# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

{{- if .Values.manifests_enabled.storage_secrets }}
{{- $envAll := . }}
{{- range $key1, $cephBootstrapKey := tuple "mds" "osd" "rgw" "mon" }}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: ceph-{{ $cephBootstrapKey }}-keyring-generator
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name:  ceph-secret-generator
          image: {{ $envAll.Values.images.ceph_config_helper }}
          imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
          {{- if $envAll.Values.resources.enabled }}
          resources:
            requests:
              memory: {{ .Values.resources.jobs.secret_provisioning.requests.memory | quote }}
              cpu: {{ .Values.resources.jobs.secret_provisioning.requests.cpu | quote }}
            limits:
              memory: {{ .Values.resources.jobs.secret_provisioning.limits.memory | quote }}
              cpu: {{ .Values.resources.jobs.secret_provisioning.limits.cpu | quote }}
          {{- end }}
          env:
            - name: DEPLOYMENT_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CEPH_GEN_DIR
              value: /opt/ceph
            - name: CEPH_TEMPLATES_DIR
              value: /opt/ceph/templates
            {{- if eq $cephBootstrapKey "mon"}}
            - name: CEPH_KEYRING_NAME
              value: ceph.mon.keyring
            - name: CEPH_KEYRING_TEMPLATE
              value: mon.keyring
            {{- else }}
            - name: CEPH_KEYRING_NAME
              value: ceph.keyring
            - name: CEPH_KEYRING_TEMPLATE
              value: bootstrap.keyring.{{ $cephBootstrapKey }}
            {{- end }}
            - name: KUBE_SECRET_NAME
              value: {{  index $envAll.Values.secrets.keyrings $cephBootstrapKey }}
          command:
            - /opt/ceph/ceph-key.sh
          volumeMounts:
            - name: ceph-bin
              mountPath: /opt/ceph/ceph-key.sh
              subPath: ceph-key.sh
              readOnly: true
            - name: ceph-bin
              mountPath: /opt/ceph/ceph-key.py
              subPath: ceph-key.py
              readOnly: true
            - name: ceph-templates
              mountPath: /opt/ceph/templates
              readOnly: true
      volumes:
        - name: ceph-bin
          configMap:
            name: ceph-bin
            defaultMode: 0555
        - name: ceph-templates
          configMap:
            name: ceph-templates
            defaultMode: 0444
{{ end }}
{{ end }}