:
                  name: {{ include "hydra.secretname" . }}
                  key: dsn
              {{- end }}
            {{- end }}
            {{- if $migrationExtraEnv }}
              {{- tpl (toYaml $migrationExtraEnv) . | nindent 12 }}
            {{- end }}
          {{- if .Values.hydra.automigration.resources }}
          resources:
            {{- toYaml .Values.hydra.automigration.resources | nindent 12 }}
          {{- end }}
          {{- with .Values.deployment.initContainerSecurityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      {{- with .Values.deployment.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.deployment.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}