{{- if .Values.keystone.enabled -}}
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keystone
  labels:
    {{- include "osm.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.keystone.replicaCount | default .Values.global.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/component: keystone
      {{- include "osm.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.global.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        app.kubernetes.io/component: keystone
        {{- include "osm.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "osm.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
      containers:
        - name: keystone
          securityContext:
            # readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            {{- toYaml .Values.global.securityContext | nindent 12 }}
          image: {{ include "osm.keystone.image" . }}
          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
          ports:
            - containerPort: 5000
              protocol: TCP
          resources:
            limits:
              memory: 1024Mi
            requests:
              memory: 128Mi
          envFrom:
            - configMapRef:
                name: {{ include "osm.fullname" . }}-keystone-configmap
          {{- if not .Values.keystone.useOsmSecret }}
            - secretRef:
                name: {{ .Values.keystone.secretName | default "keystone-secret" }}
          {{- else }}
          env:
            - name: ROOT_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql
                  key: mysql-root-password
            - name: KEYSTONE_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "osm.fullname" . }}-secret
                  key: OSM_KEYSTONE_DB_PASSWORD
            - name: SERVICE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "osm.fullname" . }}-secret
                  key: OSM_SERVICE_PASSWORD
          {{- end }}
      {{- with .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
{{- end }}