apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "mailproxy.fullname" . }}-nginx
  labels:
    {{- include "mailproxy.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.nginx.replicaCount }}
  selector:
    matchLabels:
      {{- include "mailproxy.nginx.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "mailproxy.nginx.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
          ports:
          {{- range $i, $port := .Values.nginx.service.ports }}
            - name: {{ $port.name }}
              containerPort: {{ $port.number }}
              protocol: {{ $port.protocol }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            tcpSocket:
              port: {{ (index .Values.nginx.service.ports 0).number }}
            initialDelaySeconds: 10
            periodSeconds: 15
          volumeMounts:
            - mountPath: /etc/nginx/nginx.conf
              subPath: nginx-conf
              name: nginx-conf
            - mountPath: /etc/nginx/conf.d/phpfpm.conf
              subPath: phpfpm-conf
              name: nginx-conf
            - mountPath: /etc/nginx/mailhosts
              name: mailhosts-conf
              readOnly: true
            - mountPath: /etc/nginx/ssl
              name: mailproxy-tls
              readOnly: true
          resources:
            {{- toYaml .Values.nginx.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app.kubernetes.io/name
                      operator: In
                      values:
                        - {{ include "mailproxy.name" . }}
                    - key: app.kubernetes.io/instance
                      operator: In
                      values:
                        - {{ .Release.Name }}
                topologyKey: "kubernetes.io/hostname"
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: nginx-conf
          configMap:
            name: {{ include "mailproxy.fullname" . }}-nginx-conf
        - name: mailhosts-conf
          configMap:
            name: {{ include "mailproxy.fullname" . }}-mailhosts-conf
        - name: mailproxy-tls
          secret:
            secretName: {{ include "mailproxy.fullname" . }}-tls