{{- if .Values.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ include "v7-traceability.fullname" . }}
  labels:
    {{- include "v7-traceability.labels" . | nindent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "v7-traceability.selectorLabels" . | nindent 6 }}
      {{- with .Values.additionalLabels }}
      {{- range $key, $value := . }}
      {{ default "none" $key }}: {{ default "none" $value | quote }}
      {{- end }}
      {{- end }}
  serviceName: {{ include "v7-traceability.fullname" . }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "v7-traceability.selectorLabels" . | nindent 8 }}
        {{- with .Values.additionalLabels }}
        {{- range $key, $value := . }}
        {{ default "none" $key }}: {{ default "none" $value | quote }}
        {{- end }}
        {{- end }}
    spec:
      {{- if .Values.image.pullSecret }}
      imagePullSecrets:
      - name: {{ .Values.image.pullSecret }}
      {{- end }}
      {{- if .Values.initContainer.enabled }}
      initContainers:
        - name: init
          image: "{{ .Values.initContainer.image.name }}"
          imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
          securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
          command:                   
            - sh
            - -c
            - chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data;
          volumeMounts:
            - name: data
              mountPath: /data
      {{- end }}
      serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ include "v7-traceability.imageName" . }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
          - name: probe-port
            containerPort: {{ .Values.statusPort }}
            protocol: TCP
          livenessProbe:
            httpGet:
              path: /status
              port: probe-port
            {{- with .Values.livenessProbe }}
            {{- range $key, $value := . }}
            {{ $key }}: {{ $value }}
            {{- end }}
            {{- end }}
          readinessProbe:
            httpGet:
              path: /status
              port: probe-port
            {{- with .Values.readinessProbe }}
            {{- range $key, $value := . }}
            {{ $key }}: {{ $value }}
            {{- end }}
            {{- end }}
          env:
          {{- with .Values.env }}
          {{- range $key, $value := . }}
          {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
            - name: {{ $key }}
              value: {{ $value | quote }} 
          {{- end }}
          {{- end }}
          {{- end }}
          {{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }}
          {{- if not .Values.env.APIGATEWAY_ONLY }}
            - name: APIMANAGER_AUTH_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secrets.credentials }}
                  key: APIMANAGER_AUTH_USERNAME
            - name: APIMANAGER_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secrets.credentials }}
                  key: APIMANAGER_AUTH_PASSWORD
          {{- end}}
          {{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }}
            - name: APIGATEWAY_AUTH_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secrets.credentials }}
                  key: APIGATEWAY_AUTH_USERNAME
            - name: APIGATEWAY_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secrets.credentials }}
                  key: APIGATEWAY_AUTH_PASSWORD
          {{- end}}
          {{- end}}
          volumeMounts:
          {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
            - name: "traceability-keys-secrets"
              mountPath: /keys
          {{- end}}
            - name: events
              mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
            - name: data
              mountPath: /data
            - name: logs
              mountPath: /logs
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
      - name: events
        persistentVolumeClaim:
          claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
      - name: logs
        persistentVolumeClaim:
          claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }}
      - name: data
        persistentVolumeClaim:
          claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
      {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
      - name: traceability-keys-secrets
        secret:
          secretName: {{ .Values.secrets.keys }}
          items:
          - key: private_key
            path: private_key.pem
          - key: public_key
            path: public_key.pem
      {{- end}}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}