forked from kyma-project/kyma
/
auth-proxy-deployment.yaml
87 lines (87 loc) · 3.44 KB
/
auth-proxy-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{{- if .Values.kyma.authProxy.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-auth-proxy-{{ template "grafana.name" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: auth-proxy
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "grafana.chart" . }}
annotations:
reconciler.kyma-project.io/ignore-pod-state: "true"
spec:
replicas: {{ .Values.kyma.authProxy.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: auth-proxy
template:
metadata:
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: auth-proxy
annotations:
checksum/config: {{ tpl (toYaml .Values.kyma.authProxy) . | sha256sum }}
spec:
{{- if .Values.kyma.authProxy.nodeSelector }}
nodeSelector:
{{ toYaml .Values.kyma.authProxy.nodeSelector | indent 8 }}
{{- end }}
volumes:
- name: templates-cm
configMap:
name: {{ .Release.Name }}-auth-proxy-{{ template "grafana.name" . }}-templates
serviceAccountName: {{ .Release.Name }}-auth-proxy-{{ template "grafana.name" . }}
{{- if or .Values.priorityClassName .Values.global.priorityClassName }}
priorityClassName: {{ coalesce .Values.priorityClassName .Values.global.priorityClassName }}
{{- end }}
{{- if .Values.kyma.authProxy.securityContext }}
securityContext:
{{ toYaml .Values.kyma.authProxy.securityContext | nindent 8 }}
{{- end }}
containers:
- image: "{{ include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.oauth2_proxy) }}"
imagePullPolicy: {{ .Values.kyma.authProxy.image.pullPolicy }}
name: auth-proxy
args:
- --http-address=0.0.0.0:{{ .Values.kyma.authProxy.port }}
- --upstream=http://{{ template "grafana.fullname" . }}:{{ .Values.service.port }}
- --cookie-secure=true
- --cookie-domain=grafana.{{ .Values.global.domainName }}
- --cookie-name=KYMA_GRAFANA_OAUTH2_PROXY_TOKEN
- --silence-ping-logging=true
- --auth-logging={{ .Values.kyma.authProxy.config.authLogging }}
- --request-logging={{ .Values.kyma.authProxy.config.requestLogging }}
- --pass-host-header={{ .Values.kyma.authProxy.config.passHostHeader }}
- --upstream-timeout={{ .Values.kyma.authProxy.config.upstreamTimeout }}
envFrom:
- secretRef:
name: {{ .Release.Name }}-auth-proxy-{{ template "grafana.name" . }}-default
optional: false
- secretRef:
name: {{ .Release.Name }}-auth-proxy-{{ template "grafana.name" . }}-user
optional: true
ports:
- name: http
containerPort: {{ .Values.kyma.authProxy.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /ping
port: http
readinessProbe:
httpGet:
path: /ping
port: http
{{- if .Values.kyma.authProxy.containerSecurityContext }}
securityContext:
{{ toYaml .Values.kyma.authProxy.containerSecurityContext | nindent 10 }}
{{- end }}
resources:
{{ toYaml .Values.kyma.authProxy.resources | indent 10 }}
volumeMounts:
- name: templates-cm
mountPath: /templates
{{- end}}