{{- /*
  Generate deployments for each PocketBase instance
*/ -}}
{{- $global := .Values.global }}
{{- $image := .Values.image }}
{{- $persistence := .Values.persistence }}
{{- $securityContext := .Values.securityContext }}
{{- $podSecurityContext := .Values.podSecurityContext }}
{{- $resources := .Values.resources }}
{{- range .Values.instances }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pocketbase-{{ .id }}
  labels:
    app: pocketbase
    instance: {{ .id }}
    {{- include "pocketbase.labels" $ | nindent 4 }}
spec:
  replicas: {{ .replicaCount | default 1 }}
  selector:
    matchLabels:
      app: pocketbase
      instance: {{ .id }}
  template:
    metadata:
      labels:
        app: pocketbase
        instance: {{ .id }}
        {{- include "pocketbase.labels" $ | nindent 8 }}
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }}
    spec:
      {{- $instanceId := .id }}
      {{- with $.Values.serviceAccount }}
      {{- $serviceAccountName := $.Values.serviceAccount.name }}
      {{- if not $serviceAccountName }}
      {{- $serviceAccountName = printf "pocketbase-%s" $instanceId }}
      {{- end }}
      serviceAccountName: {{ $serviceAccountName }}
      {{- end }}
      {{- with $global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        {{- toYaml $podSecurityContext | nindent 8 }}
      containers:
        - name: pocketbase
          image: {{ $image.repository }}:{{ $image.tag }}
          imagePullPolicy: {{ $image.pullPolicy }}
          command:
            - /pocketbase
            - serve
            - --http=0.0.0.0:8090
          ports:
            - name: http
              containerPort: 8090
              protocol: TCP
          env:
            # Admin email (optional - set via admin creation API)
            - name: PB_ADMIN_EMAIL
              value: "admin@{{ .domain }}"
            - name: PB_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: pocketbase-{{ .id }}-secrets
                  key: admin-password
          {{- if $persistence.enabled }}
          volumeMounts:
            - name: data
              mountPath: /pb/pb_data
            - name: static
              mountPath: /pb/static
          {{- end }}
          livenessProbe:
            httpGet:
              path: /api/health
              port: http
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /api/health
              port: http
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3
          {{- if .resources }}
          resources:
            {{- toYaml .resources | nindent 12 }}
          {{- else }}
          resources:
            {{- toYaml $resources | nindent 12 }}
          {{- end }}
          securityContext:
            {{- toYaml $securityContext | nindent 12 }}
      {{- if $persistence.enabled }}
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: pocketbase-{{ .id }}-pvc
        - name: static
          persistentVolumeClaim:
            claimName: pocketbase-{{ .id }}-static-pvc
      {{- end }}
      {{- with $.Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $.Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $.Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $.Values.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- toYaml . | nindent 8 }}
      {{- end }}
---
{{- /*
  Create Secret for each instance
*/ -}}
apiVersion: v1
kind: Secret
metadata:
  name: pocketbase-{{ .id }}-secrets
  labels:
    app: pocketbase
    instance: {{ .id }}
    {{- include "pocketbase.labels" $ | nindent 4 }}
type: Opaque
stringData:
  admin-password: {{ randAlphaNum 16 | quote }}
---
{{- /*
  Create PVC for each instance
*/ -}}
{{- if $persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pocketbase-{{ .id }}-pvc
  labels:
    app: pocketbase
    instance: {{ .id }}
    type: data
    {{- include "pocketbase.labels" $ | nindent 4 }}
spec:
  accessModes:
    - {{ $persistence.accessMode | default "ReadWriteOnce" }}
  resources:
    requests:
      storage: {{ $persistence.size | default "1Gi" }}
  {{- if $persistence.storageClass }}
  storageClassName: {{ $persistence.storageClass }}
  {{- end }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pocketbase-{{ .id }}-static-pvc
  labels:
    app: pocketbase
    instance: {{ .id }}
    type: static
    {{- include "pocketbase.labels" $ | nindent 4 }}
spec:
  accessModes:
    - {{ $persistence.accessMode | default "ReadWriteOnce" }}
  resources:
    requests:
      storage: 100Mi
  {{- if $persistence.storageClass }}
  storageClassName: {{ $persistence.storageClass }}
  {{- end }}
{{- end }}
{{- end }}