CoreID/deploy/1-deployment.yaml

218 lines
6.5 KiB
YAML

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coreid-www
namespace: starship
spec:
selector:
matchLabels:
app: coreid
template:
metadata:
name: coreid
labels:
app: coreid
spec:
volumes:
- name: coreid-secrets-vol
secret:
secretName: coreid-secrets
optional: false
containers:
- name: coreid-web
image: ${DOCKER_REGISTRY}/starship/coreid
imagePullPolicy: Always
volumeMounts:
- mountPath: /secrets
readOnly: true
name: coreid-secrets-vol
env:
- name: APP_URL
value: "https://${COREID_DOMAIN}/"
- name: DATABASE_HOST
value: '${COREID_DATABASE_HOST}'
- name: DATABASE_NAME
value: '${COREID_DATABASE_NAME}'
- name: LDAP_BASE_DC
value: '${COREID_LDAP_BASE_DC}'
- name: REDIS_HOST
value: '${COREID_REDIS_HOST}'
- name: SMTP_HOST
value: '${COREID_SMTP_HOST}'
- name: SECRET
valueFrom:
secretKeyRef:
key: SECRET
name: coreid-secrets
optional: false
- name: SMTP_USER
valueFrom:
secretKeyRef:
key: SMTP_USER
name: coreid-secrets
optional: false
- name: SMTP_DEFAULT_SENDER
valueFrom:
secretKeyRef:
key: SMTP_DEFAULT_SENDER
name: coreid-secrets
optional: false
- name: SMTP_PASS
valueFrom:
secretKeyRef:
key: SMTP_PASS
name: coreid-secrets
optional: false
- name: REDIS_PASS
valueFrom:
secretKeyRef:
key: REDIS_PASS
name: coreid-secrets
optional: false
- name: APP_NAME
value: "Starship CoreID"
- name: SERVER_PORT
value: '8000'
- name: DATABASE_PORT
value: '27017'
- name: DATABASE_AUTH
value: 'false'
- name: ENVIRONMENT
value: production
- name: SSL_ENABLE
value: 'false'
- name: LDAP_SERVER_PORT
value: '636'
- name: LDAP_SSL_ENABLE
value: 'true'
- name: LDAP_CERT_PATH
value: '/secrets/X509_CERT'
- name: LDAP_CERT_KEY_PATH
value: '/secrets/X509_KEY'
- name: SAML_CERT_FILE
value: '/secrets/X509_CERT'
- name: SAML_KEY_FILE
value: '/secrets/X509_KEY'
- name: RADIUS_CERT_FILE
value: '/secrets/X509_CERT'
- name: RADIUS_KEY_FILE
value: '/secrets/X509_KEY'
- name: REDIS_PORT
value: '6379'
- name: SMTP_PORT
value: '587'
- name: OPENID_CONNECT_PROXY
value: 'true'
- name: SESSION_MAX_AGE
value: '1209600000'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coreid-jobs
namespace: starship
spec:
selector:
matchLabels:
app: coreid-jobs
template:
metadata:
name: coreid
labels:
app: coreid-jobs
spec:
volumes:
- name: coreid-secrets-vol
secret:
secretName: coreid-secrets
optional: false
containers:
- name: coreid-job-worker
image: ${DOCKER_REGISTRY}/starship/coreid
imagePullPolicy: Always
command: ["node", "/app/flitter", "worker", "main"]
volumeMounts:
- mountPath: /secrets
readOnly: true
name: coreid-secrets-vol
env:
- name: APP_URL
value: "https://${COREID_DOMAIN}/"
- name: DATABASE_HOST
value: '${COREID_DATABASE_HOST}'
- name: DATABASE_NAME
value: '${COREID_DATABASE_NAME}'
- name: LDAP_BASE_DC
value: '${COREID_LDAP_BASE_DC}'
- name: REDIS_HOST
value: '${COREID_REDIS_HOST}'
- name: SMTP_HOST
value: '${COREID_SMTP_HOST}'
- name: SECRET
valueFrom:
secretKeyRef:
key: SECRET
name: coreid-secrets
optional: false
- name: SMTP_USER
valueFrom:
secretKeyRef:
key: SMTP_USER
name: coreid-secrets
optional: false
- name: SMTP_DEFAULT_SENDER
valueFrom:
secretKeyRef:
key: SMTP_DEFAULT_SENDER
name: coreid-secrets
optional: false
- name: SMTP_PASS
valueFrom:
secretKeyRef:
key: SMTP_PASS
name: coreid-secrets
optional: false
- name: REDIS_PASS
valueFrom:
secretKeyRef:
key: REDIS_PASS
name: coreid-secrets
optional: false
- name: APP_NAME
value: "Starship CoreID"
- name: SERVER_PORT
value: '8000'
- name: DATABASE_PORT
value: '27017'
- name: DATABASE_AUTH
value: 'false'
- name: ENVIRONMENT
value: production
- name: SSL_ENABLE
value: 'false'
- name: LDAP_SERVER_PORT
value: '636'
- name: LDAP_SSL_ENABLE
value: 'true'
- name: LDAP_CERT_PATH
value: '/secrets/X509_CERT'
- name: LDAP_CERT_KEY_PATH
value: '/secrets/X509_KEY'
- name: SAML_CERT_FILE
value: '/secrets/X509_CERT'
- name: SAML_KEY_FILE
value: '/secrets/X509_KEY'
- name: RADIUS_CERT_FILE
value: '/secrets/X509_CERT'
- name: RADIUS_KEY_FILE
value: '/secrets/X509_KEY'
- name: REDIS_PORT
value: '6379'
- name: SMTP_PORT
value: '587'
- name: OPENID_CONNECT_PROXY
value: 'true'
- name: SESSION_MAX_AGE
value: '1209600000'