apiVersion: apps/v1 kind: Deployment metadata: name: mi annotations: operator.1password.io/auto-restart: "true" spec: replicas: 1 template: spec: volumes: - name: vol persistentVolumeClaim: claimName: mi - name: backup persistentVolumeClaim: claimName: mi-backup - name: bluesky secret: secretName: mi-bluesky - name: irc secret: secretName: mi-irc - name: twitch secret: secretName: mi-twitch - name: mastodon secret: secretName: mi-mastodon securityContext: fsGroup: 1000 containers: - name: main image: ghcr.io/xe/x/mi:latest imagePullPolicy: "Always" resources: limits: cpu: "500m" memory: "1024Mi" requests: cpu: "100m" memory: "512Mi" securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault livenessProbe: httpGet: path: /healthz port: 8080 httpHeaders: - name: X-Kubernetes value: "is kinda okay" initialDelaySeconds: 3 periodSeconds: 3 env: - name: BIND value: ":8080" - name: DB_LOC value: "/data/mi.db" - name: BACKUP_DB_LOC value: "/srv/backup/mi.db" - name: INTERNAL_BIND value: ":9195" volumeMounts: - name: vol mountPath: "/data" - name: backup mountPath: "/srv/backup" - name: bluesky readOnly: true mountPath: "/run/secrets/bluesky" - name: irc readOnly: true mountPath: "/run/secrets/irc" - name: twitch readOnly: true mountPath: "/run/secrets/twitch" - name: mastodon readOnly: true mountPath: "/run/secrets/mastodon"