{{- $functionNs := default .Release.Namespace .Values.functionNamespace }}
{{- if .Values.oauth2Plugin.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ template "openfaas.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: oauth2-plugin
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: oauth2-plugin
namespace: {{ .Release.Namespace | quote }}
spec:
replicas: {{ .Values.oauth2Plugin.replicas }}
selector:
matchLabels:
app: oauth2-plugin
template:
metadata:
annotations:
prometheus.io.scrape: "false"
labels:
app: oauth2-plugin
spec:
volumes:
- name: oauth2-plugin-temp-volume
emptyDir: {}
{{- if .Values.basic_auth }}
- name: auth
secret:
secretName: basic-auth
{{- end }}
containers:
- name: oauth2-plugin
resources:
{{- .Values.oauth2Plugin.resources | toYaml | nindent 12 }}
image: {{ .Values.oauth2Plugin.image }}
imagePullPolicy: {{ .Values.openfaasImagePullPolicy }}
{{- if .Values.securityContext }}
securityContext:
readOnlyRootFilesystem: true
runAsUser: 10001
{{- end }}
livenessProbe:
{{- if .Values.httpProbe }}
httpGet:
path: /health
port: 8080
{{- else }}
exec:
command:
- wget
- --quiet
- --tries=1
- --timeout=5
- --spider
- http://localhost:8080/health
{{- end }}
timeoutSeconds: 5
readinessProbe:
{{- if .Values.httpProbe }}
httpGet:
path: /health
port: 8080
{{- else }}
exec:
command:
- wget
- --quiet
- --tries=1
- --timeout=5
- --spider
- http://localhost:8080/health
{{- end }}
timeoutSeconds: 5
args:
- "-license={{- .Values.oauth2Plugin.license}}"
- "-provider={{- .Values.oauth2Plugin.provider}}"
env:
- name: client_id
value: "{{- .Values.oauth2Plugin.clientID}}"
- name: client_secret
value: "{{- .Values.oauth2Plugin.clientSecret}}"
- name: cookie_domain
value: "{{- .Values.oauth2Plugin.cookieDomain}}"
- name: base_host
value: "{{- .Values.oauth2Plugin.baseHost}}"
- name: port
value: "8080"
- name: authorize_url
value: "{{- .Values.oauth2Plugin.authorizeURL}}"
- name: welcome_page_url
value: "{{- .Values.oauth2Plugin.welcomePageURL}}"
- name: public_key_path
value: "" # leave blank if using jwks
- name: audience
value: "{{- .Values.oauth2Plugin.audience}}"
- name: token_url
value: "{{- .Values.oauth2Plugin.tokenURL}}"
- name: scopes
value: "{{- .Values.oauth2Plugin.scopes}}"
- name: jwks_url
value: "{{- .Values.oauth2Plugin.jwksURL}}"
- name: insecure_tls
value: "{{- .Values.oauth2Plugin.insecureTLS}}"
{{- if .Values.basic_auth }}
- name: secret_mount_path
value: "/var/secrets"
{{- end }}
volumeMounts:
- name: oauth2-plugin-temp-volume
mountPath: /tmp
{{- if .Values.basic_auth }}
- name: auth
readOnly: true
mountPath: "/var/secrets"
{{- end }}
ports:
- name: http
containerPort: 8080
protocol: TCP
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}