variable "project" {
  type = string
}

variable "region" {
  type = string
}

variable "cluster" {
}

variable "node_pool" {
}

variable "dns_managed_zone" {
}

variable "public_ingress" {
  description = "Set to true to make the kubernetes ingresses exposed to the public internet."
  type        = bool
}

variable "ingress_type" {
  description = "What controller should we use to handle incoming http(s) connections."
  type        = string
}

variable "main_k8s_namespace" {
  type = string
}

variable "enable_snat" {
  description = "Whether we should enable source network address translation to the node IP address."
  type        = bool
}

# Provide time for Service cleanup
resource "time_sleep" "wait_service_cleanup" {
  depends_on = [var.cluster]

  destroy_duration = "180s"
}


resource "kubernetes_deployment_v1" "default" {
  count = 12
  metadata {
    name = "deployment${count.index + 1}"
  }

  spec {
    replicas = 2

    selector {
      match_labels = {
        app = "hello-app-${count.index + 1}"
      }
    }

    template {
      metadata {
        labels = {
          app = "hello-app-${count.index + 1}"
        }
      }

      spec {
        container {
          image = "us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0"
          name  = "hello-app-container"

          port {
            container_port = 8080
            name           = "hello-app-svc"
          }

          security_context {
            allow_privilege_escalation = false
            privileged                 = false
            read_only_root_filesystem  = false

            capabilities {
              add  = []
              drop = ["NET_RAW"]
            }
          }

          liveness_probe {
            http_get {
              path = "/"
              port = "hello-app-svc"
            }

            initial_delay_seconds = 3
            period_seconds        = 3
          }
        }

        security_context {
          run_as_non_root = true

          seccomp_profile {
            type = "RuntimeDefault"
          }
        }

        # Toleration is currently required to prevent perpetual diff:
        # https://github.com/hashicorp/terraform-provider-kubernetes/pull/2380
        toleration {
          effect   = "NoSchedule"
          key      = "kubernetes.io/arch"
          operator = "Equal"
          value    = "amd64"
        }
      }
    }
  }

  depends_on = [var.node_pool]
}

resource "kubernetes_service_v1" "default" {
  count = 12
  metadata {
    name = "service${count.index + 1}"
    annotations = {
      # TODO: Revisit this, is this needed with the gateway API?
      "networking.gke.io/load-balancer-type" = "Internal" # Remove to create an external loadbalancer
    }
  }

  spec {
    selector = {
      app = kubernetes_deployment_v1.default[count.index].spec[0].selector[0].match_labels.app
    }

    ip_family_policy = "SingleStack"

    port {
      port        = 80
      target_port = kubernetes_deployment_v1.default[count.index].spec[0].template[0].spec[0].container[0].port[0].name
    }

    type = "ClusterIP"
  }

  depends_on = [var.node_pool, time_sleep.wait_service_cleanup]
}