mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-12-26 23:00:26 -05:00
184 lines
8.3 KiB
YAML
184 lines
8.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.auth.deploymentAnnotations) }}
|
|
annotations:
|
|
{{- range $key, $value := . }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
name: {{ include "kyoo.auth.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "kyoo.labels" (dict "context" . "component" .Values.auth.name "name" .Values.auth.name) | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.auth.replicaCount }}
|
|
{{- with .Values.auth.updateStrategy }}
|
|
strategy:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.auth.name) | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.auth.podAnnotations) }}
|
|
annotations:
|
|
{{- range $key, $value := . }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "kyoo.labels" (dict "context" . "component" .Values.auth.name "name" .Values.auth.name) | nindent 8 }}
|
|
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.auth.podLabels) }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.auth.imagePullSecrets | default .Values.global.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.global.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "kyoo.auth.serviceAccountName" . }}
|
|
containers:
|
|
- name: main
|
|
image: {{ .Values.auth.kyoo_auth.image.repository | default (printf "%s/kyoo_auth" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.auth.kyoo_auth.image.tag }}
|
|
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }}
|
|
args:
|
|
{{- with .Values.auth.kyoo_auth.extraArgs }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
env:
|
|
- name: EXTRA_CLAIMS
|
|
value: {{ .Values.kyoo.auth.extraClaims | quote }}
|
|
- name: FIRST_USER_CLAIMS
|
|
value: {{ .Values.kyoo.auth.firstUserClaims | quote }}
|
|
- name: GUEST_CLAIMS
|
|
value: {{ .Values.kyoo.auth.guestClaims | quote }}
|
|
- name: PROTECTED_CLAIMS
|
|
value: {{ .Values.kyoo.auth.protectedClaims | quote }}
|
|
- name: PUBLIC_URL
|
|
value: {{ .Values.kyoo.address | quote }}
|
|
- name: KEIBI_APIKEY_SCANNER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ .Values.kyoo.auth.apikeys.scanner.apikeyKey }}
|
|
name: {{ .Values.kyoo.auth.apikeys.scanner.existingSecret }}
|
|
- name: KEIBI_APIKEY_SCANNER_CLAIMS
|
|
value: {{ .Values.kyoo.auth.apikeys.scanner.claims | quote}}
|
|
{{- range $index, $entry := .Values.kyoo.auth.apikeys.extra }}
|
|
- name: KEIBI_APIKEY_{{ $entry.name | upper }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ $entry.apikeyKey }}
|
|
name: {{ $entry.existingSecret }}
|
|
- name: KEIBI_APIKEY_{{ $entry.name | upper }}_CLAIMS
|
|
value: {{ $entry.claims | quote }}
|
|
{{- end }}
|
|
- name: PGUSER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_auth.kyoo_auth.userKey }}
|
|
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }}
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_auth.kyoo_auth.passwordKey }}
|
|
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }}
|
|
- name: PGDATABASE
|
|
value: {{ default .Values.global.postgres.kyoo_auth.database .Values.global.postgres.shared.databaseOverride | quote }}
|
|
- name: PGHOST
|
|
value: {{ default (include "kyoo.postgres.shared.host" .) .Values.global.postgres.kyoo_auth.host | quote}}
|
|
- name: PGPORT
|
|
value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_auth.port | quote }}
|
|
- name: PGSSLMODE
|
|
value: {{ .Values.global.postgres.kyoo_auth.sslmode | quote }}
|
|
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
|
- name: RSA_PRIVATE_KEY_PATH
|
|
value: /mnt/private_key/private_key.pem
|
|
{{- end }}
|
|
{{- range $index, $provider := .Values.kyoo.oidc_providers }}
|
|
- name: OIDC_{{ $provider.name | upper }}_NAME
|
|
value: {{ $provider.name | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_LOGO
|
|
value: {{ $provider.logo | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_CLIENTID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ $provider.clientIdKey }}
|
|
name: {{ $provider.existingSecret }}
|
|
- name: OIDC_{{ $provider.name | upper }}_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: {{ $provider.clientSecretKey }}
|
|
name: {{ $provider.existingSecret }}
|
|
- name: OIDC_{{ $provider.name | upper }}_AUTHORIZATION
|
|
value: {{ $provider.authorizationAddress | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_TOKEN
|
|
value: {{ $provider.tokenAddress | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_PROFILE
|
|
value: {{ $provider.profileAddress | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_SCOPE
|
|
value: {{ $provider.scope | quote }}
|
|
- name: OIDC_{{ $provider.name | upper }}_AUTHMETHOD
|
|
value: {{ $provider.authMethod | default "ClientSecretBasic" | quote }}
|
|
{{- end }}
|
|
{{- with (concat .Values.global.extraEnv .Values.auth.kyoo_auth.extraEnv) }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
ports:
|
|
- name: main
|
|
containerPort: 4568
|
|
protocol: TCP
|
|
{{- with .Values.auth.kyoo_auth.livenessProbe }}
|
|
livenessProbe:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.auth.kyoo_auth.readinessProbe }}
|
|
readinessProbe:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.auth.kyoo_auth.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.auth.kyoo_auth.containerSecurityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if or .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }}
|
|
volumeMounts:
|
|
{{- with .Values.auth.kyoo_auth.extraVolumeMounts }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
|
- name: private-key
|
|
mountPath: /mnt/private_key
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.auth.extraContainers }}
|
|
{{- tpl (toYaml .) $ | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.auth.extraInitContainers }}
|
|
initContainers:
|
|
{{- tpl (toYaml .) $ | nindent 6 }}
|
|
{{- end }}
|
|
{{- if or .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }}
|
|
volumes:
|
|
{{- with .Values.auth.extraVolumes }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
|
- name: private-key
|
|
secret:
|
|
secretName: {{ .Values.kyoo.auth.privatekey.existingSecret }}
|
|
items:
|
|
- key: {{ .Values.kyoo.auth.privatekey.privatekeyKey }}
|
|
path: private_key.pem
|
|
{{- end }}
|
|
{{- end }}
|