apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "opensearch-dashboards.fullname" . }}
  labels: {{- include "opensearch-dashboards.labels" . | nindent 4 }}
  {{- with .Values.dashboardAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
  selector:
    matchLabels:
      app: {{ .Chart.Name }}
      release: {{ .Release.Name | quote }}
  template:
    metadata:
      labels:
        app: {{ .Chart.Name }}
        release: {{ .Release.Name | quote }}
        {{- range $key, $value := .Values.labels }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
      annotations:
        {{- range $key, $value := .Values.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- /* This forces a restart if the configmap has changed */}}
        {{- if .Values.config }}
        configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
        {{- end }}
    spec:
{{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
      securityContext:
{{ toYaml .Values.podSecurityContext | indent 8 }}
      serviceAccountName: {{ template "opensearch-dashboards.serviceAccountName" . }}
      {{- if .Values.hostAliases }}
      hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }}
      {{- end }}
      volumes:
        {{- range .Values.secretMounts }}
        - name: {{ .name }}
          secret:
            secretName: {{ .secretName }}
        {{- end }}
        {{- if .Values.config }}
        - name: config
          configMap:
            name: {{ template "opensearch-dashboards.fullname" . }}-config
            {{- if .Values.opensearchDashboardsYml.defaultMode }}
            defaultMode: {{ .Values.opensearchDashboardsYml.defaultMode }}
            {{- end }}
        {{- end }}
        {{- if .Values.extraVolumes }}
        # Currently some extra blocks accept strings
        # to continue with backwards compatibility this is being kept
        # whilst also allowing for yaml to be specified too.
        {{- if eq "string" (printf "%T" .Values.extraVolumes) }}
{{ tpl .Values.extraVolumes . | indent 8 }}
        {{- else }}
{{ toYaml .Values.extraVolumes | indent 8 }}
        {{- end }}
        {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
    {{- end }}
      {{- if .Values.extraInitContainers }}
      # Currently some extra blocks accept strings
      # to continue with backwards compatibility this is being kept
      # whilst also allowing for yaml to be specified too.
      initContainers:
      {{- if eq "string" (printf "%T" .Values.extraInitContainers) }}
{{ tpl .Values.extraInitContainers . | indent 6 }}
      {{- else }}
{{ toYaml .Values.extraInitContainers | indent 6 }}
      {{- end }}
      {{- end }}
      containers:
      - name: dashboards
        securityContext:
{{ toYaml .Values.securityContext | indent 10 }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
        {{- if .Values.readinessProbe }}
        readinessProbe:
{{ toYaml .Values.readinessProbe | indent 10 }}
        {{- end }}
        {{- if .Values.livenessProbe }}
        livenessProbe:
{{ toYaml .Values.livenessProbe | indent 10 }}
        {{- end }}
        {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.Version }}
        {{- if .Values.readinessProbe }}
        startupProbe:
{{ toYaml .Values.startupProbe | indent 10 }}
        {{- end }}
        {{- end }}
        env:
        {{- if .Values.opensearchURL }}
        - name: OPENSEARCH_URL
          value: "{{ .Values.opensearchURL }}"
        {{- else if .Values.opensearchHosts }}
        - name: OPENSEARCH_HOSTS
          value: "{{ .Values.opensearchHosts }}"
        {{- end }}
        - name: SERVER_HOST
          value: "{{ .Values.serverHost }}"
        {{- if .Values.opensearchAccount.secret }}
        - name: OPENSEARCH_USERNAME
          valueFrom:
            secretKeyRef:
              name: {{ .Values.opensearchAccount.secret }}
              key: username
        - name: OPENSEARCH_PASSWORD
          valueFrom:
            secretKeyRef:
              name: {{ .Values.opensearchAccount.secret }}
              key: password
        {{- if and .Values.opensearchAccount.keyPassphrase.enabled }}
        - name: KEY_PASSPHRASE
          valueFrom:
            secretKeyRef:
              name: {{ .Values.opensearchAccount.secret }}
              key: keypassphrase
            # 32-character random string to be used as cookie password by security plugin
        {{- end }}
        - name: COOKIE_PASS
          valueFrom:
            secretKeyRef:
              name: {{ .Values.opensearchAccount.secret }}
              key: cookie
            {{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | indent 8 }}
{{- end }}
{{- if .Values.envFrom }}
        envFrom:
{{ toYaml .Values.envFrom | indent 10 }}
{{- end }}
        ports:
        - containerPort: {{ .Values.service.port }}
          name: {{ .Values.service.httpPortName | default "http" }}
          protocol: TCP
{{- if .Values.plugins.enabled }}
        command:
          - sh
          - -c
          - |
            #!/usr/bin/bash
            set -e
            {{- range $plugin := .Values.plugins.installList }}
            ./bin/opensearch-dashboards-plugin install {{ $plugin }}
            {{- end }}
            bash opensearch-dashboards-docker-entrypoint.sh opensearch-dashboards
{{- end }}
{{- if .Values.lifecycle }}
        lifecycle:
{{ toYaml .Values.lifecycle | indent 10 }}
{{- end }}
        resources:
{{ toYaml .Values.resources | indent 10 }}
        volumeMounts:
          {{- range .Values.secretMounts }}
          - name: {{ .name }}
            mountPath: {{ .path }}
            {{- if .subPath }}
            subPath: {{ .subPath }}
            {{- end }}
          {{- end }}
          {{- range $path, $config := .Values.config }}
          - name: config
            mountPath: /usr/share/opensearch-dashboards/config/{{ $path }}
            subPath: {{ $path }}
          {{- end }}
          {{- if .Values.extraVolumeMounts }}
          # Currently some extra blocks accept strings
          # to continue with backwards compatibility this is being kept
          # whilst also allowing for yaml to be specified too.
          {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }}
{{ tpl .Values.extraVolumeMounts . | indent 10 }}
         {{- else }}
{{ toYaml .Values.extraVolumeMounts | indent 10 }}
          {{- end }}
          {{- end }}
      {{- if .Values.extraContainers }}
      # Currently some extra blocks accept strings
      # to continue with backwards compatibility this is being kept
      # whilst also allowing for yaml to be specified too.
      {{- if eq "string" (printf "%T" .Values.extraContainers) }}
{{ tpl .Values.extraContainers . | indent 6 }}
      {{- else }}
{{ toYaml .Values.extraContainers | indent 6 }}
      {{- end }}
      {{- end }}