--- apiVersion: apps/v1 kind: Deployment metadata: name: authentik-worker namespace: authentik spec: replicas: 1 selector: matchLabels: app: authentik component: worker template: metadata: labels: app: authentik component: worker spec: containers: - name: worker image: registry.ops.eblu.me/blumeops/authentik:kustomized args: ["worker"] env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-config key: secret-key - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: secretKeyRef: name: authentik-config key: postgresql-host - name: AUTHENTIK_POSTGRESQL__PORT valueFrom: secretKeyRef: name: authentik-config key: postgresql-port - name: AUTHENTIK_POSTGRESQL__NAME valueFrom: secretKeyRef: name: authentik-config key: postgresql-name - name: AUTHENTIK_POSTGRESQL__USER valueFrom: secretKeyRef: name: authentik-config key: postgresql-user - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-config key: postgresql-password - name: AUTHENTIK_REDIS__HOST value: authentik-redis - name: AUTHENTIK_WORKER_CONCURRENCY value: "2" - name: AUTHENTIK_GRAFANA_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: grafana-client-secret - name: AUTHENTIK_FORGEJO_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: forgejo-client-secret - name: AUTHENTIK_ZOT_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: zot-client-secret - name: AUTHENTIK_JELLYFIN_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: jellyfin-client-secret - name: AUTHENTIK_MEALIE_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: mealie-client-secret - name: AUTHENTIK_PAPERLESS_CLIENT_SECRET valueFrom: secretKeyRef: name: authentik-config key: paperless-client-secret volumeMounts: - name: blueprints mountPath: /blueprints/custom readOnly: true resources: requests: memory: "512Mi" cpu: "100m" limits: memory: "2Gi" cpu: "1000m" volumes: - name: blueprints configMap: name: authentik-blueprints