{{/*
Deployment for the gitops-status-server
Runs nginx-unprivileged to serve the status.json file
*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "gitops-status-server.fullname" . }}
  labels:
    {{- include "gitops-status-server.labels" . | nindent 4 }}
  {{- with .Values.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "gitops-status-server.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        # Automatically roll deployment when ConfigMap changes
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- include "gitops-status-server.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "gitops-status-server.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      
      # Init container to set up initial status.json from ConfigMap
      initContainers:
      - name: init-status
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        command:
        - sh
        - -c
        - |
          if [ ! -f /usr/share/nginx/html/status.json ]; then
            cat > /usr/share/nginx/html/status.json <<'EOF'
          {{- .Values.statusJson | toJson | nindent 10 }}
          EOF
          fi
        volumeMounts:
        - name: shared-data
          mountPath: /usr/share/nginx/html
      
      containers:
      - name: api
        image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}"
        imagePullPolicy: {{ .Values.api.image.pullPolicy }}
        command:
        - sh
        - -c
        - |
          pip install --no-cache-dir Flask==2.3.2 2>&1 | grep -v "already satisfied" || true
          exec python3 /app/app.py
        ports:
        - name: api
          containerPort: 5000
          protocol: TCP
        env:
        - name: API_HOST
          value: "127.0.0.1"
        - name: API_PORT
          value: "5000"
        - name: FLASK_ENV
          value: "production"
        livenessProbe:
          httpGet:
            path: /health
            port: api
          initialDelaySeconds: 15
          periodSeconds: 10
          timeoutSeconds: 3
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /ready
            port: api
          initialDelaySeconds: 15
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 2
        resources:
          limits:
            cpu: 100m
            memory: 128Mi
          requests:
            cpu: 50m
            memory: 64Mi
        volumeMounts:
        - name: shared-data
          mountPath: /usr/share/nginx/html
        - name: api-code
          mountPath: /app
          readOnly: true
      
      - name: nginx
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
          {{- toYaml .Values.securityContext | nindent 10 }}
        ports:
        - name: http
          containerPort: {{ .Values.service.targetPort }}
          protocol: TCP
        # Health checks
        livenessProbe:
          httpGet:
            path: /status.json
            port: http
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 3
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /status.json
            port: http
          initialDelaySeconds: 2
          periodSeconds: 5
          timeoutSeconds: 2
          failureThreshold: 2
        resources:
          {{- toYaml .Values.resources | nindent 10 }}
        volumeMounts:
        # Mount the nginx config
        - name: nginx-config
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
          readOnly: true
        # Mount the shared data directory (status.json is writable here)
        - name: shared-data
          mountPath: /usr/share/nginx/html
        # nginx-unprivileged needs writable directories for cache and run
        - name: cache
          mountPath: /var/cache/nginx
        - name: run
          mountPath: /var/run
        # nginx needs writable /tmp for proxy buffers
        - name: tmp
          mountPath: /tmp
      volumes:
      # ConfigMap volume containing the nginx configuration
      - name: nginx-config
        configMap:
          name: {{ include "gitops-status-server.fullname" . }}-nginx-config
          items:
          - key: nginx.conf
            path: nginx.conf
      # ConfigMap volume containing the API application code
      - name: api-code
        configMap:
          name: {{ include "gitops-status-server.fullname" . }}-api
          defaultMode: 0755
          items:
          - key: app.py
            path: app.py
      # Shared data volume for status.json (writable emptyDir)
      - name: shared-data
        emptyDir:
          sizeLimit: 1Mi
      # Empty directories for nginx runtime
      - name: cache
        emptyDir: {}
      - name: run
        emptyDir: {}
      - name: tmp
        emptyDir: {}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}