package io.ap4k.istio.handler;

import io.ap4k.Handler;
import io.ap4k.Resources;
import io.ap4k.deps.kubernetes.api.model.ContainerFluent;
import io.ap4k.deps.kubernetes.api.model.Doneable;
import io.ap4k.deps.kubernetes.api.model.PodSpecBuilder;
import io.ap4k.istio.config.EditableIstioConfig;
import io.ap4k.istio.config.IstioConfig;
import io.ap4k.istio.util.IstioProxy;
import io.ap4k.kubernetes.annotation.ImagePullPolicy;
import io.ap4k.kubernetes.config.Configuration;
import io.ap4k.kubernetes.decorator.ContainerDecorator;
import io.ap4k.kubernetes.decorator.ContainerFluentVisitor;
import io.ap4k.kubernetes.decorator.Decorator;
import io.ap4k.kubernetes.decorator.VolumeDecorator;
import io.ap4k.kubernetes.decorator.VolumeMountDecorator;

/* loaded from: input_file:io/ap4k/istio/handler/IstioHandler.class */
public class IstioHandler implements Handler<IstioConfig> {
    private static final String DEV_TERMINATION_LOG = "/dev/termination-log";
    private static final String FILE = "File";
    private static final String ISTIO_PROXY = "istio-proxy";
    private static final String ISTIO_SYSTEM = "istio-system";
    private static final String ISTIO_INIT = "istio-init";
    private static final String ENABLE_CORE_DUMP = "enable-core-dump";
    private static final String POD_NAME = "POD_NAME";
    private static final String POD_NAMESPACE = "POD_NAMESPACE";
    private static final String INSTANCE_IP = "INSTANCE_IP";
    private static final String METADATA_NAME = "metadata.name";
    private static final String METADATA_NAMESPACE = "metadata.namespace";
    private static final String STATUS_PODIP = "status.podIp";
    private final Resources resources;
    private static final Long ISTIO_PROXY_USER = 1337L;
    private static final String[] ISTIO_INIT_ARGS = {"-p", "15001", "-u", "1337"};
    private static final String[] CORE_DUMP_ARGS = {"-c", "sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c unlimited"};

    IstioHandler() {
        this(new Resources());
    }

    public IstioHandler(Resources resources) {
        this.resources = resources;
    }

    public int order() {
        return 500;
    }

    public void handle(IstioConfig istioConfig) {
        this.resources.decorate(createIstioInit(istioConfig));
        this.resources.decorate(createIstioProxy(istioConfig));
        this.resources.decorate((Doneable) VolumeDecorator.createNew().withName("istio-envoy").withNewEmptyDir().withMedium("Memory").endEmptyDir());
        this.resources.decorate((Doneable) VolumeDecorator.createNew().withName("istio-certs").withNewSecret().withSecretName("istio.default").withDefaultMode(420).endSecret());
        this.resources.decorate(VolumeMountDecorator.createNew().withName("istio-envoy").withMountPath("/etc/istio/proxy"));
        this.resources.decorate(VolumeMountDecorator.createNew().withName("istio-certs").withMountPath("/etc/certs"));
    }

    public boolean canHandle(Class<? extends Configuration> cls) {
        return cls.equals(IstioConfig.class) || cls.equals(EditableIstioConfig.class);
    }

    private Decorator<PodSpecBuilder> createIstioProxy(IstioConfig istioConfig) {
        return ((ContainerFluentVisitor) ((ContainerFluentVisitor) ((ContainerFluent.EnvNested) ((ContainerFluentVisitor) ((ContainerFluent.EnvNested) ((ContainerFluentVisitor) ((ContainerFluent.EnvNested) ContainerDecorator.createNew().withName(ISTIO_PROXY).withImage(istioConfig.getProxyConfig().getProxyImage()).withArgs(IstioProxy.getArguments(istioConfig)).withTerminationMessagePath(DEV_TERMINATION_LOG).addNewEnv().withName(POD_NAME).withNewValueFrom().withNewFieldRef((String) null, METADATA_NAME).endValueFrom()).endEnv()).addNewEnv().withName(POD_NAMESPACE).withNewValueFrom().withNewFieldRef((String) null, METADATA_NAMESPACE).endValueFrom()).endEnv()).addNewEnv().withName(INSTANCE_IP).withNewValueFrom().withNewFieldRef((String) null, STATUS_PODIP).endValueFrom()).endEnv()).withNewSecurityContext().withPrivileged(true).withRunAsUser(ISTIO_PROXY_USER).withReadOnlyRootFilesystem(false).endSecurityContext()).done();
    }

    private Decorator<PodSpecBuilder> createIstioInit(IstioConfig istioConfig) {
        return ContainerDecorator.createNewInit().withName(ISTIO_INIT).withImage(istioConfig.getProxyConfig().getInitImage()).withImagePullPolicy(ImagePullPolicy.IfNotPresent.name()).withTerminationMessagePath(DEV_TERMINATION_LOG).withTerminationMessagePolicy(FILE).withArgs(new String[]{"-p", "15001", "-u", "1337"}).done();
    }
}
