apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "appmesh-inject.fullname" . }}
  labels:
{{ include "appmesh-inject.labels" . | indent 4 }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "appmesh-inject.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "appmesh-inject.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/part-of: appmesh
      annotations:
        prometheus.io/scrape: "false"
        {{- with .Values.podAnnotations }}
{{ toYaml . | indent 8 }}
        {{- end }}
    spec:
      serviceAccountName: {{ template "appmesh-inject.serviceAccountName" . }}
      volumes:
        - name: certs
          secret:
            secretName: {{ template "appmesh-inject.fullname" . }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          volumeMounts:
            - name: certs
              mountPath: /etc/webhook/certs
              readOnly: true
          env:
            - name: APPMESH_NAME
              value: {{ .Values.mesh.name }}
            - name: APPMESH_LOG_LEVEL
              value: {{ .Values.sidecar.logLevel }}
          command:
            - ./appmeshinject
            - -sidecar-image={{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}
            - -sidecar-cpu-requests={{ .Values.sidecar.resources.requests.cpu }}
            - -sidecar-memory-requests={{ .Values.sidecar.resources.requests.memory }}
            - -init-image={{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}
            - -enable-stats-tags={{ .Values.stats.tagsEnabled }}
            - -enable-statsd={{ .Values.stats.statsdEnabled }}
            {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }}
            - -inject-xray-sidecar=true
            {{- end }}
            {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }}
            - -enable-jaeger-tracing=true
            - -jaeger-address={{ .Values.tracing.address }}
            - -jaeger-port={{ .Values.tracing.port }}
            {{- end }}
            {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "datadog" ) }}
            - -enable-datadog-tracing=true
            - -datadog-address={{ .Values.tracing.address }}
            - -datadog-port={{ .Values.tracing.port }}
            {{- end }}
            {{- if .Values.region }}
            - -region={{ .Values.region }}
            {{- end }}
          ports:
            - name: https
              containerPort: 8080
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /healthz
              port: https
              scheme: HTTPS
          livenessProbe:
            httpGet:
              path: /healthz
              port: https
              scheme: HTTPS
          securityContext:
            readOnlyRootFilesystem: true
          resources:
{{ toYaml .Values.resources | indent 12 }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}