{{- if index .Values.ocAuth.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: oc-auth
  name: {{ .Release.Name }}-oc-auth
spec:
  replicas: 1
  selector:
    matchLabels:
      app: oc-auth
  template:
    metadata:
      labels:
        app: oc-auth
    spec:
      volumes:
        - name: public-key-volume
          secret:
            secretName: public-key-secret
        - name: private-key-volume
          secret:
            secretName: private-key-secret  
      {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
      imagePullSecrets:
        - name: regcred
      {{- end }}
      containers:
      - image: "{{ .Values.ocAuth.image }}"
        name: oc-auth
        #command: ["tail", "-f", "/dev/null"]
        volumeMounts:
          - name: public-key-volume
            mountPath: /keys/public/public.pem
            subPath: public.pem
          - name: private-key-volume
            mountPath: /keys/private/private.pem
            subPath: private.pem
        envFrom:
        - configMapRef:
            name: opencloud-config
        ports:
          - name: http
            containerPort: 8080
            protocol: TCP
        resources:
          limits:
            cpu: "{{ .Values.ocAuth.resources.limits.cpu }}"
            memory: "{{ .Values.ocAuth.resources.limits.memory }}"
          requests:
            cpu: "{{ .Values.ocAuth.resources.requests.cpu }}"
            memory: "{{ .Values.ocAuth.resources.requests.memory }}"        
{{- end }}