apiVersion: apps/v1
{{- if .Values.cozystackAPI.localK8sAPIEndpoint.enabled }}
kind: DaemonSet
{{- else }}
kind: Deployment
{{- end }}
metadata:
  name: cozystack-api
  namespace: cozy-system
  labels:
    app: cozystack-api
spec:
  {{- if not .Values.cozystackAPI.localK8sAPIEndpoint.enabled }}
  replicas: {{ .Values.cozystackAPI.replicas }}
  {{- end }}
  selector:
    matchLabels:
      app: cozystack-api
  template:
    metadata:
      labels:
        app: cozystack-api
    spec:
      serviceAccountName: cozystack-api
      {{- if .Values.cozystackAPI.localK8sAPIEndpoint.enabled }}
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      {{- end }}
      containers:
      - name: cozystack-api
        args:
        - --tls-cert-file=/tmp/cozystack-api-certs/tls.crt
        - --tls-private-key-file=/tmp/cozystack-api-certs/tls.key
        {{- if .Values.cozystackAPI.localK8sAPIEndpoint.enabled }}
        env:
        - name: KUBERNETES_SERVICE_HOST
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        - name: KUBERNETES_SERVICE_PORT
          value: "6443"
        {{- end }}
        image: "{{ .Values.cozystackAPI.image }}"
        ports:
        - containerPort: 443
          name: https
        volumeMounts:
          - name: cozystack-api-certs
            mountPath: /tmp/cozystack-api-certs
            readOnly: true
      volumes:
        - name: cozystack-api-certs
          secret:
            secretName: cozystack-api-cert
            defaultMode: 0400