---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: '{{.Release.Name}}-pgadmin'
spec:
  serviceName: '{{.Release.Name}}-pgadmin-service'
  podManagementPolicy: Parallel
  replicas: 1
  selector:
    matchLabels:
      app: '{{.Release.Name}}-pgadmin'
      type: pgadmin
  template:
    metadata:
      labels:
        app: '{{.Release.Name}}-pgadmin'
    spec:
      terminationGracePeriodSeconds: 10
      containers:
        - name: '{{.Release.Name}}-pgadmin'
          image: '{{.Values.pgadmin.image.name}}:{{.Values.pgadmin.image.tag}}'
          imagePullPolicy: Always
          env:
            - name: PGADMIN_DEFAULT_EMAIL
              value: {{.Values.pgadmin.env.email}}
            - name: PGADMIN_DEFAULT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: '{{.Release.Name}}-pgadmin-secret'
                  key: password
{{- if .Values.pgadmin.env.oidc.enabled }}
            - name: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
              value: "['oauth2', 'internal']"
            - name: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
              value: "True"
            - name: PGADMIN_CONFIG_OAUTH2_CONFIG
              value: "[{ 'OAUTH2_NAME': '{{.Values.pgadmin.env.oidc.name}}', 'OAUTH2_DISPLAY_NAME': '{{.Values.pgadmin.env.oidc.displayName}}','OAUTH2_CLIENT_ID': '{{.Values.pgadmin.env.oidc.clientId}}','OAUTH2_CLIENT_SECRET': '{{.Values.pgadmin.env.oidc.clientSecret}}','OAUTH2_TOKEN_URL': '{{.Values.pgadmin.env.oidc.issuerUrl}}/protocol/openid-connect/token','OAUTH2_AUTHORIZATION_URL': '{{.Values.pgadmin.env.oidc.issuerUrl}}/protocol/openid-connect/auth','OAUTH2_API_BASE_URL': '{{.Values.pgadmin.env.oidc.issuerUrl}}/protocol/openid-connect/','OAUTH2_USERINFO_ENDPOINT': 'userinfo','OAUTH2_SCOPE': '{{.Values.pgadmin.env.oidc.scope}}','OAUTH2_USERNAME_CLAIM': '{{.Values.pgadmin.env.oidc.claim}}', 'OAUTH2_SERVER_METADATA_URL': '{{.Values.pgadmin.env.oidc.issuerUrl}}/.well-known/openid-configuration', 'OAUTH2_ICON': '{{.Values.pgadmin.env.oidc.icon}}', 'OAUTH2_BUTTON_COLOR': '{{.Values.pgadmin.env.oidc.buttonColor}}', }]"
{{- end }}
          resources:
            limits:
              cpu: 100m
              memory: 256Mi
            requests:
              cpu: 100m
              memory: 256Mi
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: '{{.Release.Name}}-pgadmin-config'
              mountPath: /pgadmin4/servers.json
              subPath: servers.json
              readOnly: true
{{- if .Values.pgadmin.persistentVolume.enabled }}
            - name: '{{.Release.Name}}-pgadmin-data'
              mountPath: /var/lib/pgadmin
{{- end }}
      volumes:
        - name: '{{.Release.Name}}-pgadmin-config'
          configMap:
            name: '{{.Release.Name}}-pgadmin-config'
{{- if .Values.pgadmin.persistentVolume.enabled }}
  volumeClaimTemplates:
    - metadata:
        name: '{{.Release.Name}}-pgadmin-data'
      spec:
        accessModes: 
          {{- .Values.pgadmin.persistentVolume.accessModes | toYaml | nindent 8 }}
        resources:
          requests:
            storage: {{ .Values.pgadmin.persistentVolume.size }}
{{- end }}