--- apiVersion: apps/v1 kind: Deployment metadata: name: auth-proxy labels: app: auth-proxy spec: replicas: 1 selector: matchLabels: app: auth-proxy template: metadata: labels: app: auth-proxy spec: containers: - name: auth-proxy image: ultradesu/rsauth2-proxy:0.1.0 ports: - containerPort: 8080 name: http protocol: TCP envFrom: - secretRef: name: auth-proxy-creds env: - name: AUTH_PROXY_OIDC_ISSUER value: "https://auth.hexor.cy/auth/realms/hexor" - name: AUTH_PROXY_COOKIE_DOMAIN value: ".hexor.cy" - name: AUTH_PROXY_CALLBACK_URL value: "https://oauth.hexor.cy/callback" - name: AUTH_PROXY_ROUTES_FILE value: "/config/routes.yaml" - name: AUTH_PROXY_LOG_LEVEL value: "debug" volumeMounts: - name: routes mountPath: /config readOnly: true resources: requests: cpu: 50m memory: 32Mi limits: cpu: 200m memory: 64Mi readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 10 livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 capabilities: drop: - ALL volumes: - name: routes configMap: name: auth-proxy-routes nodeSelector: kubernetes.io/hostname: master.tail2fe2d.ts.net tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule