apps/umami/resources/deployment.yaml

103 lines
2.6 KiB
YAML

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: umami
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: umami
template:
metadata:
labels:
app.kubernetes.io/name: umami
spec:
initContainers:
- name: init-db
image: umami
command:
- /app/node_modules/.bin/npm-run-all
args:
- check-db
- update-tracker
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-umami
key: PQ_URL
envFrom:
- configMapRef:
name: umami-config
resources:
requests:
memory: "256Mi"
cpu: "150m"
limits:
memory: "384Mi"
cpu: "250m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
containers:
- name: umami
image: umami
args:
- node
- server.js
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-umami
key: PQ_URL
envFrom:
- configMapRef:
name: umami-config
resources:
requests:
memory: "64Mi"
cpu: "150m"
limits:
memory: "256Mi"
cpu: "300m"
ports:
- containerPort: 3000
protocol: TCP
name: web
livenessProbe:
httpGet:
path: /api/heartbeat
port: 3000
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /api/heartbeat
port: 3000
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true