{{- if .Values.ingress.enabled }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: gloo
    gloo: ingress-proxy
  name: ingress-proxy
  namespace: {{ .Release.Namespace }}
spec:
  replicas: {{ .Values.ingressProxy.deployment.replicas }}
  selector:
    matchLabels:
      gloo: ingress-proxy
  template:
    metadata:
      labels:
        gloo: ingress-proxy
{{- with .Values.ingressProxy.deployment.extraAnnotations }}
      annotations:
{{toYaml  . | indent 8}}{{- end }}
    spec:
      containers:
      - args: ["--disable-hot-restart"]
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        image: "{{ .Values.ingressProxy.deployment.image.repository }}:{{ .Values.ingressProxy.deployment.image.tag }}"
        imagePullPolicy: {{ .Values.ingressProxy.deployment.image.pullPolicy }}
        name: ingress-proxy
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        ports:
        - containerPort: {{ .Values.ingressProxy.deployment.httpPort }}
          name: http
          protocol: TCP
        - containerPort: {{ .Values.ingressProxy.deployment.httpsPort }}
          name: https
          protocol: TCP
{{- with .Values.ingressProxy.deployment.extraPorts }}
{{toYaml  . | indent 8}}{{- end }}
        volumeMounts:
        - mountPath: /etc/envoy
          name: envoy-config
      {{- if .Values.ingressProxy.deployment.image.pullSecret }}
      imagePullSecrets:
        - name: {{ .Values.ingressProxy.deployment.image.pullSecret }}{{end}}
      volumes:
      - configMap:
          name: ingress-envoy-config
        name: envoy-config

{{- end }}