apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "authentik.fullname" . }}-worker labels: app.kubernetes.io/name: {{ include "authentik.name" . }} helm.sh/chart: {{ include "authentik.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} k8s.goauthentik.io/component: worker spec: replicas: {{ .Values.workerReplicas }} selector: matchLabels: app.kubernetes.io/name: {{ include "authentik.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} k8s.goauthentik.io/component: worker template: metadata: labels: app.kubernetes.io/name: {{ include "authentik.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} k8s.goauthentik.io/component: worker spec: {{- if .Values.kubernetesIntegration }} serviceAccountName: {{ include "authentik.fullname" . }}-sa {{- end }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - {{ include "authentik.name" . }} - key: app.kubernetes.io/instance operator: In values: - {{ .Release.Name }} - key: k8s.goauthentik.io/component operator: In values: - worker topologyKey: "kubernetes.io/hostname" containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.name }}:{{ .Values.image.tag }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}" args: [worker] envFrom: - configMapRef: name: "{{ include "authentik.fullname" . }}-config" prefix: "AUTHENTIK_" - secretRef: name: {{ include "authentik.fullname" . }}-secret-key prefix: AUTHENTIK_ env: - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-redis" key: "redis-password" - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-postgresql" key: "postgresql-password" resources: requests: cpu: 150m memory: 400M limits: cpu: 300m memory: 600M