{{- if .Values.settings.integrations.knative.enabled }}

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: gloo
    gloo: clusteringress-proxy
  name: clusteringress-proxy
  namespace: {{ .Release.Namespace }}
spec:
  replicas: {{ .Values.settings.integrations.knative.proxy.replicas }}
  selector:
    matchLabels:
      gloo: clusteringress-proxy
  template:
    metadata:
      labels:
        gloo: clusteringress-proxy
    spec:
      containers:
      - args: ["--disable-hot-restart"]
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        image: {{ .Values.settings.integrations.knative.proxy.image.repository }}:{{ .Values.settings.integrations.knative.proxy.image.tag }}
        imagePullPolicy: {{ .Values.settings.integrations.knative.proxy.image.pullPolicy }}
        name: clusteringress-proxy
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        ports:
        - containerPort: {{ .Values.settings.integrations.knative.proxy.httpPort }}
          name: http
          protocol: TCP
        - containerPort: {{ .Values.settings.integrations.knative.proxy.httpsPort }}
          name: https
          protocol: TCP
        volumeMounts:
        - mountPath: /etc/envoy
          name: envoy-config
      volumes:
      - configMap:
          name: clusteringress-envoy-config
        name: envoy-config

{{- end }}