apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: authelia

labels:
- pairs:
    app.kubernetes.io/instance: authelia

resources:
- ../dch-root-ca
- secrets.yaml
- redis.yaml
- authelia.yaml
- oidc-cluster-admin.yaml

replicas:
- name: authelia
  count: 2

configMapGenerator:
- name: authelia
  namespace: authelia
  files:
  - configuration.yml
- name: postgresql-ca
  namespace: authelia
  files:
  - postgresql-ca.crt

patches:
- patch: |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: authelia
      namespace: authelia
    spec:
      template:
        spec:
          containers:
          - name: authelia
            env:
            - name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
              value: /run/authelia/secrets/postgresql/password
            volumeMounts:
            - mountPath: /run/authelia/certs/postgresql-ca.crt
              name: postgresql-ca
              subPath: postgresql-ca.crt
            - mountPath: /run/authelia/certs/dch-root-ca.crt
              name: dch-root-ca
              subPath: dch-root-ca.crt
            - mountPath: /run/authelia/secrets/postgresql
              name: postgresql-auth
          volumes:
          - name: postgresql-auth
            secret:
              secretName: authelia.authelia.default.credentials.postgresql.acid.zalan.do
          - name: postgresql-ca
            configMap:
              name: postgresql-ca
          - name: dch-root-ca
            configMap:
              name: dch-root-ca