blob: 257ed14fde331cb883d10a097f122ab2d4ea34e2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
apiVersion: v1
kind: ConfigMap
metadata:
name: future-sight
namespace: future-sight
labels:
app.kubernetes.io/name: future-sight
data:
BUCKET_NAME: xesite-preview-versions
DATA_DIR: /cache
NATS_URL: nats://nats:4222
VALKEY_HOST: valkey:6379
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: future-sight
namespace: future-sight
labels:
app.kubernetes.io/name: future-sight
xeiaso.net/role: web
annotations:
operator.1password.io/auto-restart: "true"
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: future-sight
xeiaso.net/role: web
template:
metadata:
namespace: future-sight
labels:
app.kubernetes.io/name: future-sight
xeiaso.net/role: web
spec:
volumes:
- name: tigris
secret:
secretName: tigris-creds
- name: cache
emptyDir: {}
securityContext:
fsGroup: 1000
containers:
- name: main
image: ghcr.io/xe/x/future-sight:latest
imagePullPolicy: Always
resources:
limits:
cpu: "250m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "256Mi"
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
livenessProbe:
httpGet:
path: /healthz
port: 8080
httpHeaders:
- name: X-Kubernetes
value: "is kinda okay"
initialDelaySeconds: 3
periodSeconds: 3
volumeMounts:
- name: tigris
mountPath: /run/secrets/tigris
- name: cache
mountPath: /cache
envFrom:
- configMapRef:
name: valkey-secret
- configMapRef:
name: future-sight
|
