helm
This commit is contained in:
itumi
130
helm/templates/app.yaml
Normal file
130
helm/templates/app.yaml
Normal file
@@ -0,0 +1,130 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Release.Name }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Release.Name }}
|
||||
image: ghcr.io/l4rm4nd/memelord:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: {{ .Values.hostname | quote }}
|
||||
|
||||
# Database Configuration
|
||||
- name: DB_ENGINE
|
||||
value: "postgres"
|
||||
- name: POSTGRES_HOST
|
||||
value: "{{ .Release.Name }}-database-rw"
|
||||
- name: POSTGRES_PORT
|
||||
value: "5432"
|
||||
- name: POSTGRES_DB
|
||||
value: {{ .Release.Name | quote }}
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-database
|
||||
key: username
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-database
|
||||
key: password
|
||||
|
||||
# Redis Configuration
|
||||
- name: REDIS_HOST
|
||||
value: "{{ .Release.Name }}-redis"
|
||||
- name: REDIS_PORT
|
||||
value: "6379"
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-redis
|
||||
key: redis-password
|
||||
|
||||
# S3/MinIO Storage Configuration
|
||||
- name: STORAGE_BACKEND
|
||||
value: "s3"
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-bucket
|
||||
key: accessKey
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Release.Name }}-bucket
|
||||
key: secretKey
|
||||
- name: AWS_S3_ADDRESSING_STYLE
|
||||
value: path
|
||||
- name: AWS_STORAGE_BUCKET_NAME
|
||||
value: {{ .Release.Name | quote }}
|
||||
- name: AWS_S3_ENDPOINT_URL
|
||||
value: "https://minio.ee-lte-1.codemowers.io"
|
||||
- name: AWS_S3_REGION_NAME
|
||||
value: "ee-lte-1"
|
||||
|
||||
# OIDC Configuration
|
||||
- name: OIDC_ENABLED
|
||||
value: "True"
|
||||
- name: OIDC_CREATE_USER
|
||||
value: "True"
|
||||
- name: OIDC_RP_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-{{ .Release.Name }}-owner-secrets
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: OIDC_RP_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-{{ .Release.Name }}-owner-secrets
|
||||
key: OIDC_CLIENT_SECRET
|
||||
|
||||
# Browser-facing endpoint (external URL)
|
||||
- name: OIDC_OP_AUTHORIZATION_ENDPOINT
|
||||
value: "https://auth.ee-lte-1.codemowers.io/auth"
|
||||
|
||||
# Server-to-server endpoints (internal URLs)
|
||||
- name: OIDC_OP_TOKEN_ENDPOINT
|
||||
value: "http://passmower.passmower.svc.cluster.local/token"
|
||||
- name: OIDC_OP_USER_ENDPOINT
|
||||
value: "http://passmower.passmower.svc.cluster.local/me"
|
||||
- name: OIDC_OP_JWKS_ENDPOINT
|
||||
value: "http://passmower.passmower.svc.cluster.local/jwks"
|
||||
|
||||
- name: OIDC_RP_SIGN_ALGO
|
||||
value: "RS256"
|
||||
- name: OIDC_AUTOLOGIN
|
||||
value: "False"
|
||||
|
||||
# General Configuration
|
||||
- name: DEBUG
|
||||
value: "True"
|
||||
- name: SECURE_COOKIES
|
||||
value: "True"
|
||||
|
||||
# Use the patched app code (including patched settings.py)
|
||||
volumeMounts:
|
||||
- name: settings
|
||||
mountPath: /opt/app/myproject/settings.py
|
||||
subPath: settings.py
|
||||
readOnly: true
|
||||
|
||||
volumes:
|
||||
- name: settings
|
||||
configMap:
|
||||
name: settings
|
||||
Reference in New Issue
Block a user