--- apiVersion: apps/v1 kind: Deployment metadata: labels: app: grist name: grist namespace: grist spec: replicas: 1 selector: matchLabels: app: grist template: metadata: labels: app: grist spec: containers: - name: grist image: gristlabs/grist:latest env: - name: PORT value: "8080" - name: GRIST_SANDBOX_FLAVOR value: gvisor - name: GRIST_FORCE_LOGIN value: "true" - name: APP_HOME_URL value: https://grist.strudelline.net - name: GRIST_SINGLE_ORG value: docs - name: GRIST_FORWARD_AUTH_HEADER value: X-Forwarded-Email #- name: GRIST_FORWARD_AUTH_LOGIN_PATH # value: /oauth2/sign_in - name: GRIST_FORWARD_AUTH_LOGOUT_PATH value: /oauth2/sign_out - name: GRIST_SESSION_SECRET valueFrom: secretKeyRef: name: grist-session-secret key: password ports: - containerPort: 8080 name: http protocol: TCP imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /persist name: grist-persist - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 args: - --http-address=0.0.0.0:4180 - --config=/config.cfg ports: - containerPort: 4180 name: http protocol: TCP volumeMounts: - mountPath: /config.cfg name: oauth2-proxy-config subPath: oauth2-proxy.cfg imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: http scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 restartPolicy: Always volumes: - name: grist-persist persistentVolumeClaim: claimName: grist-persist - name: oauth2-proxy-config secret: optional: false secretName: oidc-secret