apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "emailleg.fullname" . }}-config
  labels:
    {{- include "emailleg.labels" . | nindent 4 }}
spec: 
  template: 
    metadata:
      annotations:
        "helm.sh/hook": post-install,post-upgrade
        "helm.sh/hook-weight": "-1"
        "helm.sh/hook-delete-policy": "hook-succeeded"
      labels:
        {{- include "emailleg.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      restartPolicy: Never
      containers:
        - image: "{{ .Values.config.image.repository }}:{{ .Values.config.image.tag }}"
          name: {{ .Release.Name }}-config
          env:
            - name: DOMAIN
              value: {{ .Values.mail.domain }}
            - name: MANAGER_PW
              value: {{ .Values.mail.managerPW }}
            - name: RATELIMIT_STORAGE_URL
              value: "redis://{{ .Release.Name }}-mail"
          volumeMounts:
            - mountPath: /data
              subPath: data
              name: mailvol
            - mountPath: /certs
              subPath: certs
              name: mailvol
      volumes:
        - name: mailvol
          persistentVolumeClaim:
            claimName: {{ include "emailleg.fullname" . }}-mailvol
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - {{ include "emailleg.name" . }}
                - key: app.kubernetes.io/instance
                  operator: In
                  values:
                  - {{ .Release.Name }}
              topologyKey: kubernetes.io/hostname