Michael Trip
b56e866071
All checks were successful
Build and Push Image / build-and-push (push) Successful in 1m26s
123 lines
3.3 KiB
YAML
123 lines
3.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: snauw-counter
|
|
namespace: snauw-counter
|
|
labels:
|
|
app.kubernetes.io/name: snauw-counter
|
|
app.kubernetes.io/component: web
|
|
app.kubernetes.io/part-of: snauw-counter
|
|
app.kubernetes.io/version: ${IMAGE_TAG:-latest}
|
|
spec:
|
|
replicas: 2
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: snauw-counter
|
|
app.kubernetes.io/component: web
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: snauw-counter
|
|
app.kubernetes.io/component: web
|
|
app.kubernetes.io/part-of: snauw-counter
|
|
app.kubernetes.io/version: ${IMAGE_TAG:-latest}
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "5000"
|
|
prometheus.io/path: "/metrics"
|
|
spec:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1001
|
|
fsGroup: 1001
|
|
initContainers:
|
|
- name: init-sqlite
|
|
image: busybox:1.35
|
|
command: ['sh', '-c', 'mkdir -p /app/data && chown -R 1001:1001 /app/data']
|
|
volumeMounts:
|
|
- name: sqlite-data
|
|
mountPath: /app/data
|
|
securityContext:
|
|
runAsUser: 0 # Run as root for chown
|
|
containers:
|
|
- name: snauw-counter
|
|
image: ${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG:-latest}
|
|
ports:
|
|
- containerPort: 5000
|
|
name: http
|
|
protocol: TCP
|
|
env:
|
|
- name: FLASK_ENV
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: snauw-counter-config
|
|
key: FLASK_ENV
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: snauw-counter-config
|
|
key: DATABASE_URL
|
|
- name: SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: snauw-counter-secrets
|
|
key: secret-key
|
|
- name: PROMETHEUS_MULTIPROC_DIR
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: snauw-counter-config
|
|
key: PROMETHEUS_MULTIPROC_DIR
|
|
volumeMounts:
|
|
- name: secrets
|
|
mountPath: /etc/secrets
|
|
readOnly: true
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
- name: sqlite-data
|
|
mountPath: /app/data
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "200m"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
timeoutSeconds: 10
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
volumes:
|
|
- name: secrets
|
|
secret:
|
|
secretName: snauw-counter-secrets
|
|
defaultMode: 0400
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: sqlite-data
|
|
persistentVolumeClaim:
|
|
claimName: snauw-counter-sqlite-pvc
|
|
imagePullSecrets:
|
|
- name: ghcr-secret
|