{{- if .Values.filer.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: {{ template "seaweedfs.name" . }}-filer
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "seaweedfs.name" . }}
    chart: {{ template "seaweedfs.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
spec:
  serviceName: {{ template "seaweedfs.name" . }}-filer
  podManagementPolicy: Parallel
  replicas: {{ .Values.filer.replicas }}
  {{- if (gt (int .Values.filer.updatePartition) 0) }}
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      partition: {{ .Values.filer.updatePartition }}
  {{- end }}
  selector:
    matchLabels:
      app: {{ template "seaweedfs.name" . }}
      chart: {{ template "seaweedfs.chart" . }}
      release: {{ .Release.Name }}
      component: filer
  template:
    metadata:
      labels:
        app: {{ template "seaweedfs.name" . }}
        chart: {{ template "seaweedfs.chart" . }}
        release: {{ .Release.Name }}
        component: filer
    spec:
      restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }}
      {{- if .Values.filer.affinity }}
      affinity:
        {{ tpl .Values.filer.affinity . | nindent 8 | trim }}
      {{- end }}
      {{- if .Values.filer.tolerations }}
      tolerations:
        {{ tpl .Values.filer.tolerations . | nindent 8 | trim }}
      {{- end }}
      {{- if .Values.global.imagePullSecrets }}
      imagePullSecrets:
        - name: {{ .Values.global.imagePullSecrets }}
      {{- end }}
      serviceAccountName: seaweedfs-rw-sa #hack for delete pod master after migration
      terminationGracePeriodSeconds: 60
      {{- if .Values.filer.priorityClassName }}
      priorityClassName: {{ .Values.filer.priorityClassName | quote }}
      {{- end }}
      enableServiceLinks: false
      {{- if .Values.filer.initContainers }}
      initContainers:
        {{ tpl .Values.filer.initContainers . | nindent 8 | trim }}
      {{- end }}
      containers:
        - name: seaweedfs
          image: {{ template "filer.image" . }}
          imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }}
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: WEED_MYSQL_USERNAME
              valueFrom:
                secretKeyRef:
                  name: secret-seaweedfs-db
                  key: user
            - name: WEED_MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secret-seaweedfs-db
                  key: password
            - name: SEAWEEDFS_FULLNAME
              value: "{{ template "seaweedfs.name" . }}"
            {{- if .Values.filer.extraEnvironmentVars }}
            {{- range $key, $value := .Values.filer.extraEnvironmentVars }}
            - name: {{ $key }}
              value: {{ $value | quote }}
            {{- end }}
            {{- end }}
            {{- if .Values.global.extraEnvironmentVars }}
            {{- range $key, $value := .Values.global.extraEnvironmentVars }}
            - name: {{ $key }}
              value: {{ $value | quote }}
            {{- end }}
            {{- end }}
          command:
            - "/bin/sh"
            - "-ec"
            - | 
              exec /usr/bin/weed -logdir=/logs \
              {{- if .Values.filer.loggingOverrideLevel }}
              -v={{ .Values.filer.loggingOverrideLevel }} \
              {{- else }}
              -v={{ .Values.global.loggingLevel }} \
              {{- end }}
              filer \
              -port={{ .Values.filer.port }} \
              {{- if .Values.filer.metricsPort }}
              -metricsPort={{ .Values.filer.metricsPort }} \
              {{- end }}
              {{- if .Values.filer.redirectOnRead }}
              -redirectOnRead \
              {{- end }}
              {{- if .Values.filer.disableHttp }}
              -disableHttp \
              {{- end }}
              {{- if .Values.filer.disableDirListing }}
              -disableDirListing \
              {{- end }}
              -dirListLimit={{ .Values.filer.dirListLimit }} \
              {{- if .Values.global.enableReplication }}
              -defaultReplicaPlacement={{ .Values.global.replicationPlacment }} \
              {{- else }}
              -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \
              {{- end }}
              {{- if .Values.filer.disableDirListing }}
              -disableDirListing \
              {{- end }}
              {{- if .Values.filer.maxMB }}
              -maxMB={{ .Values.filer.maxMB }} \
              {{- end }}
              {{- if .Values.filer.encryptVolumeData }}
              -encryptVolumeData \
              {{- end }}
              -ip=${POD_IP} \
              {{- if .Values.filer.s3.enabled }}
              -s3 \
              -s3.port={{ .Values.filer.s3.port }} \
              {{- if .Values.filer.s3.domainName }}
              -s3.domainName={{ .Values.filer.s3.domainName }} \
              {{- end }}
              {{- if .Values.global.enableSecurity }}
              -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \
              -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \
              {{- end }}
              {{- if .Values.filer.s3.allowEmptyFolder }}
              -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \
              {{- end }}
              {{- if .Values.filer.s3.enableAuth }}
              -s3.config=/etc/sw/seaweedfs_s3_config \
              {{- end }}
              {{- if .Values.filer.s3.auditLogConfig }}
              -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \
              {{- end }}
              {{- end }}
              -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}
          volumeMounts:
            - name: seaweedfs-filer-log-volume
              mountPath: "/logs/"
            - mountPath: /etc/sw
              name: config-users
              readOnly: true
            {{- if .Values.filer.enablePVC }}
            - name: data-filer
              mountPath: /data
            {{- end }}
            {{- if .Values.global.enableSecurity }}
            - name: security-config
              readOnly: true
              mountPath: /etc/seaweedfs/security.toml
              subPath: security.toml
            - name: ca-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/ca/
            - name: master-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/master/
            - name: volume-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/volume/
            - name: filer-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/filer/
            - name: client-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/client/
            {{- end }}
            {{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }}
          ports:
            - containerPort: {{ .Values.filer.port }}
              name: swfs-filer
            - containerPort: {{ .Values.filer.metricsPort }}
              name: metrics
            - containerPort: {{ .Values.filer.grpcPort }}
              #name: swfs-filer-grpc
          readinessProbe:
            httpGet:
              path: /
              port: {{ .Values.filer.port }}
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 15
            successThreshold: 1
            failureThreshold: 100
            timeoutSeconds: 10
          livenessProbe:
            httpGet:
              path: /
              port: {{ .Values.filer.port }}
              scheme: HTTP
            initialDelaySeconds: 20
            periodSeconds: 30
            successThreshold: 1
            failureThreshold: 5
            timeoutSeconds: 10
          {{- if .Values.filer.resources }}
          resources:
            {{ tpl .Values.filer.resources . | nindent 12 | trim }}
          {{- end }}
      volumes:
        {{- if eq .Values.filer.logs.type "hostPath" }}
        - name: seaweedfs-filer-log-volume
          hostPath:
            path: /storage/logs/seaweedfs/filer
            type: DirectoryOrCreate
        {{- end }}
        {{- if eq .Values.filer.data.type "hostPath" }}
        - name: data-filer
          hostPath:
            path: /storage/filer_store
            type: DirectoryOrCreate
        {{- end }}
        - name: db-schema-config-volume
          configMap:
            name: seaweedfs-db-init-config
        - name: config-users
          secret:
            defaultMode: 420
            secretName: seaweedfs-s3-secret
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
            name: {{ template "seaweedfs.name" . }}-security-config
        - name: ca-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-ca-cert
        - name: master-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-master-cert
        - name: volume-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-volume-cert
        - name: filer-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-filer-cert
        - name: client-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-client-cert
        {{- end }}
        {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }}
      {{- if .Values.filer.nodeSelector }}
      nodeSelector:
        {{ tpl .Values.filer.nodeSelector . | indent 8 | trim }}
      {{- end }}
  {{- if .Values.filer.enablePVC }}
  # DEPRECATION: Deprecate in favor of filer.data section below
  volumeClaimTemplates:
  - metadata:
      name: data-filer
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: {{ .Values.filer.storage }}
      {{- if .Values.filer.storageClass }}
      storageClassName: {{ .Values.filer.storageClass }}
      {{- end }}
  {{- end }}
  {{- $pvc_exists := include "filer.pvc_exists" . -}}
  {{- if $pvc_exists }}
  volumeClaimTemplates:
    {{- if eq .Values.filer.data.type "persistentVolumeClaim"}}
    - metadata:
        name: data-filer
      spec:
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: {{ .Values.filer.data.storageClass }}
        resources:
          requests:
            storage: {{ .Values.filer.data.size }}
    {{- end }}
    {{- if eq .Values.filer.logs.type "persistentVolumeClaim"}}
    - metadata:
        name: seaweedfs-filer-log-volume
      spec:
        accessModes: [ "ReadWriteOnce" ]
        storageClassName: {{ .Values.filer.logs.storageClass }}
        resources:
          requests:
            storage: {{ .Values.filer.logs.size }}
    {{- end }}
  {{- end }}
{{- end }}