{{- if .Values.gitserver.enabled -}}
{{- $fullName := include "gitdata.fullname" . -}}
{{- $ns := include "gitdata.namespace" . -}}
{{- $svc := .Values.gitserver -}}

{{/* Uses shared PVC defined in storage.yaml */}}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ $fullName }}-gitserver
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-gitserver
    app.kubernetes.io/instance: {{ $.Release.Name }}
    app.kubernetes.io/version: {{ $.Chart.AppVersion }}
spec:
  replicas: {{ $svc.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ $fullName }}-gitserver
      app.kubernetes.io/instance: {{ $.Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ $fullName }}-gitserver
        app.kubernetes.io/instance: {{ $.Release.Name }}
    spec:
      {{- if $.Values.image.pullSecrets }}
      imagePullSecrets:
        {{- range $.Values.image.pullSecrets }}
        - name: {{ . }}
        {{- end }}
      {{- end }}
      containers:
        - name: gitserver
          image: "{{ $.Values.image.registry }}/{{ $svc.image.repository }}:{{ $svc.image.tag }}"
          imagePullPolicy: {{ $svc.image.pullPolicy | default $.Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ $svc.service.http.port }}
              protocol: TCP
            - name: ssh
              containerPort: {{ $svc.service.ssh.port }}
              protocol: TCP
          env:
            - name: APP_REPOS_ROOT
              value: /data/repos
            - name: APP_DATABASE_URL
              valueFrom:
                configMapKeyRef:
                  name: {{ $fullName }}-config
                  key: APP_DATABASE_URL
                  optional: true
            - name: APP_REDIS_URL
              valueFrom:
                configMapKeyRef:
                  name: {{ $fullName }}-config
                  key: APP_REDIS_URL
                  optional: true
            - name: APP_SSH_DOMAIN
              valueFrom:
                configMapKeyRef:
                  name: {{ $fullName }}-config
                  key: APP_SSH_DOMAIN
                  optional: true
            - name: APP_SSH_PORT
              valueFrom:
                configMapKeyRef:
                  name: {{ $fullName }}-config
                  key: APP_SSH_PORT
                  optional: true
            {{- range $svc.env }}
            - name: {{ .name }}
              value: {{ .value | quote }}
            {{- end }}
          {{- if $svc.livenessProbe }}
          livenessProbe:
            tcpSocket:
              port: {{ $svc.livenessProbe.tcpSocket.port }}
            initialDelaySeconds: {{ $svc.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ $svc.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ $svc.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ $svc.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if $svc.readinessProbe }}
          readinessProbe:
            tcpSocket:
              port: {{ $svc.readinessProbe.tcpSocket.port }}
            initialDelaySeconds: {{ $svc.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ $svc.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ $svc.readinessProbe.timeoutSeconds }}
            failureThreshold: {{ $svc.readinessProbe.failureThreshold }}
          {{- end }}
          volumeMounts:
            {{- if and $svc.persistence.enabled $.Values.storage.enabled }}
            - name: shared-data
              mountPath: /data/repos
              subPath: repos/
            {{- end }}
      volumes:
        {{- if and $svc.persistence.enabled $.Values.storage.enabled }}
        - name: shared-data
          persistentVolumeClaim:
            claimName: {{ $fullName }}-shared-data
        {{- end }}
      {{- with $svc.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $svc.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $svc.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}

---
# HTTP service (git smart HTTP)
apiVersion: v1
kind: Service
metadata:
  name: {{ $fullName }}-gitserver-http
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-gitserver
    app.kubernetes.io/instance: {{ $.Release.Name }}
spec:
  type: {{ $svc.service.http.type }}
  ports:
    - name: http
      port: {{ $svc.service.http.port }}
      targetPort: http
      protocol: TCP
  selector:
    app.kubernetes.io/name: {{ $fullName }}-gitserver
    app.kubernetes.io/instance: {{ $.Release.Name }}

---
# SSH service (git over SSH)
apiVersion: v1
kind: Service
metadata:
  name: {{ $fullName }}-gitserver-ssh
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-gitserver
    app.kubernetes.io/instance: {{ $.Release.Name }}
  {{- if $svc.service.ssh.loadBalancerSourceRanges }}
  annotations:
    metallb.universe.tf/loadBalancerIPs: {{ $svc.service.ssh.loadBalancerIP | default "" }}
  {{- end }}
spec:
  type: {{ $svc.service.ssh.type }}
  {{- if eq $svc.service.ssh.type "LoadBalancer" }}
  ports:
    - name: ssh
      port: {{ $svc.service.ssh.port }}
      targetPort: ssh
      protocol: TCP
  {{- if $svc.service.ssh.loadBalancerIP }}
  loadBalancerIP: {{ $svc.service.ssh.loadBalancerIP }}
  {{- end }}
  {{- if $svc.service.ssh.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
    {{- range $svc.service.ssh.loadBalancerSourceRanges }}
    - {{ . }}
    {{- end }}
  {{- end }}
  {{- else if eq $svc.service.ssh.type "NodePort" }}
  ports:
    - name: ssh
      port: {{ $svc.service.ssh.port }}
      targetPort: ssh
      nodePort: {{ $svc.service.ssh.nodePort | default 30222 }}
      protocol: TCP
  {{- else }}
  ports:
    - name: ssh
      port: {{ $svc.service.ssh.port }}
      targetPort: ssh
      protocol: TCP
  {{- end }}
  selector:
    app.kubernetes.io/name: {{ $fullName }}-gitserver
    app.kubernetes.io/instance: {{ $.Release.Name }}
{{- end }}