{{- if (eq .Values.blueprint.provider.type "ldap") }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "authentik-application.fullname" . }}-ldap
  labels:
    {{- include "authentik-application.labels" . | nindent 4 }}
spec:
  {{- if not .Values.ldap.autoscaling.enabled }}
  replicas: {{ .Values.ldap.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "authentik-application.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: ldap
  template:
    metadata:
      annotations:
        {{- with .Values.ldap.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- include "authentik-application.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: ldap
        {{- with .Values.ldap.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.ldap.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "authentik-application.serviceAccountName" (dict "root" . "part" "ldap") }}
      securityContext:
        {{- toYaml .Values.ldap.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}-ldap
          securityContext:
            {{- toYaml .Values.ldap.securityContext | nindent 12 }}
          image: "{{ .Values.ldap.image.registry }}/{{ .Values.ldap.image.repository }}:{{ .Values.ldap.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.ldap.image.pullPolicy }}
          env:
            - name: "AUTHENTIK_LISTEN__LDAP"
              value: ":{{ .Values.ldap.config.listen.ldap }}"
            - name: "AUTHENTIK_LISTEN__LDAPS"
              value: ":{{ .Values.ldap.config.listen.ldaps }}"
            - name: "AUTHENTIK_LISTEN__METRICS"
              value: ":{{ .Values.ldap.config.listen.metrics }}"
            - name: "AUTHENTIK_HOST"
              value: {{ .Values.blueprint.authentik.domain | quote }}
            - name: "AUTHENTIK_TOKEN"
              valueFrom:
                secretKeyRef:
                  name: {{ include "authentik-application.fullname" . }}
                  key: "ldapToken"
          ports:
            - name: ldap
              containerPort: {{ .Values.ldap.config.listen.ldap }}
              protocol: TCP
            - name: ldaps
              containerPort: {{ .Values.ldap.config.listen.ldaps }}
              protocol: TCP
            - name: metrics
              containerPort: {{ .Values.ldap.config.listen.metrics }}
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /metrics
              port: metrics
          readinessProbe:
            httpGet:
              path: /metrics
              port: metrics
          resources:
            {{- toYaml .Values.ldap.resources | nindent 12 }}
      {{- with .Values.ldap.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.ldap.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.ldap.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}