apiVersion: apps/v1 kind: Deployment metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ocis app.kubernetes.io/version: 7.1.4 helm.sh/chart: ocis-0.7.0 name: proxy namespace: ocis spec: replicas: 1 selector: matchLabels: app: proxy strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/config: 941efbdfcec62bd56f340d707523e4dbbdaef0b8501880d4fa52a89ccc0e3233 labels: app: proxy app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ocis app.kubernetes.io/version: 7.1.4 helm.sh/chart: ocis-0.7.0 spec: containers: - args: - proxy - server command: - ocis env: - name: MICRO_REGISTRY value: nats-js-kv - name: MICRO_REGISTRY_ADDRESS value: nats:9233 - name: OCIS_CACHE_STORE value: nats-js-kv - name: OCIS_CACHE_STORE_NODES value: nats:9233 - name: OCIS_CACHE_DISABLE_PERSISTENCE value: "true" - name: OCIS_EVENTS_ENDPOINT value: nats:9233 - name: PROXY_LOG_COLOR value: "false" - name: PROXY_LOG_LEVEL value: info - name: PROXY_LOG_PRETTY value: "false" - name: PROXY_TRACING_ENABLED value: "false" - name: PROXY_TRACING_TYPE value: jaeger - name: PROXY_TRACING_ENDPOINT value: null - name: PROXY_TRACING_COLLECTOR value: null - name: PROXY_DEBUG_PPROF value: "false" - name: PROXY_HTTP_ADDR value: 0.0.0.0:9200 - name: PROXY_DEBUG_ADDR value: 0.0.0.0:9205 - name: PROXY_OIDC_ISSUER value: https://drive.minikube - name: PROXY_TLS value: "false" - name: PROXY_OIDC_INSECURE value: "true" - name: PROXY_JWT_SECRET valueFrom: secretKeyRef: key: jwt-secret name: ocis-jwt-secret - name: PROXY_MACHINE_AUTH_API_KEY valueFrom: secretKeyRef: key: machine-auth-api-key name: ocis-machine-auth-api-key - name: PROXY_SERVICE_ACCOUNT_ID valueFrom: configMapKeyRef: key: service-account-id name: auth-service - name: PROXY_SERVICE_ACCOUNT_SECRET valueFrom: secretKeyRef: key: service-account-secret name: ocis-service-account-secret - name: PROXY_CSP_CONFIG_FILE_LOCATION value: /etc/ocis/csp.yaml - name: PROXY_AUTOPROVISION_ACCOUNTS value: "false" image: owncloud/ocis:7.1.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: metrics-debug initialDelaySeconds: 60 periodSeconds: 20 timeoutSeconds: 10 name: proxy ports: - containerPort: 9200 name: http - containerPort: 9205 name: metrics-debug resources: requests: cpu: 10m memory: 96Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /etc/ocis name: configs nodeSelector: {} securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault volumes: - configMap: name: proxy-config name: configs