apps/hedgedoc/resources/deployment.yaml

74 lines
1.8 KiB
YAML
Raw Normal View History

2023-11-14 21:12:33 +00:00
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hedgedoc
spec:
selector:
matchLabels:
app.kubernetes.io/name: hedgedoc
template:
metadata:
labels:
app.kubernetes.io/name: hedgedoc
spec:
containers:
- name: hedgedoc
image: hedgedoc
2023-12-21 13:56:26 +00:00
env:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-hedgedoc
key: uri
- name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt
2023-11-14 21:12:33 +00:00
envFrom:
- secretRef:
name: hedgedoc-base-config
- secretRef:
name: hedgedoc-secret-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: upload-tmp
mountPath: /tmp
2023-12-21 13:56:26 +00:00
- name: pg-certs
mountPath: /certs
readOnly: true
2023-11-14 21:12:33 +00:00
resources:
requests:
memory: "168Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
2023-12-21 13:56:26 +00:00
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
2023-11-14 21:12:33 +00:00
volumes:
- name: upload-tmp
emptyDir:
2023-12-21 13:56:26 +00:00
sizeLimit: 500Mi
- name: pg-certs
secret:
secretName: default-cluster-cluster-cert