alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity
Files
7bc1d4c409abefb60741433dd4fec1c74258da1d
infrastructure/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml

134 lines
4.7 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: kyoo-auth
namespace: kyoo
labels:
helm.sh/chart: kyoo-5.0.0
app.kubernetes.io/name: kyoo-auth
app.kubernetes.io/instance: kyoo
app.kubernetes.io/component: auth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: kyoo
app.kubernetes.io/version: "5.0.0"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kyoo-auth
app.kubernetes.io/instance: kyoo
template:
metadata:
labels:
helm.sh/chart: kyoo-5.0.0
app.kubernetes.io/name: kyoo-auth
app.kubernetes.io/instance: kyoo
app.kubernetes.io/component: auth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: kyoo
app.kubernetes.io/version: "5.0.0"
spec:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
serviceAccountName: kyoo-auth
containers:
- name: main
image: ghcr.io/zoriya/kyoo_auth:5.0.0
imagePullPolicy: IfNotPresent
args:
env:
- name: EXTRA_CLAIMS
value: "{\"permissions\": [\"core.read\", \"core.play\"], \"verified\": false}"
- name: FIRST_USER_CLAIMS
value: "{\"permissions\": [\"users.read\", \"users.write\", \"apikeys.read\", \"apikeys.write\", \"users.delete\", \"core.read\", \"core.write\", \"core.play\", \"scanner.trigger\", \"scanner.guess\", \"scanner.search\", \"scanner.add\"], \"verified\": true}"
- name: GUEST_CLAIMS
value: "{\"permissions\": [\"core.read\"], \"verified\": true}"
- name: PROTECTED_CLAIMS
value: "permissions,verified"
- name: PUBLIC_URL
value: "https://kyoo.alexlebens.net"
- name: KEIBI_APIKEY_SCANNER
valueFrom:
secretKeyRef:
key: scanner-apikey
name: kyoo-key-secret
- name: KEIBI_APIKEY_SCANNER_CLAIMS
value: "{\"permissions\": [\"core.read\", \"core.write\"]}"
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: kyoo-postgresql-18-cluster-app
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: kyoo-postgresql-18-cluster-app
- name: PGDATABASE
value: "kyoo_auth"
- name: PGHOST
value: "kyoo-postgresql-18-cluster-rw"
- name: PGPORT
value: "5432"
- name: PGSSLMODE
value: "disable"
- name: RSA_PRIVATE_KEY_PATH
value: /mnt/private_key/private_key.pem
- name: OIDC_AUTHENTIK_NAME
value: "Authentik"
- name: OIDC_AUTHENTIK_LOGO
value: "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp"
- name: OIDC_AUTHENTIK_CLIENTID
valueFrom:
secretKeyRef:
key: client
name: kyoo-oidc-secret
- name: OIDC_AUTHENTIK_SECRET
valueFrom:
secretKeyRef:
key: secret
name: kyoo-oidc-secret
- name: OIDC_AUTHENTIK_AUTHORIZATION
value: "https://authentik.alexlebens.net/application/o/authorize/"
- name: OIDC_AUTHENTIK_TOKEN
value: "https://authentik.alexlebens.net/application/o/token/"
- name: OIDC_AUTHENTIK_PROFILE
value: "https://authentik.alexlebens.net/application/o/userinfo/"
- name: OIDC_AUTHENTIK_SCOPE
value: "email openid profile"
- name: OIDC_AUTHENTIK_AUTHMETHOD
value: "ClientSecretBasic"
ports:
- name: main
containerPort: 4568
protocol: TCP
livenessProbe:
httpGet:
path: /auth/health
port: main
readinessProbe:
httpGet:
path: /auth/ready
port: main
resources:
requests:
cpu: 10m
memory: 100Mi
volumeMounts:
- name: profilepictures
mountPath: /profile_pictures
- name: private-key
mountPath: /mnt/private_key
readOnly: true
volumes:
- name: profilepictures
persistentVolumeClaim:
claimName: kyoo-authprofile-pictures
- name: private-key
secret:
secretName: kyoo-key-secret
items:
- key: rsa-private
path: private_key.pem
Reference in New Issue View Git Blame Copy Permalink