apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: authelia

labels:
- pairs:
    app.kubernetes.io/instance: authelia

resources:
- ../dch-root-ca
- secrets.yaml
- redis.yaml
- authelia.yaml
- oidc-cluster-admin.yaml
- postgres-cert.yaml

replicas:
- name: authelia
  count: 2

configMapGenerator:
- name: authelia
  namespace: authelia
  files:
  - configuration.yml

patches:
- patch: |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: authelia
      namespace: authelia
    spec:
      template:
        spec:
          containers:
          - name: authelia
            env:
            - name: AUTHELIA_STORAGE_POSTGRES_TLS_CERTIFICATE_CHAIN_FILE
              value: /run/authelia/certs/postgresql/tls.crt
            - name: AUTHELIA_STORAGE_POSTGRES_TLS_PRIVATE_KEY_FILE
              value: /run/authelia/certs/postgresql/tls.key
            volumeMounts:
            - mountPath: /run/authelia/certs/dch-root-ca.crt
              name: dch-root-ca
              subPath: dch-root-ca.crt
            - mountPath: /run/authelia/certs/postgresql
              name: postgresql-cert
          volumes:
          - name: postgresql-cert
            secret:
              secretName: postgres-client-cert
          - name: dch-root-ca
            configMap:
              name: dch-root-ca
images:
- name: ghcr.io/authelia/authelia
  newTag: 4.38.12