apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "authentik.fullname" . }}-web labels: app.kubernetes.io/name: {{ include "authentik.name" . }} helm.sh/chart: {{ include "authentik.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} k8s.goauthentik.io/component: web spec: replicas: {{ .Values.serverReplicas }} selector: matchLabels: app.kubernetes.io/name: {{ include "authentik.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} k8s.goauthentik.io/component: web template: metadata: labels: app.kubernetes.io/name: {{ include "authentik.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} k8s.goauthentik.io/component: web spec: automountServiceAccountToken: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - {{ include "authentik.name" . }} - key: app.kubernetes.io/instance operator: In values: - {{ .Release.Name }} - key: k8s.goauthentik.io/component operator: In values: - web topologyKey: "kubernetes.io/hostname" initContainers: - name: authentik-database-migrations image: "{{ .Values.image.name }}:{{ .Values.image.tag }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}" args: [migrate] envFrom: - configMapRef: name: {{ include "authentik.fullname" . }}-config prefix: AUTHENTIK_ - secretRef: name: {{ include "authentik.fullname" . }}-secret-key prefix: AUTHENTIK_ env: - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-redis" key: redis-password - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-postgresql" key: postgresql-password containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.name }}:{{ .Values.image.tag }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}" args: [server] envFrom: - configMapRef: name: {{ include "authentik.fullname" . }}-config prefix: AUTHENTIK_ - secretRef: name: {{ include "authentik.fullname" . }}-secret-key prefix: AUTHENTIK_ env: - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-redis" key: "redis-password" - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: "{{ .Release.Name }}-postgresql" key: "postgresql-password" {{ if .Values.geoip.enabled -}} - name: AUTHENTIK_AUTHENTIK__GEOIP value: /geoip/GeoLite2-City.mmdb {{- end }} volumeMounts: - name: authentik-uploads mountPath: /media {{ if .Values.geoip.enabled -}} - name: geoip mountPath: /geoip {{- end }} ports: - name: http containerPort: 8000 protocol: TCP livenessProbe: httpGet: path: /-/health/live/ port: http initialDelaySeconds: 15 periodSeconds: 30 readinessProbe: httpGet: path: /-/health/ready/ port: http initialDelaySeconds: 15 periodSeconds: 30 resources: requests: cpu: 100m memory: 300M limits: cpu: 300m memory: 600M volumes: - name: authentik-uploads persistentVolumeClaim: claimName: {{ include "authentik.fullname" . }}-uploads {{ if .Values.geoip.enabled -}} - name: geoip persistentVolumeClaim: claimName: {{ include "authentik.fullname" . }}-geoip {{- end }}