#! Copyright 2020 the Pinniped contributors. All Rights Reserved. #! SPDX-License-Identifier: Apache-2.0 #@ load("@ytt:data", "data") --- apiVersion: v1 kind: Namespace metadata: name: local-user-authenticator labels: name: local-user-authenticator --- apiVersion: v1 kind: ServiceAccount metadata: name: local-user-authenticator-service-account namespace: local-user-authenticator --- #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "": apiVersion: v1 kind: Secret metadata: name: image-pull-secret namespace: local-user-authenticator labels: app: local-user-authenticator type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: #@ data.values.image_pull_dockerconfigjson #@ end --- apiVersion: apps/v1 kind: Deployment metadata: name: local-user-authenticator namespace: local-user-authenticator labels: app: local-user-authenticator spec: replicas: 1 selector: matchLabels: app: local-user-authenticator template: metadata: labels: app: local-user-authenticator spec: serviceAccountName: local-user-authenticator-service-account #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "": imagePullSecrets: - name: image-pull-secret #@ end containers: - name: local-user-authenticator #@ if data.values.image_digest: image: #@ data.values.image_repo + "@" + data.values.image_digest #@ else: image: #@ data.values.image_repo + ":" + data.values.image_tag #@ end imagePullPolicy: IfNotPresent command: #! override the default entrypoint - /usr/local/bin/local-user-authenticator --- apiVersion: v1 kind: Service metadata: name: local-user-authenticator namespace: local-user-authenticator labels: app: local-user-authenticator spec: type: ClusterIP selector: app: local-user-authenticator ports: - protocol: TCP port: 443 targetPort: 443