140 lines
3.9 KiB
YAML
140 lines
3.9 KiB
YAML
{{- $functionNs := default .Release.Namespace .Values.functionNamespace }}
|
|
{{- if .Values.oauth2Plugin.enabled }}
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: {{ template "openfaas.name" . }}
|
|
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
|
component: oauth2-plugin
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
name: oauth2-plugin
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
spec:
|
|
replicas: {{ .Values.oauth2Plugin.replicas }}
|
|
selector:
|
|
matchLabels:
|
|
app: oauth2-plugin
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io.scrape: "false"
|
|
labels:
|
|
app: oauth2-plugin
|
|
spec:
|
|
volumes:
|
|
- name: oauth2-plugin-temp-volume
|
|
emptyDir: {}
|
|
{{- if .Values.basic_auth }}
|
|
- name: auth
|
|
secret:
|
|
secretName: basic-auth
|
|
{{- end }}
|
|
containers:
|
|
- name: oauth2-plugin
|
|
resources:
|
|
{{- .Values.oauth2Plugin.resources | toYaml | nindent 12 }}
|
|
image: {{ .Values.oauth2Plugin.image }}
|
|
imagePullPolicy: {{ .Values.openfaasImagePullPolicy }}
|
|
{{- if .Values.securityContext }}
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 10001
|
|
{{- end }}
|
|
livenessProbe:
|
|
{{- if .Values.httpProbe }}
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
{{- else }}
|
|
exec:
|
|
command:
|
|
- wget
|
|
- --quiet
|
|
- --tries=1
|
|
- --timeout=5
|
|
- --spider
|
|
- http://localhost:8080/health
|
|
{{- end }}
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
{{- if .Values.httpProbe }}
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
{{- else }}
|
|
exec:
|
|
command:
|
|
- wget
|
|
- --quiet
|
|
- --tries=1
|
|
- --timeout=5
|
|
- --spider
|
|
- http://localhost:8080/health
|
|
{{- end }}
|
|
timeoutSeconds: 5
|
|
args:
|
|
- "-license={{- .Values.oauth2Plugin.license}}"
|
|
- "-provider={{- .Values.oauth2Plugin.provider}}"
|
|
env:
|
|
- name: client_id
|
|
value: "{{- .Values.oauth2Plugin.clientID}}"
|
|
- name: client_secret
|
|
value: "{{- .Values.oauth2Plugin.clientSecret}}"
|
|
- name: cookie_domain
|
|
value: "{{- .Values.oauth2Plugin.cookieDomain}}"
|
|
- name: base_host
|
|
value: "{{- .Values.oauth2Plugin.baseHost}}"
|
|
- name: port
|
|
value: "8080"
|
|
- name: authorize_url
|
|
value: "{{- .Values.oauth2Plugin.authorizeURL}}"
|
|
- name: welcome_page_url
|
|
value: "{{- .Values.oauth2Plugin.welcomePageURL}}"
|
|
- name: public_key_path
|
|
value: "" # leave blank if using jwks
|
|
- name: audience
|
|
value: "{{- .Values.oauth2Plugin.audience}}"
|
|
- name: token_url
|
|
value: "{{- .Values.oauth2Plugin.tokenURL}}"
|
|
- name: scopes
|
|
value: "{{- .Values.oauth2Plugin.scopes}}"
|
|
- name: jwks_url
|
|
value: "{{- .Values.oauth2Plugin.jwksURL}}"
|
|
- name: insecure_tls
|
|
value: "{{- .Values.oauth2Plugin.insecureTLS}}"
|
|
{{- if .Values.basic_auth }}
|
|
- name: secret_mount_path
|
|
value: "/var/secrets"
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: oauth2-plugin-temp-volume
|
|
mountPath: /tmp
|
|
{{- if .Values.basic_auth }}
|
|
- name: auth
|
|
readOnly: true
|
|
mountPath: "/var/secrets"
|
|
{{- end }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|