securityContext: allowPrivilegeEscalation: false runAsUser: 990 runAsGroup: 990 containers: - name: app image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}" args: - "--store" - "/config/store.yml" - "run" - "--web-addr" - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" {% if 'tls' in whawty_auth_instances[whawty_auth_instance] %} - "--web-config" - "/config/web.yml" {% endif %} volumeMounts: - name: config mountPath: /config readOnly: true - name: store mountPath: /store env: {# TODO: remove debug output #} - name: WHAWTY_AUTH_DEBUG value: "1" ports: - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }} hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }} {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} - name: sync image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}" args: - "server" volumeMounts: - name: sync mountPath: /config readOnly: true - name: store mountPath: /store readOnly: true ports: - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} {% endif %} volumes: - name: config hostPath: path: "{{ whawty_auth_instance_basepath }}/config" type: Directory - name: store hostPath: path: "{{ whawty_auth_instance_basepath }}/store" type: Directory {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} - name: sync hostPath: path: "{{ whawty_auth_instance_basepath }}/sync" type: Directory {% endif %}