locals {
  authentik_url = "http://authentik.${var.domain}-auth.svc"
  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common_labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
    "vynil.solidite.fr/owner-category" = var.category
    "vynil.solidite.fr/owner-component" = var.component
    "app.kubernetes.io/managed-by" = "vynil"
    "app.kubernetes.io/instance" = var.instance
  }
  pvc_spec = merge({
    "accessModes" = [var.storage.volume.accessMode]
    "volumeMode" = var.storage.volume.type
    "resources" = {
      "requests" = {
        "storage" = "${var.storage.volume.size}"
      }
    }
  }, var.storage.volume.class != "" ?{
    "storageClassName" = var.storage.volume.class
  }:{})
}


data "kubernetes_secret_v1" "authentik" {
  metadata {
    name      = "authentik"
    namespace = "${var.domain}-auth"
  }
}

data "kubernetes_ingress_v1" "authentik" {
  metadata {
    name = "authentik"
    namespace = "${var.domain}-auth"
  }
}

data "kustomization_overlay" "data" {
  common_labels = local.common_labels
  namespace = var.namespace
  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
  images {
    name = "docker.io/grafana/grafana"
    new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}"
    new_tag = "${var.images.grafana.tag}"
  }
  images {
    name = "docker.io/library/busybox"
    new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}"
    new_tag = "${var.images.busybox.tag}"
  }
  images {
    name = "quay.io/kiwigrid/k8s-sidecar"
    new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}"
    new_tag = "${var.images.sidecar.tag}"
  }
  patches {
    target {
      kind = "PersistentVolumeClaim"
      name = "grafana"
    }
    patch = <<-EOF
      kind: PersistentVolumeClaim
      apiVersion: v1
      metadata:
        name: grafana
        annotations:
          k8up.io/backup: "true"
          resize.kubesphere.io/storage_limit: "${var.storage.volume.maxSize}"
      spec: ${jsonencode(local.pvc_spec)}
    EOF
  }
  patches {
    target {
      kind = "ServiceMonitor"
      name = "grafana"
    }
    patch = <<-EOF
    - op: replace
      path: /spec/namespaceSelector/matchNames/0
      value: "${var.namespace}"
    EOF
  }
  patches {
    target {
      kind = "Deployment"
      name = "grafana"
    }
    patch = <<-EOF
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: grafana
        annotations:
          configmap.reloader.stakater.com/reload: "grafana"
      spec:
        template:
          spec:
            containers:
              - name: grafana
                volumeMounts:
                  - name: local-certs
                    mountPath: "/etc/local-certs"
            volumes:
            - name: local-certs
              secret:
                secretName: "${var.instance}-cert"
                defaultMode: 0444
    EOF
  }
}