apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "operator.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "operator.fullname" . }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ template "operator.fullname" . }}
  template:
    metadata:
      labels:
        app: {{ template "operator.fullname" . }}
    spec:
      serviceAccountName: {{ template "operator.serviceAccountName" . }}
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
      {{- end }}
      containers:
      - name: operator
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
        - containerPort: {{ .Values.service.port }}
          name: http
        envFrom:
        - configMapRef:
            name: {{ default "" .Values.namePrefix }}{{ .Values.configMap.name }}
        - secretRef:
            name: {{ default "" .Values.namePrefix }}{{ .Values.secret.name }}
        # Separate Cloudflare credentials secret created by Ansible
        - secretRef:
            name: cloudflare-credentials
        env:
        # Cloudflare integration configuration
        - name: ALLOW_CLOUDFLARE_FALLBACKS
          value: "{{ .Values.cloudflare.skipIntegration | default "false" | ternary "true" "false" }}"
        - name: SKIP_CLOUDFLARE_INTEGRATION
          value: "{{ .Values.cloudflare.skipIntegration | default "false" | ternary "true" "false" }}"
        livenessProbe:
          httpGet:
            path: {{ .Values.probes.liveness.path }}
            port: http
          initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
          periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
          failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
        readinessProbe:
          httpGet:
            path: {{ .Values.probes.readiness.path }}
            port: http
          initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
          periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
          failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
        resources:
          {{- toYaml .Values.resources | nindent 10 }}