{{- if .Values.nginx.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: ingress-nginx
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
  destination:
    namespace: ingress-nginx
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.cluster_config.manifests }}
    path: {{ .Values.cluster_config.policies }}/ingress-nginx
    targetRevision: HEAD
  - repoURL: 'https://kubernetes.github.io/ingress-nginx'
    targetRevision: {{ .Values.nginx.version }}
    chart: ingress-nginx
    helm:
      values: |
        ## nginx configuration
        ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
        ##
        ## Overrides for generated resource names
        # See templates/_helpers.tpl
        # nameOverride:
        fullnameOverride: main-ingress-nginx
        controller:
          resources:
            limits:
              memory: {{ .Values.nginx.resources.controller.memory }}
            requests:
              cpu: {{ .Values.nginx.resources.controller.cpu }}
              memory: {{ .Values.nginx.resources.controller.memory }}

          ingressClassResource:
            default: true

          tolerations:
           - key: unschedulable
             operator: Exists
             effect: NoSchedule
           - key: node-role.kubernetes.io/control-plane
             operator: Exists
             effect: NoSchedule

          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                - matchExpressions:
                  - key: kubernetes.io/hostname
                    operator: In
                    values: {{ .Values.cluster_config.ingress_nodes }}

            podAntiAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
              - labelSelector:
                  matchExpressions:
                  - key: app.kubernetes.io/instance
                    operator: In
                    values:
                    - ingress-nginx
                  - key: app.kubernetes.io/component
                    operator: In
                    values:
                    - controller
                topologyKey: "kubernetes.io/hostname"

          podAnnotations:
            config.linkerd.io/skip-inbound-ports: 80,443

          replicaCount: {{ .Values.cluster_config.ingress_replica_count }}

          minAvailable: {{ .Values.nginx.pdb.minAvailable }}

          service:
            externalTrafficPolicy: Local
            # type: ClusterIP
            type: NodePort
            # nodePorts:
            #   http: 32080
            #   https: 32443
            #   tcp:
            #     8080: 32808
            nodePorts:
              http: 30080
              https: 30443
              tcp: {}
              udp: {}

          metrics:
            enabled: true

            service:
              annotations:
                prometheus.io/scrape: "true"
                prometheus.io/port: "10254"

              servicePort: 9913
              type: ClusterIP

            serviceMonitor:
              enabled: true

          admissionWebhooks:
            enabled: false

        ## Default 404 backend
        ##
        defaultBackend:
          enabled: true

          tolerations:
           - key: unschedulable
             operator: Exists
             effect: NoSchedule
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
    {{- if .Values.nginx.autosync}}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
{{- end }}