forked from openfaas/faas-netes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
oidc-plugin-dep.yaml
144 lines (141 loc) · 3.96 KB
/
oidc-plugin-dep.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
{{- $functionNs := default .Release.Namespace .Values.functionNamespace }}
{{- if .Values.oidcAuthPlugin.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ template "openfaas.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
component: oidc-plugin
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: oidc-plugin
namespace: {{ .Release.Namespace | quote }}
spec:
replicas: {{ .Values.oidcAuthPlugin.replicas }}
selector:
matchLabels:
app: oidc-plugin
template:
metadata:
annotations:
prometheus.io/scrape: "false"
labels:
app: oidc-plugin
spec:
volumes:
- name: oidc-plugin-temp-volume
emptyDir: {}
{{- if .Values.basic_auth }}
- name: auth
secret:
secretName: basic-auth
{{- end }}
- name: license
secret:
secretName: openfaas-license
containers:
- name: oidc-plugin
resources:
{{- .Values.oidcAuthPlugin.resources | toYaml | nindent 12 }}
image: {{ .Values.oidcAuthPlugin.image }}
imagePullPolicy: Always
{{- if .Values.securityContext }}
securityContext:
readOnlyRootFilesystem: true
runAsUser: 10001
{{- end }}
livenessProbe:
{{- if .Values.httpProbe }}
httpGet:
path: /health
port: 8080
{{- else }}
exec:
command:
- wget
- --quiet
- --tries=1
- --timeout=5
- --spider
- http://localhost:8080/health
{{- end }}
timeoutSeconds: 5
readinessProbe:
{{- if .Values.httpProbe }}
httpGet:
path: /health
port: 8080
{{- else }}
exec:
command:
- wget
- --quiet
- --tries=1
- --timeout=5
- --spider
- http://localhost:8080/health
{{- end }}
timeoutSeconds: 5
args:
- "-license-file=/var/secrets/license/license"
{{- if .Values.oidcAuthPlugin.verbose }}
- "-verbose=true"
{{- end }}
- "-provider={{- .Values.oidcAuthPlugin.provider}}"
env:
- name: client_id
value: "{{- .Values.oidcAuthPlugin.clientID}}"
- name: client_secret
value: "{{- .Values.oidcAuthPlugin.clientSecret}}"
- name: cookie_domain
value: "{{- .Values.oidcAuthPlugin.cookieDomain}}"
- name: base_host
value: "{{- .Values.oidcAuthPlugin.baseHost}}"
- name: port
value: "8080"
- name: openid_url
value: "{{- .Values.oidcAuthPlugin.openidURL}}"
- name: welcome_page_url
value: "{{- .Values.oidcAuthPlugin.welcomePageURL}}"
- name: public_key_path
value: ""
- name: audience
value: "{{- .Values.oidcAuthPlugin.audience}}"
- name: scopes
value: "{{- .Values.oidcAuthPlugin.scopes}}"
- name: insecure_tls
value: "{{- .Values.oidcAuthPlugin.insecureTLS}}"
{{- if .Values.basic_auth }}
- name: secret_mount_path
value: "/var/secrets/gateway"
{{- end }}
volumeMounts:
- name: oidc-plugin-temp-volume
mountPath: /tmp
{{- if .Values.basic_auth }}
- name: auth
readOnly: true
mountPath: "/var/secrets/gateway"
{{- end }}
- name: license
readOnly: true
mountPath: "/var/secrets/license"
ports:
- name: http
containerPort: 8080
protocol: TCP
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}