73 lines
2.0 KiB
YAML
73 lines
2.0 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: authelia
|
|
namespace: authelia
|
|
labels:
|
|
app: authelia
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: authelia
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: authelia
|
|
spec:
|
|
containers:
|
|
- name: authelia
|
|
image: authelia:dist
|
|
ports:
|
|
- containerPort: 443
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /config
|
|
- name: ssl-volume
|
|
mountPath: /config/ssl
|
|
- name: secrets
|
|
mountPath: /app/secrets
|
|
readOnly: true
|
|
env:
|
|
# We set secrets directly here for ease of deployment but all secrets
|
|
# should be stored in the Kube Vault in production.
|
|
- name: AUTHELIA_JWT_SECRET_FILE
|
|
value: /app/secrets/jwt_secret
|
|
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE
|
|
value: /app/secrets/ldap_password
|
|
- name: AUTHELIA_SESSION_SECRET_FILE
|
|
value: /app/secrets/session
|
|
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
|
|
value: /app/secrets/sql_password
|
|
- name: ENVIRONMENT
|
|
value: dev
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: authelia-config
|
|
items:
|
|
- key: configuration.yml
|
|
path: configuration.yml
|
|
- name: ssl-volume
|
|
configMap:
|
|
name: authelia-ssl
|
|
items:
|
|
- key: cert.pem
|
|
path: cert.pem
|
|
- key: key.pem
|
|
path: key.pem
|
|
- name: secrets
|
|
secret:
|
|
secretName: authelia
|
|
items:
|
|
- key: jwt_secret
|
|
path: jwt_secret
|
|
- key: session
|
|
path: session
|
|
- key: sql_password
|
|
path: sql_password
|
|
- key: ldap_password
|
|
path: ldap_password
|
|
...
|