gitea_admin/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
infra/charts/authentik/templates/worker/deployment.yaml
Konstantin Averkiev e1d2851f41 added authentik, fixed vm kube registry
2025-08-06 21:17:40 +03:00

245 lines
9.9 KiB
YAML
Raw Permalink Blame History

{{- if .Values.worker.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "authentik.worker.fullname" . }}
namespace: {{ include "authentik.namespace" . | quote }}
labels:
{{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.worker.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key}}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with include "authentik.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.worker.deploymentStrategy) }}
strategy:
{{- trim . | nindent 4 }}
{{- end }}
{{- if not .Values.worker.autoscaling.enabled }}
replicas: {{ .Values.worker.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "authentik.selectorLabels" (dict "context" . "component" .Values.worker.name) | nindent 6 }}
template:
metadata:
labels:
{{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.worker.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.worker.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.worker.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.serviceAccountName }}
serviceAccountName: {{ . }}
{{- else }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ include "authentik-remote-cluster.fullname" .Subcharts.serviceAccount }}
{{- end }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.worker.securityContext) }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- if .Values.worker.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}
{{- end }}
{{- with .Values.worker.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 6 }}
{{- end }}
containers:
- name: {{ .Values.worker.name }}
image: {{ default .Values.global.image.repository .Values.worker.image.repository }}:{{ default (include "authentik.defaultTag" .) .Values.worker.image.tag }}{{- if (default .Values.global.image.digest .Values.worker.image.digest) -}}@{{ default .Values.global.image.digest .Values.worker.image.digest }}{{- end }}
imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.worker.image.pullPolicy }}
args:
- worker
env:
{{- with (concat .Values.global.env .Values.worker.env) }}
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
- secretRef:
name: {{ template "authentik.fullname" . }}
{{- with (concat .Values.global.envFrom .Values.worker.envFrom) }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if or .Values.geoip.enabled .Values.global.volumeMounts .Values.worker.volumeMounts .Values.blueprints.configMaps .Values.blueprints.secrets }}
volumeMounts:
{{- with .Values.global.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.worker.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.geoip.enabled }}
- name: geoip-db
mountPath: /geoip
{{- end }}
{{- range $name := .Values.blueprints.configMaps }}
- name: blueprints-cm-{{ $name }}
mountPath: /blueprints/mounted/cm-{{ $name }}
{{- end }}
{{- range $name := .Values.blueprints.secrets }}
- name: blueprints-secret-{{ $name }}
mountPath: /blueprints/mounted/secret-{{ $name }}
{{- end }}
{{- end }}
{{- with .Values.worker.livenessProbe }}
livenessProbe:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.worker.readinessProbe }}
readinessProbe:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.worker.startupProbe }}
startupProbe:
{{ toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
{{- with .Values.worker.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.worker.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.geoip.enabled }}
- name: geoip
image: {{ .Values.geoip.image.repository }}:{{ .Values.geoip.image.tag }}{{- if .Values.geoip.image.digest -}}@{{ .Values.geoip.image.digest }}{{- end }}
imagePullPolicy: {{ .Values.geoip.image.pullPolicy }}
env:
{{- with .Values.geoip.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: GEOIPUPDATE_FREQUENCY
value: {{ .Values.geoip.updateInterval | quote }}
- name: GEOIPUPDATE_PRESERVE_FILE_TIMES
value: "1"
{{- if not .Values.geoip.existingSecret.secretName }}
- name: GEOIPUPDATE_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: {{ template "authentik.fullname" . }}
key: GEOIPUPDATE_ACCOUNT_ID
- name: GEOIPUPDATE_LICENSE_KEY
valueFrom:
secretKeyRef:
name: {{ template "authentik.fullname" . }}
key: GEOIPUPDATE_LICENSE_KEY
{{- else }}
- name: GEOIPUPDATE_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.geoip.existingSecret.secretName }}
key: {{ .Values.geoip.existingSecret.accountId }}
- name: GEOIPUPDATE_LICENSE_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.geoip.existingSecret.secretName }}
key: {{ .Values.geoip.existingSecret.licenseKey }}
{{- end }}
- name: GEOIPUPDATE_EDITION_IDS
value: {{ required "geoip edition id required" .Values.geoip.editionIds | quote }}
{{- with .Values.geoip.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- with .Values.geoip.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: geoip-db
mountPath: /usr/share/GeoIP
resources:
{{- toYaml .Values.geoip.resources | nindent 12 }}
{{- with .Values.geoip.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.worker.extraContainers }}
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
{{- with include "authentik.affinity" (dict "context" . "component" .Values.worker) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.worker.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "authentik.selectorLabels" (dict "context" $ "component" $.Values.worker.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- if or .Values.geoip.enabled .Values.global.volumes .Values.worker.volumes .Values.blueprints.configMaps .Values.blueprints.secrets }}
volumes:
{{- with .Values.global.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.geoip.enabled }}
- name: geoip-db
emptyDir: {}
{{- end }}
{{- range $name := .Values.blueprints.configMaps }}
- name: blueprints-cm-{{ $name }}
configMap:
name: {{ $name }}
{{- end }}
{{- range $name := .Values.blueprints.secrets }}
- name: blueprints-secret-{{ $name }}
secret:
secretName: {{ $name }}
{{- end }}
{{- end }}
enableServiceLinks: true
{{- if .Values.worker.hostNetwork }}
hostNetwork: {{ .Values.worker.hostNetwork }}
{{- end }}
{{- with .Values.worker.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.worker.dnsPolicy }}
dnsPolicy: {{ .Values.worker.dnsPolicy }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink