apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}-gerrit-replica-deployment
  labels:
    app: gerrit-replica
    chart: {{ template "gerrit-replica.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
spec:
  replicas: {{ .Values.gerritReplica.replicas | default 1 }}
  strategy:
    rollingUpdate:
      maxSurge: {{ .Values.gerritReplica.maxSurge }}
      maxUnavailable: {{ .Values.gerritReplica.maxUnavailable }}
  selector:
    matchLabels:
      app: gerrit-replica
  template:
    metadata:
      labels:
        app: gerrit-replica
        chart: {{ template "gerrit-replica.chart" . }}
        heritage: {{ .Release.Service }}
        release: {{ .Release.Name }}
      annotations:
        chartRevision: "{{ .Release.Revision }}"
    spec:
      securityContext:
        fsGroup: 100
      {{ if .Values.images.registry.ImagePullSecret.name -}}
      imagePullSecrets:
      - name: {{ .Values.images.registry.ImagePullSecret.name }}
      {{- end }}
      initContainers:
      {{- if .Values.nfsWorkaround.enabled }}
      - name: nfs-init
        image: busybox
        command:
        - sh
        - -c
        args:
        - |
          chown -R 1000:100 /var/mnt/logs
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        volumeMounts:
        - name: logs
          subPathExpr: "gerrit-replica/$(POD_NAME)"
          mountPath: "/var/mnt/logs"
        - name: nfs-config
          mountPath: "/etc/idmapd.conf"
          subPath: idmapd.conf
      {{- end }}
      - name: site-cleanup
        image: busybox
        securityContext:
          runAsUser: 1000
          runAsGroup: 100
        command:
        - sh
        - -c
        args:
        - |
          # Remove directories that should be mounted rather than exist with the
          # rest of the site
          [ ! -L /var/gerrit/git ] && rm -rf /var/gerrit/git
          [ ! -L /var/gerrit/logs ] && rm -rf /var/gerrit/logs
          rm -f /var/gerrit/logs/gerrit.pid
        volumeMounts:
        - name: gerrit-site
          mountPath: "/var/gerrit"
      # Initialize the volume containing the whole Gerrit-site with defaults
      # Not needed, when running in test mode, since then the configured site will
      # be initialized
      - name: populate-gerrit-site-volume
        image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
        imagePullPolicy: {{ .Values.images.imagePullPolicy }}
        command:
        - /bin/ash
        - -ce
        args:
        - |
          /var/tools/gerrit_init.py \
            -c /var/config/gerrit-init.yaml \
            -s /var/gerrit

          # The git repositories and logs will be mounted from a volume
          [ -L /var/gerrit/git ] || rm -rf /var/gerrit/git
          [ -L /var/gerrit/logs ] || rm -rf /var/gerrit/logs
          {{ if .Values.gerritReplica.service.ssh.enabled -}}
          rm -f /var/gerrit/etc/ssh_host*key*
          {{- end }}
        volumeMounts:
        - name: gerrit-site
          mountPath: "/var/gerrit"
        - name: gerrit-init-config
          mountPath: "/var/config/gerrit-init.yaml"
          subPath: gerrit-init.yaml
      # If configured, run initialization taking the given Gerrit configuration
      # and persisted volumes into account.
      - name: gerrit-init
        image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritInit }}:{{ .Values.images.version }}
        imagePullPolicy: {{ .Values.images.imagePullPolicy }}
        command:
        - /bin/ash
        - -ce
        args:
        - |
          symlink_config_to_site(){
            for file in /var/mnt/etc/config/* /var/mnt/etc/secret/*; do
              ln -sf $file /var/gerrit/etc/$(basename $file)
            done
          }

          mkdir -p /var/gerrit/etc
          symlink_config_to_site

          if [ ! -d /var/gerrit/git ]; then
            ln -sf /var/mnt/git /var/gerrit/
          fi

          if [ ! -d /var/gerrit/logs ]; then
            ln -sf /var/mnt/logs /var/gerrit/
          fi

          /var/tools/validate_notedb.py -s /var/gerrit
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        volumeMounts:
        - name: gerrit-site
          mountPath: "/var/gerrit"
        - name: git-repositories
          mountPath: "/var/mnt/git"
        - name: logs
          subPathExpr: "gerrit-replica/$(POD_NAME)"
          mountPath: "/var/mnt/logs"
        {{- if .Values.nfsWorkaround.enabled }}
        - name: nfs-config
          mountPath: "/etc/idmapd.conf"
          subPath: idmapd.conf
        {{- end }}
        - name: gerrit-init-config
          mountPath: "/var/config/gerrit-init.yaml"
          subPath: gerrit-init.yaml
        {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
        - name: gerrit-plugin-cache
          mountPath: "/var/mnt/plugins"
        {{- end }}
        - name: gerrit-config
          mountPath: "/var/mnt/etc/config"
        - name: gerrit-replica-secure-config
          mountPath: "/var/mnt/etc/secret"
      containers:
      - name: gerrit-replica
        image: {{ template "registry" . }}{{ .Values.gerritReplica.images.gerritReplica }}:{{ .Values.images.version }}
        imagePullPolicy: {{ .Values.images.imagePullPolicy }}
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        ports:
        - name: http
          containerPort: 8080
        {{ if .Values.gerritReplica.service.ssh -}}
        - name: ssh
          containerPort: 29418
        {{- end }}
        volumeMounts:
        - name: gerrit-site
          mountPath: "/var/gerrit"
        - name: git-repositories
          mountPath: "/var/mnt/git"
        - name: logs
          subPathExpr: "gerrit-replica/$(POD_NAME)"
          mountPath: "/var/mnt/logs"
        {{- if .Values.nfsWorkaround.enabled }}
        - name: nfs-config
          mountPath: "/etc/idmapd.conf"
          subPath: idmapd.conf
        {{- end }}
        {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
        - name: gerrit-plugin-cache
          mountPath: "/var/mnt/plugins"
        {{- end }}
        - name: gerrit-config
          mountPath: "/var/mnt/etc/config"
        - name: gerrit-replica-secure-config
          mountPath: "/var/mnt/etc/secret"
        livenessProbe:
          httpGet:
            path: /config/server/healthcheck~status
            port: http
{{ toYaml .Values.gerritReplica.livenessProbe | indent 10 }}
        readinessProbe:
          httpGet:
            path: /config/server/healthcheck~status
            port: http
{{ toYaml .Values.gerritReplica.readinessProbe | indent 10 }}
        resources:
{{ toYaml .Values.gerritReplica.resources | indent 10 }}
      {{ if .Values.promtailSidecar.enabled -}}
      - name: promtail
        image: {{ .Values.promtailSidecar.image }}:v{{ .Values.promtailSidecar.version }}
        imagePullPolicy: {{ .Values.images.imagePullPolicy }}
        command:
        - sh
        - -ec
        args:
        - |-
          /usr/bin/promtail \
            -config.file=/etc/promtail/promtail.yaml \
            -client.url={{ .Values.promtailSidecar.loki.url }}/loki/api/v1/push \
            -client.external-labels=instance=$HOSTNAME
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        resources:
{{ toYaml .Values.promtailSidecar.resources | indent 10 }}
        volumeMounts:
        - name: promtail-config
          mountPath: /etc/promtail/promtail.yaml
          subPath: promtail.yaml
        - name: promtail-secret
          mountPath: /etc/promtail/promtail.secret
          subPath: promtail.secret
        - name: promtail-secret
          mountPath: /etc/promtail/promtail.ca.crt
          subPath: promtail.ca.crt
        - name: logs
          subPathExpr: "gerrit-replica/$(POD_NAME)"
          mountPath: "/var/gerrit/logs"
        {{- if .Values.nfsWorkaround.enabled }}
        - name: nfs-config
          mountPath: "/etc/idmapd.conf"
          subPath: idmapd.conf
        {{- end }}
      {{- end }}
      volumes:
      - name: gerrit-site
        emptyDir: {}
      - name: git-repositories
        persistentVolumeClaim:
          {{- if .Values.gitRepositoryStorage.externalPVC.use }}
          claimName: {{ .Values.gitRepositoryStorage.externalPVC.name }}
          {{- else }}
          claimName: {{ .Release.Name }}-git-repositories-pvc
          {{- end }}
      - name: logs
        {{ if .Values.logStorage.enabled -}}
        persistentVolumeClaim:
          {{- if .Values.logStorage.externalPVC.use }}
          claimName: {{ .Values.logStorage.externalPVC.name }}
          {{- else }}
          claimName: {{ .Release.Name }}-log-pvc
          {{- end }}
        {{ else -}}
        emptyDir: {}
        {{- end }}
      {{- if and .Values.gerritReplica.plugins.cache.enabled .Values.gerritReplica.plugins.downloaded }}
      - name: gerrit-plugin-cache
        persistentVolumeClaim:
          claimName: {{ .Release.Name }}-plugin-cache-pvc
      {{- end }}
      {{- if .Values.nfsWorkaround.enabled }}
      - name: nfs-config
        configMap:
          name: {{ .Release.Name }}-nfs-configmap
      {{- end }}
      - name: gerrit-init-config
        configMap:
          name: {{ .Release.Name }}-gerrit-init-configmap
      - name: gerrit-config
        configMap:
          name: {{ .Release.Name }}-gerrit-replica-configmap
      - name: gerrit-replica-secure-config
        secret:
          secretName: {{ .Release.Name }}-gerrit-replica-secure-config
      {{ if .Values.gerritReplica.service.ssh.enabled -}}
      - name: gerrit-replica-ssh
        secret:
          secretName: {{ .Release.Name }}-gerrit-replica-ssh-secret
      {{- end }}
      {{ if .Values.promtailSidecar.enabled -}}
      - name: promtail-config
        configMap:
          name: {{ .Release.Name }}-promtail-gerrit-configmap
      - name: promtail-secret
        secret:
          secretName: {{ .Release.Name }}-promtail-secret
      {{- end }}