apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "kreuzberg.fullname" . }}
  labels:
    {{- include "kreuzberg.labels" . | nindent 4 }}
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  {{- with .Values.strategy }}
  strategy:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "kreuzberg.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "kreuzberg.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "kreuzberg.serviceAccountName" . }}
      enableServiceLinks: {{ .Values.enableServiceLinks }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- if and .Values.cache.enabled .Values.cache.initChown }}
      initContainers:
        - name: init-cache
          image: busybox:1.37-glibc
          command: ['sh', '-c', 'mkdir -p /app/.kreuzberg && chown -R 1000:1000 /app/.kreuzberg']
          securityContext:
            runAsUser: 0
            runAsNonRoot: false
            allowPrivilegeEscalation: false
            capabilities:
              add: ["CHOWN"]
              drop: ["ALL"]
          volumeMounts:
            - name: cache
              mountPath: /app/.kreuzberg
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ include "kreuzberg.image" . }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args: ["serve", "--host", "0.0.0.0", "--port", "8000"]
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          env:
            - name: RUST_LOG
              value: {{ .Values.kreuzberg.logLevel | quote }}
            - name: TESSDATA_PREFIX
              value: {{ .Values.kreuzberg.tessdataPrefix | quote }}
            - name: KREUZBERG_OCR_LANGUAGE
              value: {{ .Values.kreuzberg.ocrLanguage | quote }}
            - name: KREUZBERG_CACHE_DIR
              value: "/app/.kreuzberg"
            - name: HF_HOME
              value: "/app/.kreuzberg/huggingface"
            {{- with .Values.extraEnv }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
          startupProbe:
            httpGet:
              path: /health
              port: http
            periodSeconds: 10
            failureThreshold: 30
          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 3
            failureThreshold: 2
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            {{- if .Values.cache.enabled }}
            - name: cache
              mountPath: /app/.kreuzberg
            {{- end }}
            - name: tmp
              mountPath: /tmp
      volumes:
        {{- if .Values.cache.enabled }}
        - name: cache
          persistentVolumeClaim:
            claimName: {{ include "kreuzberg.fullname" . }}-cache
        {{- end }}
        - name: tmp
          emptyDir: {}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}