2024-03-06 21:11:07 +00:00
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
|
|
kind: StatefulSet
|
|
|
|
metadata:
|
|
|
|
name: snips
|
|
|
|
spec:
|
|
|
|
replicas: 1
|
|
|
|
serviceName: snips
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
|
|
|
app.kubernetes.io/name: snips
|
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
|
|
|
app.kubernetes.io/name: snips
|
|
|
|
spec:
|
|
|
|
initContainers:
|
|
|
|
- name: init-litestream
|
|
|
|
image: litestream
|
2024-05-07 14:57:15 +00:00
|
|
|
args: ['restore', '-replica=Garage', '-if-db-not-exists', '-if-replica-exists', '/data/snips.db']
|
2024-03-06 21:11:07 +00:00
|
|
|
env:
|
|
|
|
- name: LITESTREAM_ACCESS_KEY_ID
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: snips-secrets
|
2024-05-07 11:51:08 +00:00
|
|
|
key: garage-access-key
|
2024-03-06 21:11:07 +00:00
|
|
|
- name: LITESTREAM_SECRET_ACCESS_KEY
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: snips-secrets
|
2024-05-07 11:51:08 +00:00
|
|
|
key: garage-secret-key
|
2024-05-07 14:07:29 +00:00
|
|
|
volumeMounts:
|
|
|
|
- name: data
|
|
|
|
mountPath: /data
|
|
|
|
- name: litestream-config
|
|
|
|
mountPath: /etc/litestream.yml
|
|
|
|
subPath: litestream.yml
|
|
|
|
securityContext:
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
readOnlyRootFilesystem: true
|
2024-03-06 21:11:07 +00:00
|
|
|
containers:
|
|
|
|
- name: snips
|
|
|
|
image: snips
|
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: snips-config
|
|
|
|
env:
|
|
|
|
- name: SNIPS_HMACKEY
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: snips-secrets
|
|
|
|
key: hmackey
|
|
|
|
ports:
|
|
|
|
- containerPort: 8080
|
|
|
|
protocol: TCP
|
|
|
|
name: http
|
|
|
|
- containerPort: 2222
|
|
|
|
protocol: TCP
|
|
|
|
name: ssh
|
|
|
|
livenessProbe:
|
|
|
|
tcpSocket:
|
|
|
|
port: 2222
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
periodSeconds: 5
|
|
|
|
readinessProbe:
|
|
|
|
tcpSocket:
|
|
|
|
port: 2222
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
periodSeconds: 5
|
|
|
|
resources:
|
|
|
|
limits:
|
|
|
|
cpu: 100m
|
|
|
|
memory: 200Mi
|
|
|
|
requests:
|
|
|
|
cpu: 50m
|
|
|
|
memory: 50Mi
|
|
|
|
volumeMounts:
|
|
|
|
- name: snips-secrets
|
|
|
|
readOnly: true
|
|
|
|
mountPath: /etc/snips
|
|
|
|
- name: data
|
|
|
|
mountPath: /data
|
2024-05-07 14:07:29 +00:00
|
|
|
securityContext:
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
readOnlyRootFilesystem: true
|
2024-03-06 21:11:07 +00:00
|
|
|
- name: litestream
|
|
|
|
image: litestream
|
|
|
|
args: ['replicate']
|
|
|
|
volumeMounts:
|
|
|
|
- name: data
|
|
|
|
mountPath: /data
|
|
|
|
- name: litestream-config
|
|
|
|
mountPath: /etc/litestream.yml
|
|
|
|
subPath: litestream.yml
|
|
|
|
env:
|
|
|
|
- name: LITESTREAM_ACCESS_KEY_ID
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: snips-secrets
|
2024-05-07 11:51:08 +00:00
|
|
|
key: garage-access-key
|
2024-03-06 21:11:07 +00:00
|
|
|
- name: LITESTREAM_SECRET_ACCESS_KEY
|
|
|
|
valueFrom:
|
|
|
|
secretKeyRef:
|
|
|
|
name: snips-secrets
|
2024-05-07 11:51:08 +00:00
|
|
|
key: garage-secret-key
|
2024-03-06 21:11:07 +00:00
|
|
|
readinessProbe:
|
|
|
|
httpGet:
|
|
|
|
path: /metrics
|
|
|
|
port: 9090
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
periodSeconds: 5
|
|
|
|
livenessProbe:
|
|
|
|
httpGet:
|
|
|
|
path: /metrics
|
|
|
|
port: 9090
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
periodSeconds: 5
|
|
|
|
ports:
|
|
|
|
- name: metrics
|
|
|
|
containerPort: 9090
|
2024-05-07 14:07:29 +00:00
|
|
|
securityContext:
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
fsGroup: 1000
|
|
|
|
runAsNonRoot: true
|
2024-03-06 21:11:07 +00:00
|
|
|
affinity:
|
|
|
|
podAntiAffinity:
|
|
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
- weight: 100
|
|
|
|
podAffinityTerm:
|
|
|
|
labelSelector:
|
|
|
|
matchExpressions:
|
|
|
|
- key: app.kubernetes.io/name
|
|
|
|
operator: In
|
|
|
|
values:
|
|
|
|
- snips
|
|
|
|
topologyKey: topology.kubernetes.io/zone
|
|
|
|
volumes:
|
2024-05-07 14:01:43 +00:00
|
|
|
- name: data
|
|
|
|
emptyDir: {}
|
2024-03-06 21:11:07 +00:00
|
|
|
- name: snips-secrets
|
|
|
|
secret:
|
|
|
|
secretName: snips-secrets
|
|
|
|
items:
|
|
|
|
- key: authorized_keys
|
|
|
|
path: authorized_keys
|
|
|
|
- key: snips
|
|
|
|
path: snips
|
|
|
|
- key: snips.pub
|
|
|
|
path: snips.pub
|
|
|
|
- name: litestream-config
|
|
|
|
configMap:
|
2024-05-07 14:01:43 +00:00
|
|
|
name: litestream-config
|