apiVersion: apps/v1 kind: Deployment metadata: name: mise namespace: '{{ .Values.namespace }}' spec: replicas: 2 selector: matchLabels: app: mise template: metadata: labels: app: mise spec: containers: - name: mise image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}@{{ .Values.imageDigest }}" ports: - containerPort: 8080 livenessProbe: httpGet: path: /healthz port: 8080 readinessProbe: httpGet: path: /readyz port: 8080 env: - name: AzureAd__Instance value: '{{ .Values.azureAdInstance }}' - name: AzureAd__ClientId value: '{{ .Values.firstPartyAppId }}' - name: AzureAd__TenantId value: '{{ .Values.tenantId }}' - name: AzureAd__Audience value: "api://{{ .Values.firstPartyAppId }}" - name: AzureAd__InboundPolicies__0__Label value: "ARM Policy" - name: AzureAd__InboundPolicies__0__Authority value: "{{ .Values.azureAdInstance }}{{ .Values.tenantId }}" - name: AzureAd__InboundPolicies__0__AuthenticationSchemes__0 value: "PoP" - name: AzureAd__InboundPolicies__0__ValidAudiences__0 value: '{{ .Values.armInstance }}' - name: AzureAd__InboundPolicies__0__ValidApplicationIds__0 value: '{{ .Values.armAppId }}' - name: AzureAd__InboundPolicies__0__SignedHttpRequestValidationPolicy value: '{"ValidateTs" : true, "ValidateM" : true, "ValidateU" : true, "ValidateP" : true }' - name: AllowedHosts value: "*" - name: Kestrel__Endpoints__Http__Url value: "http://0.0.0.0:8080"