apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "mariadb.fullname" . }}
  labels:
    {{- include "mariadb.labels" . | nindent 4 }}
spec:
  replicas: {{.Values.replicaCount}}
  selector:
    matchLabels:
      {{- include "mariadb.selectorLabels" . | nindent 6 }}
  strategy:
    type: Recreate
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "mariadb.selectorLabels" . | nindent 8 }}
    spec:
      {{- $volmounts := toYaml .Values.volumeMounts | trim | nindent 12 }}
      {{- $volumes := toYaml .Values.volumes | trim | nindent 8 }}
      serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
      # This would run during entrypoint if run as root
      - name: set-volume-owners
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
            runAsUser: 0
            allowPrivilegeEscalation: true
            capabilities:
              drop:
              - ALL
              add:
              - CHOWN
              - FOWNER
              - DAC_OVERRIDE
            seccompProfile:
              type: RuntimeDefault
        volumeMounts:
          - name: mariadb-conf
            mountPath: /etc/mysql/conf.d
          - name: mariadb-run
            mountPath: /run/mysql
          {{- $volmounts }}
        command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
        env:
          - name: DATADIR
            value: /var/lib/mysql
          - name: SOCKET
            value: /run/mysql/mysql.sock
      containers:
      - name: mariadb
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
          {{- toYaml .Values.securityContext | nindent 12 }}
        envFrom:
          - configMapRef:
              name: mariadb-cm
        env:
          - name: MARIADB_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: ironic-mariadb
        lifecycle:
          preStop:
            exec:
              command:
              - sh
              - -c
              - mysqladmin shutdown -uironic -p$(printenv MARIADB_PASSWORD)
        livenessProbe:
          exec:
            command:
              - healthcheck.sh
              - --connect
              - --innodb_initialized
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 10
        ports:
          - containerPort: 3306
            name: mariadb
            protocol: TCP
        readinessProbe:
          exec:
            command:
              - healthcheck.sh
              - --connect
              - --innodb_initialized
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 10
        volumeMounts:
            - name: mariadb-conf
              mountPath: /etc/mysql/conf.d
            - name: mariadb-run
              mountPath: /run/mysql
            {{- $volmounts }}
      {{- with .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: mariadb-conf
          configMap:
            name: mariadb-config
        - name: mariadb-run
          emptyDir:
            sizeLimit: 20Mi
        {{- $volumes }}