This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/helm/templates/web-deployment.yaml
2021-03-11 17:37:38 +01:00

132 lines
4.5 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "authentik.fullname" . }}-web
labels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.goauthentik.io/component: web
spec:
replicas: {{ .Values.serverReplicas }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.goauthentik.io/component: web
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.goauthentik.io/component: web
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- {{ include "authentik.name" . }}
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
- key: k8s.goauthentik.io/component
operator: In
values:
- web
topologyKey: "kubernetes.io/hostname"
initContainers:
- name: authentik-database-migrations
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
args: [migrate]
envFrom:
- configMapRef:
name: {{ include "authentik.fullname" . }}-config
prefix: AUTHENTIK_
- secretRef:
name: {{ include "authentik.fullname" . }}-secret-key
prefix: AUTHENTIK_
env:
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: redis-password
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"
key: postgresql-password
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
args: [server]
envFrom:
- configMapRef:
name: {{ include "authentik.fullname" . }}-config
prefix: AUTHENTIK_
- secretRef:
name: {{ include "authentik.fullname" . }}-secret-key
prefix: AUTHENTIK_
env:
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: "redis-password"
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"
key: "postgresql-password"
{{ if .Values.geoip.enabled -}}
- name: AUTHENTIK_AUTHENTIK__GEOIP
value: /geoip/GeoLite2-City.mmdb
{{- end }}
volumeMounts:
- name: authentik-uploads
mountPath: /media
{{ if .Values.geoip.enabled -}}
- name: geoip
mountPath: /geoip
{{- end }}
ports:
- name: http
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /-/health/live/
port: http
initialDelaySeconds: 15
readinessProbe:
httpGet:
path: /-/health/ready/
port: http
initialDelaySeconds: 15
resources:
requests:
cpu: 100m
memory: 300M
limits:
cpu: 300m
memory: 600M
volumes:
- name: authentik-uploads
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-uploads
{{ if .Values.geoip.enabled -}}
- name: geoip
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-geoip
{{- end }}