charts/ocis/templates/authmachine/deployment.yaml

{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameAuthMachine" "appNameSuffix" "") -}}
apiVersion: apps/v1
kind: Deployment
{{ include "ocis.metadata" . }}
spec:
  {{- include "ocis.selector" . | nindent 2 }}
  {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
  replicas: {{ .Values.replicas }}
  {{- end }}
  {{- include "ocis.deploymentStrategy" . | nindent 2 }}
  template:
    {{- include "ocis.templateMetadata" (dict "scope" $ "configCheck" false) | nindent 4 }}
    spec:
      {{- include "ocis.serviceAccount" . | nindent 6 }}
      {{- include "ocis.affinity" .Values.services.authmachine | nindent 6 }}
      {{- include "ocis.securityContextAndtopologySpreadConstraints" . | nindent 6 }}
      {{- include "ocis.priorityClassName" $.priorityClassName | nindent 6 }}
      {{- include "ocis.hostAliases" $ | nindent 6 }}
      nodeSelector: {{ toYaml $.nodeSelector | nindent 8 }}
      containers:
        - name: {{ .appName }}
          {{- include "ocis.image" $ | nindent 10 }}
          command: ["ocis"]
          args: ["auth-machine", "server"]
          {{- include "ocis.containerSecurityContext" . | nindent 10 }}
          env:
            {{- include "ocis.serviceRegistry" . | nindent 12 }}

            - name: AUTH_MACHINE_LOG_COLOR
              value: {{ .Values.logging.color | quote }}
            - name: AUTH_MACHINE_LOG_LEVEL
              value: {{ .Values.logging.level | quote }}
            - name: AUTH_MACHINE_LOG_PRETTY
              value: {{ .Values.logging.pretty | quote }}

            - name: AUTH_MACHINE_TRACING_ENABLED
              value: "{{ .Values.tracing.enabled }}"
            - name: AUTH_MACHINE_TRACING_TYPE
              value: {{ .Values.tracing.type | quote }}
            - name: AUTH_MACHINE_TRACING_ENDPOINT
              value: {{ .Values.tracing.endpoint | quote }}
            - name: AUTH_MACHINE_TRACING_COLLECTOR
              value: {{ .Values.tracing.collector | quote }}

            - name: AUTH_MACHINE_DEBUG_PPROF
              value: {{ .Values.debug.profiling | quote }}

            - name: AUTH_MACHINE_GRPC_ADDR
              value: 0.0.0.0:9166
            - name: AUTH_MACHINE_DEBUG_ADDR
              value: 0.0.0.0:9167

            - name: AUTH_MACHINE_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ include "secrets.jwtSecret" . }}
                  key: jwt-secret

            - name: AUTH_MACHINE_API_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ include "secrets.machineAuthAPIKeySecret" . }}
                  key: machine-auth-api-key

          {{- include "ocis.livenessProbe" . | nindent 10 }}

          resources: {{ toYaml .resources | nindent 12 }}

          ports:
            - name: grpc
              containerPort: 9166
            - name: metrics-debug
              containerPort: 9167

          volumeMounts:
            - name: tmp-volume
              mountPath: /tmp

      {{- include "ocis.imagePullSecrets" $ | nindent 6 }}
      volumes:
        - name: tmp-volume
          emptyDir: {}