apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "ezscale-website.fullname" . }}-app
  labels:
    {{- include "ezscale-website.labels" . | nindent 4 }}
    app.kubernetes.io/component: app
spec:
  {{- if not .Values.app.autoscaling.enabled }}
  replicas: {{ .Values.app.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "ezscale-website.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: app
  template:
    metadata:
      labels:
        {{- include "ezscale-website.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: app
      annotations:
        # Restart pods when env or nginx config changes
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        checksum/nginx: {{ include (print $.Template.BasePath "/configmap-nginx.yaml") . | sha256sum }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      initContainers:
        - name: copy-source
          image: {{ include "ezscale-website.image" (dict "ctx" . "role" "app") }}
          command:
            - sh
            - -c
            - |
              cp -a /var/www/html/. /shared/
          volumeMounts:
            - name: shared
              mountPath: /shared
      containers:
        - name: nginx
          image: nginx:1.30-alpine
          ports:
            - name: http
              containerPort: 80
          volumeMounts:
            - name: shared
              mountPath: /var/www/html
              readOnly: true
            - name: nginx-config
              mountPath: /etc/nginx/conf.d
              readOnly: true
          # Startup probe gives the app up to 100s for first-boot work
          # (config:cache + route:cache + view:cache + opcache warmup) before
          # liveness takes over.
          startupProbe:
            httpGet:
              path: {{ .Values.healthCheck.livenessPath }}
              port: http
            failureThreshold: 20
            periodSeconds: 5
          livenessProbe:
            httpGet:
              path: {{ .Values.healthCheck.livenessPath }}
              port: http
            periodSeconds: {{ .Values.healthCheck.periodSeconds }}
            timeoutSeconds: {{ .Values.healthCheck.timeoutSeconds }}
            failureThreshold: {{ .Values.healthCheck.failureThreshold }}
          readinessProbe:
            httpGet:
              path: {{ .Values.healthCheck.readinessPath }}
              port: http
            periodSeconds: 5
        - name: app
          image: {{ include "ezscale-website.image" (dict "ctx" . "role" "app") }}
          ports:
            - name: php-fpm
              containerPort: 9000
          envFrom:
            - configMapRef:
                name: {{ include "ezscale-website.fullname" . }}-env
            - secretRef:
                name: {{ include "ezscale-website.secretName" . }}
          volumeMounts:
            - name: shared
              mountPath: /var/www/html
            - name: oauth-keys
              mountPath: /var/www/html/secrets
              readOnly: true
          resources:
            {{- toYaml .Values.app.resources | nindent 12 }}
      volumes:
        - name: shared
          emptyDir: {}
        - name: nginx-config
          configMap:
            name: {{ include "ezscale-website.fullname" . }}-nginx
        - name: oauth-keys
          secret:
            secretName: {{ include "ezscale-website.secretName" . }}
            items:
              - key: oauth-private.key
                path: oauth-private.key
              - key: oauth-public.key
                path: oauth-public.key
            optional: true