151 lines
4.4 KiB
YAML
151 lines
4.4 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: memelord
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: memelord
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: memelord
|
|
spec:
|
|
volumes:
|
|
- name: logs
|
|
emptyDir: {}
|
|
- name: admin
|
|
emptyDir: {}
|
|
|
|
containers:
|
|
- name: memelord
|
|
image: ghcr.io/l4rm4nd/memelord:latest
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
runAsUser: 33
|
|
runAsGroup: 33
|
|
volumeMounts:
|
|
- name: logs
|
|
mountPath: /opt/app/logs
|
|
- name: admin
|
|
mountPath: /opt/app/myapp/static/admin
|
|
|
|
ports:
|
|
- containerPort: 8000
|
|
env:
|
|
# PostgreSQL credentials from secret
|
|
- name: DB_ENGINE
|
|
value: postgres
|
|
- name: DOMAIN
|
|
value: {{ .Values.hostname }}
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-sala-database
|
|
key: username
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-sala-database
|
|
key: password
|
|
- name: POSTGRES_DB
|
|
value: memelord-sala
|
|
- name: POSTGRES_HOST
|
|
value: memelord-sala-database-rw.memelord-sala.svc.cluster.local
|
|
- name: POSTGRES_PORT
|
|
value: "5432"
|
|
|
|
# Redis password
|
|
- name: REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-sala-redis
|
|
key: redis-password
|
|
|
|
- name: STORAGE_BACKEND
|
|
value: s3
|
|
- name: AWS_S3_ENDPOINT_URL
|
|
value: https://minio.ee-lte-1.codemowers.io/
|
|
- name: AWS_S3_REGION_NAME
|
|
value: ee-lte-1
|
|
- name: AWS_S3_ADDRESSING_STYLE
|
|
value: path
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-sala-bucket
|
|
key: accessKey
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-sala-bucket
|
|
key: secretKey
|
|
- name: AWS_STORAGE_BUCKET_NAME
|
|
value: memelord-sala
|
|
- name: ENABLE_PUBLIC_FEED
|
|
value: "True"
|
|
- name: OIDC_ENABLED
|
|
value: "True"
|
|
- name: OIDC_RP_SIGN_ALGO
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG
|
|
- name: OIDC_OP_JWKS_ENDPOINT
|
|
value: https://auth.ee-lte-1.codemowers.io/jwks
|
|
- name: OIDC_RP_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_CLIENT_ID
|
|
- name: OIDC_RP_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_CLIENT_SECRET
|
|
- name: OIDC_OP_AUTHORIZATION_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_IDP_AUTH_URI
|
|
- name: OIDC_OP_TOKEN_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_IDP_TOKEN_URI
|
|
- name: OIDC_OP_USER_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oidc-client-memelord-sala-owner-secrets
|
|
key: OIDC_IDP_USERINFO_URI
|
|
- name: SESSION_COOKIE_AGE
|
|
value: "30"
|
|
- name: SESSION_EXPIRE_AT_BROWSER_CLOSE
|
|
value: "False"
|
|
- name: TZ
|
|
value: "Europe/Berlin"
|
|
|
|
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: OIDCClient
|
|
metadata:
|
|
name: memelord-sala
|
|
spec:
|
|
displayName: Memelord sala
|
|
uri: https://{{ .Values.hostname }}/
|
|
redirectUris:
|
|
- https://{{ .Values.hostname }}/oidc/callback/
|
|
grantTypes:
|
|
- authorization_code
|
|
- refresh_token
|
|
responseTypes:
|
|
- code
|
|
availableScopes:
|
|
- openid
|
|
- profile
|
|
pkce: false
|
|
|