ContainerImage.Pinniped/deploy/local-user-authenticator/deployment.yaml

84 lines
2.1 KiB
YAML
Raw Normal View History

#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
---
apiVersion: v1
kind: Namespace
metadata:
name: local-user-authenticator
labels:
name: local-user-authenticator
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: local-user-authenticator
namespace: local-user-authenticator
---
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
apiVersion: v1
kind: Secret
metadata:
name: image-pull-secret
namespace: local-user-authenticator
labels:
app: local-user-authenticator
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: #@ data.values.image_pull_dockerconfigjson
#@ end
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: local-user-authenticator
namespace: local-user-authenticator
labels:
app: local-user-authenticator
spec:
replicas: 1
selector:
matchLabels:
app: local-user-authenticator
template:
metadata:
labels:
app: local-user-authenticator
spec:
securityContext:
runAsUser: 1001
runAsGroup: 1001
serviceAccountName: local-user-authenticator
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
imagePullSecrets:
- name: image-pull-secret
#@ end
containers:
- name: local-user-authenticator
#@ if data.values.image_digest:
image: #@ data.values.image_repo + "@" + data.values.image_digest
#@ else:
image: #@ data.values.image_repo + ":" + data.values.image_tag
#@ end
imagePullPolicy: IfNotPresent
command: #! override the default entrypoint
- /usr/local/bin/local-user-authenticator
---
apiVersion: v1
kind: Service
metadata:
name: local-user-authenticator
namespace: local-user-authenticator
labels:
app: local-user-authenticator
spec:
type: ClusterIP
selector:
app: local-user-authenticator
ports:
- protocol: TCP
port: 443
targetPort: 8443