apps/linkwarden/resources/deployment.yaml

134 lines
No EOL
3.7 KiB
YAML

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: linkwarden
labels:
app.kubernetes.io/name: linkwarden
spec:
selector:
matchLabels:
app.kubernetes.io/name: linkwarden
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: linkwarden
spec:
initContainers:
- name: install-packages
image: linkwarden
command: ["/bin/bash", "-c", "npx playwright install"]
volumeMounts:
- name: node-cache
mountPath: /home/node/.cache
- name: run-prisma-migrations
image: linkwarden
command: ["/data/node_modules/.bin/prisma"]
args: ["migrate", "deploy"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-linkwarden
key: PQ_MIGRATE_URL
containers:
- name: linkwarden
image: linkwarden
command: ["/data/node_modules/.bin/next"]
args: ["start"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-linkwarden
key: PQ_URL
envFrom:
- secretRef:
name: linkwarden-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: next-cache
mountPath: /data/.next/cache
- name: node-cache
mountPath: /home/node/.cache
resources:
requests:
memory: "384Mi"
cpu: "50m"
limits:
memory: "1500Mi"
cpu: "500m"
readinessProbe:
httpGet:
path: /login
port: 3000
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
path: /login
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
- name: linkwarden-worker
image: linkwarden
command: ["/data/node_modules/.bin/ts-node"]
args: ["--transpile-only", "--skip-project", "scripts/worker.ts"]
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-linkwarden
key: uri
envFrom:
- secretRef:
name: linkwarden-config
volumeMounts:
- name: next-cache
mountPath: /data/.next/cache
- name: node-cache
mountPath: /home/node/.cache
resources:
requests:
memory: "384Mi"
cpu: "50m"
limits:
memory: "1500Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
volumes:
- name: next-cache
emptyDir:
sizeLimit: 250Mi
- name: node-cache
emptyDir:
sizeLimit: 1500Mi