apiVersion: apps/v1
kind: Deployment
metadata:
  name: freshrss
  namespace: freshrss-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: freshrss
  template:
    metadata:
      labels:
        app: freshrss
    spec:
      strategy:
        type: Recreate
      containers:
      - name: freshrss
        image: freshrss/freshrss
        env:
        - name: CRON_MIN
          value: "*/10"
        - name: OIDC_ENABLED
          value: "1"
        - name: OIDC_SCOPES
          value: "openid profile email"
        - name: OIDC_X_FORWARDED_HEADERS
          value: "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto"
        - name: OIDC_PROVIDER_METADATA_URL
          valueFrom:
            secretKeyRef:
              name: freshrss-oidc-config
              key: OIDC_PROVIDER_METADATA_URL
        - name: OIDC_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: freshrss-oidc-config
              key: OIDC_CLIENT_ID
        - name: OIDC_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: freshrss-oidc-config
              key: OIDC_CLIENT_SECRET
        - name: OIDC_CLIENT_CRYPTO_KEY
          valueFrom:
            secretKeyRef:
              name: freshrss-oidc-config
              key: OIDC_CLIENT_CRYPTO_KEY
        ports:
        - containerPort: 80
        volumeMounts:
        - name: freshrss-storage
          mountPath: /config
      volumes:
      - name: freshrss-storage
        persistentVolumeClaim:
          claimName: freshrss-pvc