From 217bc2da52b1d905a3f8ffda1c8a198740f50587 Mon Sep 17 00:00:00 2001
From: prettysunflower <me@prettysunflower.moe>
Date: Sat, 31 May 2025 22:47:45 +0200
Subject: [PATCH] apps(pocketid): Added Pocket-ID to deployment

---
 apps/pocketid/configmap.yaml     |  7 +++++
 apps/pocketid/deployment.yaml    | 52 ++++++++++++++++++++++++++++++++
 apps/pocketid/kustomization.yaml |  5 +++
 apps/pocketid/pvc.yaml           | 11 +++++++
 apps/pocketid/services.yaml      | 13 ++++++++
 5 files changed, 88 insertions(+)
 create mode 100644 apps/pocketid/configmap.yaml
 create mode 100644 apps/pocketid/deployment.yaml
 create mode 100644 apps/pocketid/kustomization.yaml
 create mode 100644 apps/pocketid/pvc.yaml
 create mode 100644 apps/pocketid/services.yaml

diff --git a/apps/pocketid/configmap.yaml b/apps/pocketid/configmap.yaml
new file mode 100644
index 0000000..ae5df5d
--- /dev/null
+++ b/apps/pocketid/configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pocketid-config
+data:
+  APP_URL: "https://auth.remilia.ch"
+  TRUST_PROXY: "true"
\ No newline at end of file
diff --git a/apps/pocketid/deployment.yaml b/apps/pocketid/deployment.yaml
new file mode 100644
index 0000000..ee35dc8
--- /dev/null
+++ b/apps/pocketid/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pocketid
+  labels:
+    app.kubernetes.io/name: pocketid
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pocketid
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pocketid
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: location
+                operator: In
+                values:
+                - fsn
+      volumes:
+        - name: pocketid-data
+          persistentVolumeClaim:
+            claimName: pocketid-data-pvc
+      containers:
+        - name: pocketid
+          image: ghcr.io/pocket-id/pocket-id:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 1411
+          envFrom:
+            - configMapRef:
+                name: pocketid-config
+          volumeMounts:
+          - name: pocketid-data
+            mountPath: "/app/data"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
\ No newline at end of file
diff --git a/apps/pocketid/kustomization.yaml b/apps/pocketid/kustomization.yaml
new file mode 100644
index 0000000..8452915
--- /dev/null
+++ b/apps/pocketid/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+  - configmap.yaml
+  - deployment.yaml
+  - pvc.yaml
+  - services.yaml
\ No newline at end of file
diff --git a/apps/pocketid/pvc.yaml b/apps/pocketid/pvc.yaml
new file mode 100644
index 0000000..7b04cd9
--- /dev/null
+++ b/apps/pocketid/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pocketid-data-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 2Gi
\ No newline at end of file
diff --git a/apps/pocketid/services.yaml b/apps/pocketid/services.yaml
new file mode 100644
index 0000000..26ee2f2
--- /dev/null
+++ b/apps/pocketid/services.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pocketid
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: pocketid
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 1411
+      name: http
\ No newline at end of file