bundle: kubernetes

applications:
  traefik:
    charm: ch:traefik-k8s
    channel: latest/candidate
    base: ubuntu@20.04
    scale: 1
    trust: true
    options:
      kubernetes-service-annotations: metallb.universe.tf/address-pool=public
  mysql:
    charm: ch:mysql-k8s
    channel: 8.0/stable
    base: ubuntu@22.04
    scale: 1
    trust: true
    options:
      profile-limit-memory: 2560
      experimental-max-connections: 150
  tls-operator:
    charm: self-signed-certificates
    channel: latest/beta
    base: ubuntu@22.04
    scale: 1
    options:
      ca-common-name: internal-ca
  keystone:
    {% if keystone_k8s is defined and keystone_k8s is sameas true -%}
    charm: ../../../keystone-k8s.charm
    {% else -%}
    charm: ch:keystone-k8s
    channel: 2025.1/edge
    {% endif -%}
    base: ubuntu@24.04
    scale: 1
    trust: true
    storage:
      fernet-keys: 5M
      credential-keys: 5M
    resources:
      keystone-image: ghcr.io/canonical/keystone:2025.1
  keystone-saml:
    {% if keystone_saml_k8s is defined and keystone_saml_k8s is sameas true -%}
    charm: ../../../keystone-saml-k8s.charm
    {% else -%}
    charm: ch:keystone-saml-k8s
    channel: 2025.1/edge
    {% endif -%}
    base: ubuntu@24.04
    scale: 1
    trust: true
    options:
      name: "test-idp"
      label: "Log in with test IDP"
      # This will fail. We need an actual IDP to test with, but we need to deploy this
      # charm as part of the tests.
      metadata-url: "https://idp.example.com/metadata.xml"
  horizon:
    {% if horizon_k8s is defined and horizon_k8s is sameas true -%}
    charm: ../../../horizon-k8s.charm
    {% else -%}
    charm: ch:horizon-k8s
    channel: 2025.1/edge
    {% endif -%}
    base: ubuntu@24.04
    scale: 1
    trust: true
    resources:
      horizon-image: ghcr.io/canonical/horizon:2025.1

relations:
- - mysql:database
  - keystone:database
- - traefik:ingress
  - keystone:ingress-internal
- - keystone:trusted-dashboard
  - horizon:trusted-dashboard
- - tls-operator
  - keystone
- - tls-operator
  - horizon
- - traefik:certificates
  - tls-operator:certificates

- - mysql:database
  - horizon:database
- - keystone:identity-credentials
  - horizon:identity-credentials
- - traefik:ingress
  - horizon:ingress-internal
- - keystone:send-ca-cert
  - horizon:receive-ca-cert
- - keystone:keystone-saml
  - keystone-saml:keystone-saml