84 lines
2.1 KiB
YAML
84 lines
2.1 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: grist
|
|
name: grist
|
|
namespace: grist
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: grist
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: grist
|
|
spec:
|
|
containers:
|
|
- name: grist
|
|
image: gristlabs/grist:latest
|
|
env:
|
|
- name: PORT
|
|
value: "8080"
|
|
- name: GRIST_SANDBOX_FLAVOR
|
|
value: gvisor
|
|
- name: GRIST_FORCE_LOGIN
|
|
value: "true"
|
|
- name: APP_HOME_URL
|
|
value: https://grist.strudelline.net
|
|
- name: GRIST_SINGLE_ORG
|
|
value: docs
|
|
- name: GRIST_FORWARD_AUTH_HEADER
|
|
value: X-Forwarded-Email
|
|
#- name: GRIST_FORWARD_AUTH_LOGIN_PATH
|
|
# value: /oauth2/sign_in
|
|
- name: GRIST_FORWARD_AUTH_LOGOUT_PATH
|
|
value: /oauth2/sign_out
|
|
- name: GRIST_SESSION_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: grist-session-secret
|
|
key: password
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
imagePullPolicy: IfNotPresent
|
|
volumeMounts:
|
|
- mountPath: /persist
|
|
name: grist-persist
|
|
- name: oauth2-proxy
|
|
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
|
|
args:
|
|
- --http-address=0.0.0.0:4180
|
|
- --config=/config.cfg
|
|
ports:
|
|
- containerPort: 4180
|
|
name: http
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /config.cfg
|
|
name: oauth2-proxy-config
|
|
subPath: oauth2-proxy.cfg
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /ping
|
|
port: http
|
|
scheme: HTTP
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: grist-persist
|
|
persistentVolumeClaim:
|
|
claimName: grist-persist
|
|
- name: oauth2-proxy-config
|
|
secret:
|
|
optional: false
|
|
secretName: oidc-secret
|