manifest/xesite/deployment.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

apiVersion: apps/v1
kind: Deployment
metadata:
  name: xesite
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: xesite
  template:
    metadata:
      labels:
        app.kubernetes.io/name: xesite
    spec:
      volumes:
      - name: cache
        persistentVolumeClaim:
          claimName: xesite-cache
      - name: data
        emptyDir: {}
      - name: anubis
        configMap:
          name: anubis-cfg
      containers:
      - name: web
        image: ghcr.io/xe/site/bin:latest
        imagePullPolicy: Always
        env:
        - name: "BIND"
          value: ":3000"
        - name: "INTERNAL_API_BIND"
          value: ":3001"
        - name: "DATA_DIR"
          value: "/xe/data"
        - name: "SITE_URL"
          value: "https://xeiaso.net"
        - name: "ONION_DOMAIN"
          value: "gi3bsuc5ci2dr4xbh5b3kja5c6p5zk226ymgszzx7ngmjpc25tmnhaqd.onion"
        - name: "REDIRECT_DOMAIN"
          value: "xeiaso.net"
        - name: "PATREON_SAASPROXY_URL"
          value: "http://xesite-patreon-saasproxy.default.svc"
        envFrom:
        - secretRef:
            name: xesite
        ports:
        - containerPort: 3000
          name: http
        volumeMounts:
        - mountPath: "/xe/data"
          name: data
        #- mountPath: "/root/.cache"
        #  name: cache
        readinessProbe:
          httpGet:
            path: /healthz
            port: 3001
            httpHeaders:
            - name: X-Kubernetes
              value: "Is alright, I guess"
          initialDelaySeconds: 60
          periodSeconds: 5
          failureThreshold: 69
        livenessProbe:
          httpGet:
            path: /healthz
            port: 3001
            httpHeaders:
            - name: X-Kubernetes
              value: "Is alright, I guess"
          initialDelaySeconds: 30
          periodSeconds: 30
      - name: anubis
        image: ghcr.io/techarohq/anubis:latest
        imagePullPolicy: Always
        env:
          - name: "BIND"
            value: ":8081"
          - name: "DIFFICULTY"
            value: "4"
          - name: "METRICS_BIND"
            value: ":9090"
          - name: "POLICY_FNAME"
            value: "/xe/cfg/anubis/botPolicies.yaml"
          - name: "SERVE_ROBOTS_TXT"
            value: "false"
          - name: "TARGET"
            value: "http://localhost:3000"
          # - name: "SLOG_LEVEL"
          #   value: "debug"
        volumeMounts:
          - name: anubis
            mountPath: /xe/cfg/anubis
        resources:
          limits:
            cpu: 500m
            memory: 128Mi
          requests:
            cpu: 250m
            memory: 128Mi
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          runAsNonRoot: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - ALL
          seccompProfile:
            type: RuntimeDefault