150 lines
No EOL
4.1 KiB
YAML
150 lines
No EOL
4.1 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: snips
|
|
spec:
|
|
replicas: 1
|
|
serviceName: snips
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: snips
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: snips
|
|
spec:
|
|
initContainers:
|
|
- name: init-litestream
|
|
image: litestream
|
|
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '/data/snips.db']
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: litestream-config
|
|
mountPath: /etc/litestream.yml
|
|
subPath: litestream.yml
|
|
env:
|
|
- name: LITESTREAM_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snips-secrets
|
|
key: r2-access-key
|
|
- name: LITESTREAM_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snips-secrets
|
|
key: r2-secret-key
|
|
containers:
|
|
- name: snips
|
|
image: snips
|
|
envFrom:
|
|
- configMapRef:
|
|
name: snips-config
|
|
env:
|
|
- name: SNIPS_HMACKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snips-secrets
|
|
key: hmackey
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
name: http
|
|
- containerPort: 2222
|
|
protocol: TCP
|
|
name: ssh
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 2222
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 2222
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 50Mi
|
|
volumeMounts:
|
|
- name: snips-secrets
|
|
readOnly: true
|
|
mountPath: /etc/snips
|
|
- name: data
|
|
mountPath: /data
|
|
- name: litestream
|
|
image: litestream
|
|
args: ['replicate']
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: litestream-config
|
|
mountPath: /etc/litestream.yml
|
|
subPath: litestream.yml
|
|
env:
|
|
- name: LITESTREAM_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snips-secrets
|
|
key: r2-access-key
|
|
- name: LITESTREAM_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snips-secrets
|
|
key: r2-secret-key
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: 9090
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: 9090
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
ports:
|
|
- name: metrics
|
|
containerPort: 9090
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- snips
|
|
topologyKey: topology.kubernetes.io/zone
|
|
volumes:
|
|
- name: snips-secrets
|
|
secret:
|
|
secretName: snips-secrets
|
|
items:
|
|
- key: authorized_keys
|
|
path: authorized_keys
|
|
- key: snips
|
|
path: snips
|
|
- key: snips.pub
|
|
path: snips.pub
|
|
- name: litestream-config
|
|
configMap:
|
|
name: litestream-config
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: r2 |