---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubeshark.co/app: hub
    {{- include "kubeshark.labels" . | nindent 4 }}
  annotations:
  {{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
  {{- end }}
  name: {{ include "kubeshark.name" . }}-hub
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1  # Set the desired number of replicas
  selector:
    matchLabels:
      app.kubeshark.co/app: hub
      {{- include "kubeshark.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        app.kubeshark.co/app: hub
        {{- include "kubeshark.labels" . | nindent 8 }}
    spec:
      dnsPolicy: ClusterFirstWithHostNet
      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
      containers:
        - name: kubeshark-hub
          command:
            - ./hub
            - -port
            - "8080"
          {{- if .Values.tap.debug }}
            - -debug
          {{- end }}
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: KUBESHARK_CLOUD_API_URL
            value: 'https://api.kubeshark.co'
        {{- if .Values.tap.docker.overrideTag.hub }}
          image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.overrideTag.hub }}'
        {{ else }}
          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
        {{- end }}
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          readinessProbe:
            periodSeconds: 1
            failureThreshold: 3
            successThreshold: 1
            initialDelaySeconds: 3
            tcpSocket:
              port: 8080
          livenessProbe:
            periodSeconds: 1
            failureThreshold: 3
            successThreshold: 1
            initialDelaySeconds: 3
            tcpSocket:
              port: 8080
          resources:
            limits:
              cpu: {{ .Values.tap.resources.hub.limits.cpu }}
              memory: {{ .Values.tap.resources.hub.limits.memory }}
            requests:
              cpu: {{ .Values.tap.resources.hub.requests.cpu }}
              memory: {{ .Values.tap.resources.hub.requests.memory }}
          volumeMounts:
          - name: saml-x509-volume
            mountPath: "/etc/saml/x509"
            readOnly: true
      volumes:
      - name: saml-x509-volume
        projected:
          sources:
          - secret:
              name: kubeshark-saml-x509-crt-secret
              items:
              - key: AUTH_SAML_X509_CRT
                path: kubeshark.crt
          - secret:
              name: kubeshark-saml-x509-key-secret
              items:
              - key: AUTH_SAML_X509_KEY
                path: kubeshark.key