securityContext:
  allowPrivilegeEscalation: false
  runAsUser: 990
  runAsGroup: 990
containers:
- name: app
  image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
  args:
  - "run"
  - "--listener"
  - "/config/listener.yml"
  env:
  - name: "WHAWTY_AUTH_STORE_CONFIG"
    value: "/config/store.yml"
  volumeMounts:
  - name: config
    mountPath: /config
    readOnly: true
  - name: tls
    mountPath: /tls
    readOnly: true
  - name: store
    mountPath: /store
  ports:
  - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }}
    hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }}
{% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %}
    hostIP: "127.0.0.1"
{% endif %}
{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
- name: sync
  image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
  args:
  - "server"
  volumeMounts:
  - name: sync
    mountPath: /config
    readOnly: true
  - name: store
    mountPath: /store
    readOnly: true
  ports:
  - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
    hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
{% endif %}
volumes:
- name: config
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/config"
    type: Directory
- name: tls
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/tls"
    type: Directory
- name: store
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/store"
    type: Directory
{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
- name: sync
  hostPath:
    path: "{{ whawty_auth_instance_basepath }}/sync"
    type: Directory
{% endif %}