apiVersion: apps/v1 kind: Deployment metadata: {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.auth.deploymentAnnotations) }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} name: {{ include "kyoo.auth.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "kyoo.labels" (dict "context" . "component" .Values.auth.name "name" .Values.auth.name) | nindent 4 }} spec: replicas: {{ .Values.auth.replicaCount }} {{- with .Values.auth.updateStrategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.auth.name) | nindent 6 }} template: metadata: {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.auth.podAnnotations) }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} labels: {{- include "kyoo.labels" (dict "context" . "component" .Values.auth.name "name" .Values.auth.name) | nindent 8 }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.auth.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.auth.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "kyoo.auth.serviceAccountName" . }} containers: - name: main image: {{ .Values.auth.kyoo_auth.image.repository | default (printf "%s/kyoo_auth" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.auth.kyoo_auth.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} args: {{- with .Values.auth.kyoo_auth.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} env: - name: EXTRA_CLAIMS value: {{ .Values.kyoo.auth.extraClaims | quote }} - name: FIRST_USER_CLAIMS value: {{ .Values.kyoo.auth.firstUserClaims | quote }} - name: GUEST_CLAIMS value: {{ .Values.kyoo.auth.guestClaims | quote }} - name: PROTECTED_CLAIMS value: {{ .Values.kyoo.auth.protectedClaims | quote }} - name: PUBLIC_URL value: {{ .Values.kyoo.address | quote }} - name: KEIBI_APIKEY_SCANNER valueFrom: secretKeyRef: key: {{ .Values.kyoo.auth.apikeys.scanner.apikeyKey }} name: {{ .Values.kyoo.auth.apikeys.scanner.existingSecret }} - name: KEIBI_APIKEY_SCANNER_CLAIMS value: {{ .Values.kyoo.auth.apikeys.scanner.claims | quote}} {{- range $index, $entry := .Values.kyoo.auth.apikeys.extra }} - name: KEIBI_APIKEY_{{ $entry.name | upper }} valueFrom: secretKeyRef: key: {{ $entry.apikeyKey }} name: {{ $entry.existingSecret }} - name: KEIBI_APIKEY_{{ $entry.name | upper }}_CLAIMS value: {{ $entry.claims | quote }} {{- end }} - name: PGUSER valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_auth.kyoo_auth.userKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }} - name: PGPASSWORD valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_auth.kyoo_auth.passwordKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }} - name: PGDATABASE value: {{ default .Values.global.postgres.kyoo_auth.database .Values.global.postgres.shared.databaseOverride | quote }} - name: PGHOST value: {{ default (include "kyoo.postgres.shared.host" .) .Values.global.postgres.kyoo_auth.host | quote}} - name: PGPORT value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_auth.port | quote }} - name: PGSSLMODE value: {{ .Values.global.postgres.kyoo_auth.sslmode | quote }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: RSA_PRIVATE_KEY_PATH value: /mnt/private_key/private_key.pem {{- end }} {{- range $index, $provider := .Values.kyoo.oidc_providers }} - name: OIDC_{{ $provider.name | upper }}_NAME value: {{ $provider.name | quote }} - name: OIDC_{{ $provider.name | upper }}_LOGO value: {{ $provider.logo | quote }} - name: OIDC_{{ $provider.name | upper }}_CLIENTID valueFrom: secretKeyRef: key: {{ $provider.clientIdKey }} name: {{ $provider.existingSecret }} - name: OIDC_{{ $provider.name | upper }}_SECRET valueFrom: secretKeyRef: key: {{ $provider.clientSecretKey }} name: {{ $provider.existingSecret }} - name: OIDC_{{ $provider.name | upper }}_AUTHORIZATION value: {{ $provider.authorizationAddress | quote }} - name: OIDC_{{ $provider.name | upper }}_TOKEN value: {{ $provider.tokenAddress | quote }} - name: OIDC_{{ $provider.name | upper }}_PROFILE value: {{ $provider.profileAddress | quote }} - name: OIDC_{{ $provider.name | upper }}_SCOPE value: {{ $provider.scope | quote }} - name: OIDC_{{ $provider.name | upper }}_AUTHMETHOD value: {{ $provider.authMethod | default "ClientSecretBasic" | quote }} {{- end }} {{- with (concat .Values.global.extraEnv .Values.auth.kyoo_auth.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} ports: - name: main containerPort: 4568 protocol: TCP {{- with .Values.auth.kyoo_auth.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.auth.kyoo_auth.readinessProbe }} readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.auth.kyoo_auth.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.auth.kyoo_auth.containerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- if or .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }} volumeMounts: {{- with .Values.auth.kyoo_auth.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: private-key mountPath: /mnt/private_key readOnly: true {{- end }} {{- end }} {{- with .Values.auth.extraContainers }} {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.auth.extraInitContainers }} initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- if or .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }} volumes: {{- with .Values.auth.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: private-key secret: secretName: {{ .Values.kyoo.auth.privatekey.existingSecret }} items: - key: {{ .Values.kyoo.auth.privatekey.privatekeyKey }} path: private_key.pem {{- end }} {{- end }}