kind: Deployment
apiVersion: apps/v1
metadata:
  name: {{ .Release.Name }}
  labels:
    app: {{ .Release.Name }}
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
    spec:
      serviceAccountName: {{ .Release.Name }}
      containers:
        - name: traefik
          image: {{ .Values.image }}
          args:
            - --providers.kubernetescrd.ingressclass={{ .Values.config.ingressclass }}
            - --log.level=ERROR
            - --accesslog=true
            - --api
            - --api.insecure
            - --entrypoints.web.address=:{{ .Values.config.http_port }}
            - --entrypoints.websecure.address=:{{ .Values.config.https_port }}
            - --entrypoints.websecure.http.tls=true
            - --providers.kubernetescrd
{{ if .Values.enable.statsd }}
            - --metrics.statsd=true
            - --metrics.statsd.address={{ .Values.config.statsd_endpoint }}
            - --metrics.statsd.addEntryPointsLabels=true
            - --metrics.statsd.addServicesLabels=true
            - --metrics.statsd.prefix={{ .Release.Name }}
{{ end }}
{{ if .Values.enable.dnschallenge }}
            - --certificatesresolvers.myresolver.acme.dnschallenge=true
            - --certificatesresolvers.myresolver.acme.dnschallenge.provider={{ .Values.config.dnschallenge_provider }}
            - --certificatesresolvers.myresolver.acme.email={{ .Values.config.acme_email }}
            - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
            - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1
{{ end }}
{{ if .Values.enable.tlschallenge }}
            - --certificatesresolvers.myresolver.acme.tlschallenge
            - --certificatesresolvers.myresolver.acme.email={{ .Values.config.acme_email }}
            - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
{{ end }}
{{ if .Values.enable.tracing }}
            - --tracing=true
            - --tracing.serviceName={{ .Release.Name }}
            - --tracing.spanNameLimit=0
            - --tracing.zipkin=true
            - --tracing.zipkin.httpEndpoint={{ .Values.config.tracing_endpoint}}
            - --tracing.zipkin.sampleRate=1.0
{{ end }}
          volumeMounts:
          - mountPath: /acme
            name: acme-certs
          ports:
            - name: web
              containerPort: {{ .Values.config.http_port }}
            - name: websecure
              containerPort: {{ .Values.config.https_port }}
            - name: admin
              containerPort: {{ .Values.config.admin_port }}
          envFrom:
{{ if .Values.enable.dnschallenge }}
            - secretRef:
                name: {{ .Values.config.dnschallenge_provider_secret }}
{{ end }}
          resources:
            requests:
              memory: 128Mi
              cpu: 250m
            limits:
              memory: 1Gi
              cpu: "1"
      volumes:
        - name: acme-certs
          persistentVolumeClaim:
              claimName: {{ .Release.Name }}