{{- include "nplus.init" $ -}}

{{- range $key, $component := .Values.components }}
  {{- range $port := .ports }}
# {{ $key }}/{{ $port }}
  {{- end }}
{{- end }}

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ .component.fullName }}
  {{- if .this.utils.includeNamespace }}
  namespace: {{ .Release.Namespace }}
  {{- end }}
  labels:
    {{- include "nplus.instanceLabels" . | nindent 4 }}
  annotations:
    {{- include "nplus.argoWave" . | nindent 4 }}
    {{- include "nplus.annotations" . | nindent 4 }}
    {{- include "nplus.securityAnnotations" . | nindent 4 }}
spec:

  serviceName: {{ .component.fullName }}
  selector:
    matchLabels:
      {{- include "nplus.selectorLabels" . | nindent 6 }}
  replicas: {{ .Values.replicaCount }}
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: {{ .Values.updateStrategy | default "OnDelete" }}  
  minReadySeconds: 5

  template:
    metadata:
      labels:
        {{- include "nplus.templateLabels" . | nindent 8 }}
      annotations:
        {{- include "nplus.templateAnnotations" . | nindent 8 }}
        {{- include "nplus.securityAnnotations" . | nindent 8 }}
    spec:
      serviceAccountName: {{ .component.fullName }}-svc-account
      
      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
      {{- include "nplus.podSecurityContext" . | nindent 6 }}
      {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}

      initContainers:
      {{- include "nplus.waitFor" . | nindent 6 }}

      containers:
      - name: rms
        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
        {{- include "nplus.containerSecurityContext" . | nindent 8 }}

        command: ["/opt/ceyoniq/nscale-rms/bin/rms.bin"]

        ports:
        - containerPort: 3120
          name: rms

        {{- include "nplus.resources" . | nindent 8 }}

        volumeMounts:
        {{- include "nplus.defaultMounts" . | nindent 8 }}
        - name: conf
          subPath: {{ .this.instance.name | quote }}
          mountPath: /conf

        {{- if ($.this.ingress).domain }}
        - name: cert
          subPath: tls.crt
          mountPath: "/opt/ceyoniq/nscale-rms/bin/tls.cer"
          readOnly: true
        - name: cert
          subPath: tls.key
          mountPath: "/opt/ceyoniq/nscale-rms/bin/tls.key"
          readOnly: true
        {{- end }}
        - name: repository
          mountPath: /etc/ceyoniq/nscale-rms/repository

      - name: proxy
        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
        {{- include "nplus.containerSecurityContext" . | nindent 8 }}

        command: ["haproxy", "-f", "/etc/haproxy/haproxy.cfg", "-d"]

        ports:
        {{- range $ckey, $component := .Values.comps }}
        {{- if $component.enabled }}
        {{- range $pkey, $port := .ports }}
        - containerPort: {{ $port }}
          name: {{ $ckey }}-{{ $pkey }}
          protocol: TCP
        {{- end }}
        {{- end }}
        {{- end }}

        {{- include "nplus.resources" . | nindent 8 }}

        volumeMounts:
        {{- include "nplus.defaultMounts" . | nindent 8 }}
        - name: haproxy
          subPath: haproxy.cfg
          mountPath: /etc/haproxy/haproxy.cfg

      volumes:
      {{- include "nplus.defaultVolumes" . | nindent 6 }}
      - name: conf
        persistentVolumeClaim:
          claimName: conf
      {{- if ($.this.ingress).domain }}
      - name: cert
        secret:
          secretName: {{ ($.this.ingress).secret }}
      {{- end }}
      - name: repository
        configMap:
          name: {{ .component.fullName }}-repository
          defaultMode: 0777
      - name: haproxy
        configMap:
          name: {{ .component.fullName }}-haproxy
          defaultMode: 0777