{{- if .Values.gateway.enabled }}
{{- range $key, $spec := .Values.gatewayProxies }}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: gloo
    gloo: {{ $key }}
  name: {{ $key }}
  namespace: {{ $.Release.Namespace }}
spec:
  replicas: {{ $spec.deployment.replicas }}
  selector:
    matchLabels:
      gloo: {{ $key }}
  template:
    metadata:
      labels:
        gloo: {{ $key }}
{{- with $spec.deployment.extraAnnotations }}
      annotations:
{{toYaml  . | indent 8}}{{- end }}
    spec:
      containers:
      - args: ["--disable-hot-restart"]
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        image: {{ $spec.deployment.image.repository }}:{{ $spec.deployment.image.tag }}
        imagePullPolicy: {{ $spec.deployment.image.pullPolicy }}
        name: gateway-proxy
        securityContext:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        ports:
        - containerPort: {{ $spec.deployment.httpPort }}
          name: http
          protocol: TCP
        - containerPort: {{ $spec.deployment.httpsPort }}
          name: https
          protocol: TCP
{{- with $spec.deployment.extraPorts }}
{{toYaml  . | indent 8}}{{- end }}
        volumeMounts:
        - mountPath: /etc/envoy
          name: envoy-config
      {{- if $spec.deployment.image.pullSecret }}
      imagePullSecrets:
        - name: {{ $spec.deployment.image.pullSecret }}{{end}}
      volumes:
      - configMap:
          name: {{ $key }}-envoy-config
        name: envoy-config
{{- end }}
{{- end }}