apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "unbound.fullname" . }}
  namespace: {{ .Values.global.namespace }}
  labels:
    {{- include "unbound.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "unbound.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "unbound.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "unbound.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: dns-udp
              containerPort: {{ .Values.service.ports.dnsUdp }}
              protocol: UDP
            - name: dns-tcp
              containerPort: {{ .Values.service.ports.dnsTcp }}
              protocol: TCP
          {{- if .Values.probes.readiness.enabled }}
          readinessProbe:
            exec:
              command:
                - sh
                - -c
                - {{ .Values.probes.readiness.command | quote }}
            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
          {{- end }}
          {{- if .Values.probes.liveness.enabled }}
          livenessProbe:
            exec:
              command:
                - sh
                - -c
                - {{ .Values.probes.liveness.command | quote }}
            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            {{- if .Values.config.enabled }}
            {{- if .Values.config.forwardRecords }}
            - name: unbound-config
              mountPath: /opt/unbound/etc/unbound/forward-records.conf
              subPath: forward-records.conf
            {{- end }}
            {{- if .Values.config.serverConfig }}
            - name: unbound-config
              mountPath: /opt/unbound/etc/unbound/a-records.conf
              subPath: a-records.conf
            {{- end }}
            {{- if .Values.config.content }}
            - name: unbound-config
              mountPath: /opt/unbound/etc/unbound/unbound.conf
              subPath: unbound.conf
            {{- end }}
            {{- end }}
            {{- with .Values.volumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
          {{- with .Values.env }}
          env:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      volumes:
        {{- if .Values.config.enabled }}
        - name: unbound-config
          configMap:
            name: {{ include "unbound.fullname" . }}-config
        {{- end }}
        {{- with .Values.volumes }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.extraInitContainers }}
      initContainers:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.extraContainers }}
      containers:
        {{- toYaml . | nindent 8 }}
      {{- end }}