{{- if index .Values.ocAuth.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: oc-auth
  name: {{ .Release.Name }}-oc-auth
spec:
  replicas: 1
  selector:
    matchLabels:
      app: oc-auth
  strategy: {}
  template:
    metadata:
      labels:
        app: oc-auth
    spec:
      volumes:
        - name: public-key-volume
          secret:
            secretName: public-key-secret
        - name: private-key-volume
          secret:
            secretName: private-key-secret    
      containers:
      - image: "{{ .Values.ocAuth.image }}"
        name: oc-auth
        volumeMounts:
          - name: public-key-volume
            mountPath: /keys/public
            subPath: public.pem
          - name: private-key-volume
            mountPath: /keys/private
            subPath: private.pem
        env:
        - name: OCAUTH_ADMIN_ROLE
          value: "{{ .Values.ocAuth.hydra }}"
        - name: OCAUTH_PUBLIC_KEY_PATH
          value: /keys/public/public.pem
        - name: OCAUTH_PRIVATE_KEY_PATH
          value: /keys/private/private.pem
        - name: OCAUTH_CLIENT_SECRET
          value: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
        - name: OCAUTH_AUTH
          value: "{{ .Values.ocAuth.authType }}"
        - name: OCAUTH_AUTH_CONNECTOR_HOST
          value: "{{ .Release.Name }}.hydra-admin.{{ .Release.Namespace }}"
        - name: OCAUTH_AUTH_CONNECTOR_PORT
          value: 4444
        - name: OCAUTH_AUTH_CONNECTOR_ADMIN_PORT
          value: 4445
        - name: OCAUTH_PERMISSION_CONNECTOR_HOST
          value: "{{ .Release.Name }}.keto-write.{{ .Release.Namespace }}"
        - name: OCAUTH_PERMISSION_CONNECTOR_PORT
          value: 80
        - name: OCAUTH_PERMISSION_CONNECTOR_ADMIN_PORT
          value: 80
        - name: OCAUTH_LDAP_ENDPOINTS
          value: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
        - name: OCAUTH_LDAP_BINDDN
          value: "{{ index .Values.ocAuth.ldap.bindDn }}"
        - name: OCAUTH_LDAP_BINDPW
          value: "{{ index .Values.ocAuth.ldap.binPwd }}"
        - name: OCAUTH_LDAP_BASEDN
          value: "{{ index .Values.ocAuth.ldap.baseDn }}"
        - name: OCAUTH_LDAP_ROLE_BASEDN
          value: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
        ports:
          - name: http
            containerPort: 80
            protocol: TCP
        resources:
          limits:
            cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
            memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
          requests:
            cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
            memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"        
{{- end }}