---
apiVersion: v1
kind: Pod
metadata:
  name: ansible-tower-management
  namespace: {{ kubernetes_namespace }}
{% if kubernetes_pod_annotations is defined %}
    annotations:
{% for key, value in kubernetes_pod_annotations.items() %}
      {{ key }}: {{ value | quote }}
{% endfor %}
{% endif %}
spec:
{% if kubernetes_image_pull_secrets is defined %}
  imagePullSecrets:
    - name: "{{ kubernetes_image_pull_secrets }}"
{% endif %}
  containers:
    - name: ansible-tower-management
      image: "{{ kubernetes_awx_image }}:{{ kubernetes_awx_version }}"
      imagePullPolicy: Always
      command: ["sleep", "infinity"]
      volumeMounts:
{% if ca_trust_dir is defined %}
        - name: {{ kubernetes_deployment_name }}-ca-trust-dir
          mountPath: "/etc/pki/ca-trust/source/anchors/"
          readOnly: true

{% endif %}
        - name: {{ kubernetes_deployment_name }}-application-config
          mountPath: "/etc/tower/settings.py"
          subPath: settings.py
          readOnly: true
{% if postgres_root_ca_cert is defined %}
        - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
          mountPath: {{ ca_trust_bundle }}
          subPath: {{ postgres_root_ca_filename }}
          readOnly: true
{% endif %}
        - name: "{{ kubernetes_deployment_name }}-application-credentials"
          mountPath: "/etc/tower/conf.d/"
          readOnly: true

        - name: {{ kubernetes_deployment_name }}-secret-key
          mountPath: "/etc/tower/SECRET_KEY"
          subPath: SECRET_KEY
          readOnly: true
      resources:
{% if management_mem_limit is defined or management_cpu_limit is defined %}
        limits:
{% endif %}
{% if management_mem_limit is defined %}
          memory: "{{ management_mem_limit }}Gi"
{% endif %}
{% if management_cpu_limit is defined %}
          cpu: "{{ management_cpu_limit }}m"
{% endif %}
{% if tolerations is defined %}
  tolerations:
{{ tolerations | to_nice_yaml(indent=2) | indent(width=4, indentfirst=True) }}
{% endif %}
{% if node_selector is defined %}
  nodeSelector:
{{ node_selector | to_nice_yaml(indent=2) | indent(width=4, indentfirst=True) }}
{% endif %}
{% if affinity is defined %}
  affinity:
{{ affinity | to_nice_yaml(indent=2) | indent(width=4, indentfirst=True) }}
{% endif %}
  volumes:
{% if ca_trust_dir is defined %}
    - name: {{ kubernetes_deployment_name }}-ca-trust-dir
      hostPath:
        path: "{{ ca_trust_dir }}"
        type: Directory

{% endif %}
    - name: {{ kubernetes_deployment_name }}-application-config
      configMap:
        name: {{ kubernetes_deployment_name }}-config
        items:
          - key: {{ kubernetes_deployment_name }}_settings
            path: settings.py
{% if postgres_root_ca_cert is defined %}
    - name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
      configMap:
        name: {{ kubernetes_deployment_name }}-postgres-root-ca-cert
        items:
        - key: postgres_root_ca.crt
          path: postgres_root_ca.crt
{% endif %}
    - name: {{ kubernetes_deployment_name }}-secret-key
      secret:
        secretName: "{{ kubernetes_deployment_name }}-secrets"
        items:
          - key: secret_key
            path: SECRET_KEY

    - name: "{{ kubernetes_deployment_name }}-application-credentials"
      secret:
        secretName: "{{ kubernetes_deployment_name }}-secrets"
        items:
          - key: credentials_py
            path: 'credentials.py'

  restartPolicy: Never