apiVersion: apps/v1 kind: Deployment metadata: name: xesite spec: selector: matchLabels: app.kubernetes.io/name: xesite template: metadata: labels: app.kubernetes.io/name: xesite spec: volumes: - name: cache persistentVolumeClaim: claimName: xesite-cache - name: data emptyDir: {} - name: anubis configMap: name: anubis-cfg containers: - name: web image: ghcr.io/xe/site/bin:latest imagePullPolicy: Always env: - name: "BIND" value: ":3000" - name: "INTERNAL_API_BIND" value: ":3001" - name: "DATA_DIR" value: "/xe/data" - name: "SITE_URL" value: "https://xeiaso.net" - name: "ONION_DOMAIN" value: "gi3bsuc5ci2dr4xbh5b3kja5c6p5zk226ymgszzx7ngmjpc25tmnhaqd.onion" - name: "REDIRECT_DOMAIN" value: "xeiaso.net" - name: "PATREON_SAASPROXY_URL" value: "http://xesite-patreon-saasproxy.default.svc" envFrom: - secretRef: name: xesite ports: - containerPort: 3000 name: http volumeMounts: - mountPath: "/xe/data" name: data #- mountPath: "/root/.cache" # name: cache readinessProbe: httpGet: path: /healthz port: 3001 httpHeaders: - name: X-Kubernetes value: "Is alright, I guess" initialDelaySeconds: 60 periodSeconds: 5 failureThreshold: 69 livenessProbe: httpGet: path: /healthz port: 3001 httpHeaders: - name: X-Kubernetes value: "Is alright, I guess" initialDelaySeconds: 30 periodSeconds: 30 - name: anubis image: ghcr.io/techarohq/anubis:latest imagePullPolicy: Always env: - name: "BIND" value: ":8081" - name: "DIFFICULTY" value: "4" - name: "METRICS_BIND" value: ":9090" - name: "POLICY_FNAME" value: "/xe/cfg/anubis/botPolicies.yaml" - name: "SERVE_ROBOTS_TXT" value: "false" - name: "TARGET" value: "http://localhost:3000" # - name: "SLOG_LEVEL" # value: "debug" volumeMounts: - name: anubis mountPath: /xe/cfg/anubis resources: limits: cpu: 500m memory: 128Mi requests: cpu: 250m memory: 128Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault