authentik/helm/templates/worker-deployment.yaml

93 lines
3.1 KiB
YAML
Raw Normal View History

apiVersion: apps/v1
2019-02-08 13:57:16 +00:00
kind: Deployment
metadata:
2020-12-05 21:08:42 +00:00
name: {{ include "authentik.fullname" . }}-worker
2019-02-08 13:57:16 +00:00
labels:
2020-12-05 21:08:42 +00:00
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
2019-02-08 13:57:16 +00:00
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
2020-12-05 21:08:42 +00:00
k8s.goauthentik.io/component: worker
2019-02-08 13:57:16 +00:00
spec:
replicas: {{ .Values.workerReplicas }}
2019-02-08 13:57:16 +00:00
selector:
matchLabels:
2020-12-05 21:08:42 +00:00
app.kubernetes.io/name: {{ include "authentik.name" . }}
2019-02-08 13:57:16 +00:00
app.kubernetes.io/instance: {{ .Release.Name }}
2020-12-05 21:08:42 +00:00
k8s.goauthentik.io/component: worker
2019-02-08 13:57:16 +00:00
template:
metadata:
labels:
2020-12-05 21:08:42 +00:00
app.kubernetes.io/name: {{ include "authentik.name" . }}
2019-02-08 13:57:16 +00:00
app.kubernetes.io/instance: {{ .Release.Name }}
2020-12-05 21:08:42 +00:00
k8s.goauthentik.io/component: worker
2019-02-08 13:57:16 +00:00
spec:
{{- if .Values.kubernetesIntegration }}
2020-12-05 21:08:42 +00:00
serviceAccountName: {{ include "authentik.fullname" . }}-sa
{{- end }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
2020-09-15 10:41:11 +01:00
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
2020-12-05 21:08:42 +00:00
- {{ include "authentik.name" . }}
2020-09-15 10:41:11 +01:00
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
2020-12-05 21:08:42 +00:00
- key: k8s.goauthentik.io/component
2020-09-15 10:41:11 +01:00
operator: In
values:
- worker
topologyKey: "kubernetes.io/hostname"
2019-02-08 13:57:16 +00:00
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
2020-09-06 14:52:22 +01:00
args: [worker]
2019-10-01 14:42:14 +01:00
envFrom:
- configMapRef:
2020-12-05 21:08:42 +00:00
name: "{{ include "authentik.fullname" . }}-config"
prefix: "AUTHENTIK_"
- secretRef:
name: {{ include "authentik.fullname" . }}-secret-key
prefix: AUTHENTIK_
2019-10-01 14:42:14 +01:00
env:
2020-12-05 21:08:42 +00:00
- name: AUTHENTIK_REDIS__PASSWORD
2019-10-01 14:42:14 +01:00
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: "redis-password"
2020-12-05 21:08:42 +00:00
- name: AUTHENTIK_POSTGRESQL__PASSWORD
2019-10-01 14:42:14 +01:00
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"
key: "postgresql-password"
2021-03-11 16:32:16 +00:00
{{ if .Values.geoip.enabled -}}
- name: AUTHENTIK_AUTHENTIK__GEOIP
value: /geoip/GeoLite2-City.mmdb
{{- end }}
{{ if .Values.geoip.enabled -}}
volumeMounts:
- name: geoip
mountPath: /geoip
{{- end }}
2019-02-08 13:57:16 +00:00
resources:
requests:
cpu: 150m
2020-09-15 10:41:11 +01:00
memory: 400M
limits:
cpu: 300m
2020-09-15 10:41:11 +01:00
memory: 600M
2021-03-11 16:32:16 +00:00
{{ if .Values.geoip.enabled -}}
volumes:
- name: geoip
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-geoip
{{- end -}}