apiVersion: apps/v1 kind: Deployment metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git ignore-check.kube-linter.io/env-var-secret: IDP_ENCRYPTION_SECRET_FILE is no secret, it's the file path to the secret labels: app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ocis app.kubernetes.io/version: 7.1.4 helm.sh/chart: ocis-0.7.0 name: idp namespace: ocis spec: replicas: 1 selector: matchLabels: app: idp strategy: type: Recreate template: metadata: labels: app: idp app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ocis app.kubernetes.io/version: 7.1.4 helm.sh/chart: ocis-0.7.0 spec: containers: - args: - idp - server command: - ocis env: - name: MICRO_REGISTRY value: nats-js-kv - name: MICRO_REGISTRY_ADDRESS value: nats:9233 - name: IDP_LOG_COLOR value: "false" - name: IDP_LOG_LEVEL value: debug - name: IDP_LOG_PRETTY value: "false" - name: IDP_TRACING_ENABLED value: "false" - name: IDP_TRACING_TYPE value: jaeger - name: IDP_TRACING_ENDPOINT value: null - name: IDP_TRACING_COLLECTOR value: null - name: IDP_DEBUG_PPROF value: "false" - name: IDP_HTTP_ADDR value: 0.0.0.0:9130 - name: IDP_DEBUG_ADDR value: 0.0.0.0:9134 - name: OCIS_URL value: https://drive.tr1ceracop.de - name: IDP_LDAP_URI value: ldaps://idm:9235 - name: IDP_LDAP_TLS_CACERT value: /etc/ocis/ldap-ca/ldap-ca.crt - name: IDP_LDAP_BIND_PASSWORD valueFrom: secretKeyRef: key: idp-ldap-bind-password name: ocis-ldap-bind-secrets - name: IDP_SIGNING_PRIVATE_KEY_FILES value: /etc/ocis/idp/private-key.pem - name: IDP_ENCRYPTION_SECRET_FILE value: /etc/ocis/idp/encryption.key image: owncloud/ocis:7.1.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: metrics-debug initialDelaySeconds: 60 periodSeconds: 20 timeoutSeconds: 10 name: idp ports: - containerPort: 9130 name: http - containerPort: 9134 name: metrics-debug resources: requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /var/lib/ocis name: ocis-data-tmp - mountPath: /etc/ocis/ldap-ca name: ldap-ca readOnly: true - mountPath: /etc/ocis/idp name: idp-secrets readOnly: true nodeSelector: {} securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault volumes: - emptyDir: {} name: ocis-data-tmp - name: ldap-ca secret: items: - key: tls.crt path: ldap-ca.crt secretName: ocis-ldap-ca-tls - name: idp-secrets projected: sources: - secret: items: - key: encryption.key path: encryption.key name: ocis-idp-encryption - secret: items: - key: tls.key path: private-key.pem name: ocis-idp-rsa