apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "openvpn.fullname" . }}
  labels:
    {{- include "openvpn.labels" . | nindent 4 }}
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "openvpn.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- if .Values.multus }}
        v1.multus-cni.io/default-network: "{{ .Release.Namespace }}/{{ .Release.Name }}-net"
        {{- end }}
        checksum/config: {{ include (print $.Template.BasePath "/cm-configuration.yaml") . | sha256sum }}
        checksum/config2: {{ include (print $.Template.BasePath "/secret-keys.yaml") . | sha256sum }}
        checksum/config3: {{ include (print $.Template.BasePath "/cm-openvpnscripts.yaml") . | sha256sum }}
    {{- with .Values.openvpn.podAnnotations }}
        {{- toYaml . | nindent 8 }}
    {{- end }}
      labels:
        {{- include "openvpn.selectorLabels" . | nindent 8 }}
    spec:
      {{- if .Values.registry_secret_data }}
      imagePullSecrets:
      - name: {{ include "openvpn.fullname" . }}-registry-secret
      {{- end }}
      {{- if not .Values.multus }}
      hostNetwork: true
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          command: ["/scripts/startscript"]
          {{- if .Values.openvpn.healthcheck }}
          livenessProbe:
            exec:
              command:
              - /scripts/healthcheck
            initialDelaySeconds: 20
            periodSeconds: 60
            failureThreshold: 5
          {{- end }}
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - MKNOD
          image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
          env:
            - name: TZ
              value: Europe/Moscow
          resources:
            {{- toYaml .Values.openvpn.resources | nindent 12 }}
          volumeMounts:
            - name: keys
              mountPath: /etc/openvpn/keys/
            - name: ccd
              mountPath: /etc/openvpn/ccd/
            - name: configuration
              mountPath: /etc/openvpn/configuration/
            - name: scripts
              mountPath: /scripts/
        {{- if and .Values.virtIP_addr .Values.virtIP_dev }}
        - name: {{ .Chart.Name }}-stop
          image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
          command: ["sleep","infinity"]
          lifecycle:
            preStop:
              exec:
                command: ["/bin/bash","-c","/scripts/stopscript"]
          volumeMounts:
            - name: scripts
              mountPath: /scripts/
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - MKNOD
        {{- end }}
      {{- if .Values.multus }}
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - {{ .Values.multus.dnsIP }}
      {{- end }}
      volumes:
      - name: keys
        secret:
          secretName: {{ include "openvpn.fullname" . }}-keys
      - name: ccd
        configMap:
          name: {{ include "openvpn.fullname" . }}-ccd
      - name: configuration
        configMap:
          name: {{ include "openvpn.fullname" . }}-configuration
      - name: scripts
        configMap:
          name: {{ include "openvpn.fullname" . }}-scripts
          defaultMode: 0755