--- apiVersion: apps/v1 kind: Deployment metadata: name: memelord spec: replicas: 1 selector: matchLabels: app: memelord template: metadata: labels: app: memelord spec: volumes: - name: logs emptyDir: {} - name: admin emptyDir: {} containers: - name: memelord image: ghcr.io/l4rm4nd/memelord:latest securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsUser: 33 runAsGroup: 33 volumeMounts: - name: logs mountPath: /opt/app/logs - name: admin mountPath: /opt/app/myapp/static/admin ports: - containerPort: 8000 env: # PostgreSQL credentials from secret - name: DB_ENGINE value: postgres - name: DOMAIN value: memelord-sala.ee-lte-1.codemowers.io - name: POSTGRES_USER valueFrom: secretKeyRef: name: memelord-sala-database key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: memelord-sala-database key: password - name: POSTGRES_DB value: memelord-sala - name: POSTGRES_HOST value: memelord-sala-database-rw.memelord-sala.svc.cluster.local - name: POSTGRES_PORT value: "5432" # Redis password - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: memelord-sala-redis key: redis-password - name: STORAGE_BACKEND value: s3 - name: AWS_S3_ENDPOINT_URL value: https://minio.ee-lte-1.codemowers.io/ - name: AWS_S3_REGION_NAME value: ee-lte-1 - name: AWS_S3_ADDRESSING_STYLE value: path - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: memelord-sala-bucket key: accessKey - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: memelord-sala-bucket key: secretKey - name: AWS_STORAGE_BUCKET_NAME value: memelord-sala - name: ENABLE_PUBLIC_FEED value: "True" - name: OIDC_ENABLED value: "True" - name: OIDC_RP_SIGN_ALGO valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG - name: OIDC_OP_JWKS_ENDPOINT value: https://auth.ee-lte-1.codemowers.io/jwks - name: OIDC_RP_CLIENT_ID valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_CLIENT_ID - name: OIDC_RP_CLIENT_SECRET valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_CLIENT_SECRET - name: OIDC_OP_AUTHORIZATION_ENDPOINT valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_IDP_AUTH_URI - name: OIDC_OP_TOKEN_ENDPOINT valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_IDP_TOKEN_URI - name: OIDC_OP_USER_ENDPOINT valueFrom: secretKeyRef: name: oidc-client-memelord-sala-owner-secrets key: OIDC_IDP_USERINFO_URI - name: SESSION_COOKIE_AGE value: "30" - name: SESSION_EXPIRE_AT_BROWSER_CLOSE value: "False" - name: TZ value: "Europe/Berlin" --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient metadata: name: memelord-sala spec: displayName: Memelord sala uri: https://memelord-sala.ee-lte-1.codemowers.io/ redirectUris: - https://memelord-sala.ee-lte-1.codemowers.io/oidc/callback/ grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile pkce: true