# auth-svc — SSO, JWT, Bearer validation (better-auth) # namespace: gooseek-auth # BETTER_AUTH_URL — для callback/redirect (https://gooseek.ru) # docs/architecture: 02-k3s-microservices-spec.md apiVersion: apps/v1 kind: Deployment metadata: name: auth-svc namespace: gooseek-auth spec: replicas: 1 selector: matchLabels: app: auth-svc template: metadata: labels: app: auth-svc spec: containers: - name: auth-svc image: gooseek/auth-svc:latest imagePullPolicy: Never ports: - containerPort: 3014 env: - name: PORT value: "3014" - name: BETTER_AUTH_URL valueFrom: configMapKeyRef: name: gooseek-env key: better-auth-url - name: AUTH_SERVICE_URL value: "http://auth-svc.gooseek-auth:3014" - name: TRUSTED_ORIGINS valueFrom: configMapKeyRef: name: gooseek-env key: trusted-origins - name: DATABASE_PATH value: "/data/auth.db" - name: BETTER_AUTH_TELEMETRY value: "0" volumeMounts: - name: auth-data mountPath: /data livenessProbe: httpGet: path: /health port: 3014 initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 3014 initialDelaySeconds: 3 periodSeconds: 5 resources: requests: cpu: 50m memory: 128Mi limits: cpu: 500m memory: 512Mi volumes: - name: auth-data persistentVolumeClaim: claimName: auth-data-pvc --- apiVersion: v1 kind: Service metadata: name: auth-svc namespace: gooseek-auth spec: selector: app: auth-svc ports: - port: 3014 targetPort: 3014 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: auth-data-pvc namespace: gooseek-auth spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi