{{- if ne .Values.expose.type "ingress" }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "harbor.nginx" . }}
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: nginx
spec:
  replicas: {{ .Values.nginx.replicas }}
  selector:
    matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
      component: nginx
  template:
    metadata:
      labels:
{{ include "harbor.labels" . | indent 8 }}
        component: nginx
      annotations:
      {{- if not .Values.expose.tls.enabled }}
        checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }}
      {{- else }}
        checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-https.yaml") . | sha256sum }}
      {{- end }}
      {{- if eq (include "harbor.autoGenCertForNginx" .) "true" }}
        checksum/secret: {{ include (print $.Template.BasePath "/nginx/secret.yaml") . | sha256sum }}
      {{- end }}
{{- if .Values.nginx.podAnnotations }}
{{ toYaml .Values.nginx.podAnnotations | indent 8 }}
{{- end }}
    spec:
{{- if .Values.nginx.serviceAccountName }}
      serviceAccountName: {{ .Values.nginx.serviceAccountName }}
{{- end }}
      securityContext:
        fsGroup: 10000
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - name: nginx
{{- if contains "/" .Values.nginx.image.repository }}
        image: "{{ .Values.nginx.image.repository }}"
{{- else }}
        image: "{{ .Values.nginx.image.hub | default .Values.global.hub }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
{{- end }}
        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        {{- $_ := set . "scheme" "HTTP" -}}
        {{- $_ := set . "port" "8080" -}}
        {{- if .Values.expose.tls.enabled }}
          {{- $_ := set . "scheme" "HTTPS" -}}
          {{- $_ := set . "port" "8443" -}}
        {{- end }}
        livenessProbe:
          httpGet:
            scheme: {{ .scheme }}
            path: /
            port: {{ .port }}
          initialDelaySeconds: 300
          periodSeconds: 10
        readinessProbe:
          httpGet:
            scheme: {{ .scheme }}
            path: /
            port: {{ .port }}
          initialDelaySeconds: 1
          periodSeconds: 10
{{- if .Values.nginx.resources }}
        resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
        ports:
        - containerPort: 8080
        - containerPort: 8443
        - containerPort: 4443
        volumeMounts:
        - name: config
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
        {{- if .Values.expose.tls.enabled }}
        - name: certificate
          mountPath: /etc/nginx/cert
        {{- end }}
      volumes:
      - name: config
        configMap:
          name: {{ template "harbor.nginx" . }}
      {{- if .Values.expose.tls.enabled }}
      - name: certificate
        secret:
          secretName: {{ template "harbor.tlsSecretForNginx" . }}
      {{- end }}
    {{- with .Values.nginx.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.nginx.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.nginx.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
{{- end }}