# Copyright © 2018 Orange
# Modifications Copyright © 2018  Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ include "common.release" . }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ include "common.name" . }}
        release: {{ include "common.release" . }}
      name: {{ include "common.fullname" . }}
    spec:
{{- if .Values.global.aafEnabled }}
      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- end }}
      containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          ports:
            - containerPort: {{ .Values.service.internalPort }}
          # disable liveness probe when breakpoints set in debugger
          # so K8s doesn't restart unresponsive container
          {{- if .Values.global.aafEnabled }}
          command:
          - bash
          args:
          - -c
          - |
            export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
            export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
              -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
              -Dserver.ssl.key-store-type=PKCS12 \
              -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
              -Dserver.ssl.key-store-password=$cadi_keystore_password_p12  \
              -Djavax.net.ssl.trustStoreType=jks\
              -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
            exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
          {{- end }}
          {{ if .Values.liveness.enabled }}
          livenessProbe:
            httpGet:
              port: {{ .Values.liveness.port }}
              path: {{ .Values.liveness.path }}
              scheme: HTTPS
            initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.liveness.periodSeconds }}
          {{ end }}
          readinessProbe:
            httpGet:
              port: {{ .Values.readiness.port }}
              path: {{ .Values.readiness.path }}
              scheme: HTTPS
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          env:
            - name: SPRING_DATASOURCE_URL
              value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
            - name: SPRING_DATASOURCE_USERNAME
              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
            - name: SPRING_DATASOURCE_PASSWORD
              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
            - name: SPRING_DATA_MONGODB_HOST
              value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
            - name: SPRING_DATA_MONGODB_PORT
              value: "{{ .Values.mongo.service.internalPort }}"
            - name: SPRING_DATA_MONGODB_DATABASE
              value: {{ .Values.mongo.config.dbName }}
            - name: ONAP_LCPCLOUDREGIONID
              value: {{ .Values.config.openStackRegion }}
            - name: ONAP_TENANTID
              value: {{ .Values.config.openStackVNFTenantId | quote }}
            - name: ONAP_CLOUDOWNER
              value: {{ .Values.config.cloudOwner }}
            - name: NBI_URL
              value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
            - name: SDC_HOST
              value: "https://sdc-be.{{ include "common.namespace" . }}:8443"
            - name: SDC_HEADER_ECOMPINSTANCEID
              value: {{ .Values.config.ecompInstanceId }}
            - name: SDC_HEADER_AUTHORIZATION
              value: {{ .Values.sdc_authorization }}
            - name: AAI_HOST
              value: "https://aai.{{ include "common.namespace" . }}:8443"
            - name: AAI_HEADER_AUTHORIZATION
              value: {{ .Values.aai_authorization }}
            - name: SO_HOST
              value: http://so.{{ include "common.namespace" . }}:8080
            {{- if .Values.so_authorization }}
            - name: SO_HEADER_AUTHORIZATION
              value: {{ .Values.so_authorization }}
            {{- end }}
            - name: DMAAP_HOST
              value: "https://message-router.{{ include "common.namespace" . }}:3905"
            - name: LOGGING_LEVEL_ORG_ONAP_NBI
              value: {{ .Values.config.loglevel }}
            - name: MSB_ENABLED
              value: "true"
            - name: MSB_DISCOVERY_HOST
              value: "msb-discovery.{{ include "common.namespace" . }}"
            - name: MSB_DISCOVERY_PORT
              value: "10081"
          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
          resources:
{{ include "common.resources" . | indent 12 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
        {{- if .Values.affinity }}
        affinity:
{{ toYaml .Values.affinity | indent 10 }}
        {{- end }}
      # side car containers
        # - name: filebeat-onap
        #   image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
        #   imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        #   volumeMounts:
        #   - mountPath: /usr/share/filebeat/filebeat.yml
        #     name: filebeat-conf
        #     subPath: filebeat.yml
        #   - mountPath: /home/esr/works/logs
        #     name: esr-server-logs
        #   - mountPath: /usr/share/filebeat/data
        #     name: esr-server-filebeat
      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
        - name: localtime
          hostPath:
            path: /etc/localtime
        # - name: filebeat-conf
        #   configMap:
        #     name: {{ include "common.fullname" . }}-esr-filebeat
        # - name: esr-server-logs
        #   emptyDir: {}
        # - name: esr-server-filebeat
        #   emptyDir: {}
        # - name: esrserver-log
        #   configMap:
        #     name: {{ include "common.fullname" . }}-esr-esrserver-log
      imagePullSecrets:
      - name: "{{ include "common.namespace" . }}-docker-registry-key"