apps/snips/resources/statefulset.yaml

170 lines
4.8 KiB
YAML
Raw Normal View History

2024-03-06 22:11:07 +01:00
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: snips
spec:
replicas: 1
serviceName: snips
selector:
matchLabels:
app.kubernetes.io/name: snips
template:
metadata:
labels:
app.kubernetes.io/name: snips
spec:
initContainers:
- name: init-litestream
image: litestream
2024-05-07 16:57:15 +02:00
args: ['restore', '-replica=Garage', '-if-db-not-exists', '-if-replica-exists', '/data/snips.db']
2024-03-06 22:11:07 +01:00
env:
- name: LITESTREAM_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: snips-secrets
2024-05-07 13:51:08 +02:00
key: garage-access-key
2024-03-06 22:11:07 +01:00
- name: LITESTREAM_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: snips-secrets
2024-05-07 13:51:08 +02:00
key: garage-secret-key
volumeMounts:
- name: data
mountPath: /data
- name: litestream-config
mountPath: /etc/litestream.yml
subPath: litestream.yml
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
2024-03-06 22:11:07 +01:00
containers:
- name: snips
image: snips
envFrom:
- configMapRef:
name: snips-config
env:
- name: SNIPS_HMACKEY
valueFrom:
secretKeyRef:
name: snips-secrets
key: hmackey
2024-05-09 15:25:36 +02:00
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
2024-03-06 22:11:07 +01:00
ports:
- containerPort: 8080
protocol: TCP
name: http
- containerPort: 2222
protocol: TCP
name: ssh
livenessProbe:
tcpSocket:
port: 2222
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
tcpSocket:
port: 2222
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 50Mi
volumeMounts:
- name: snips-secrets
readOnly: true
mountPath: /etc/snips
- name: data
mountPath: /data
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
2024-03-06 22:11:07 +01:00
- name: litestream
image: litestream
args: ['replicate']
volumeMounts:
- name: data
mountPath: /data
- name: litestream-config
mountPath: /etc/litestream.yml
subPath: litestream.yml
env:
- name: LITESTREAM_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: snips-secrets
2024-05-07 13:51:08 +02:00
key: garage-access-key
2024-03-06 22:11:07 +01:00
- name: LITESTREAM_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: snips-secrets
2024-05-07 13:51:08 +02:00
key: garage-secret-key
2024-03-06 22:11:07 +01:00
readinessProbe:
httpGet:
path: /metrics
port: 9090
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
httpGet:
path: /metrics
port: 9090
initialDelaySeconds: 5
periodSeconds: 5
ports:
- name: metrics
containerPort: 9090
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
2024-03-06 22:11:07 +01:00
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- snips
topologyKey: topology.kubernetes.io/zone
volumes:
2024-05-07 16:01:43 +02:00
- name: data
emptyDir: {}
2024-03-06 22:11:07 +01:00
- name: snips-secrets
secret:
secretName: snips-secrets
items:
- key: authorized_keys
path: authorized_keys
- key: snips
path: snips
- key: snips.pub
path: snips.pub
- name: litestream-config
configMap:
2024-05-09 15:25:36 +02:00
name: litestream-config