apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: gloo
    gloo: gloo
  name: gloo
  namespace: {{ .Release.Namespace }}
spec:
  replicas: {{ .Values.gloo.deployment.replicas }}
  selector:
    matchLabels:
      gloo: gloo
  template:
    metadata:
      labels:
        gloo: gloo
      {{- if .Values.gloo.deployment.stats }}
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "9091"
        prometheus.io/scrape: "true"
      {{- end}}
    spec:
      containers:
      - image: "{{ .Values.gloo.deployment.image.repository }}:{{ .Values.gloo.deployment.image.tag }}"
        imagePullPolicy: {{ .Values.gloo.deployment.image.pullPolicy }}
        name: gloo
        resources:
          requests:
            cpu: 1
            memory: 256Mi
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          runAsNonRoot: true
          runAsUser: 10101
          capabilities:
            drop:
            - ALL
        ports:
        - containerPort: {{ .Values.gloo.deployment.xdsPort }}
          name: grpc
          protocol: TCP
        env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        {{- if .Values.gloo.deployment.stats }}
          - name: START_STATS_SERVER
            value: "true"
        {{- end}}
      {{- if .Values.gloo.deployment.image.pullSecret }}
      imagePullSecrets:
        - name: {{ .Values.gloo.deployment.image.pullSecret }}{{end}}