netflux-kubernetes/deploy/base/deploy-invidious.yaml

155 lines
4.1 KiB
YAML
Raw Normal View History

2022-05-11 11:18:49 +02:00
apiVersion: apps/v1
kind: Deployment
metadata:
name: invidious
labels:
2022-06-05 17:44:52 +02:00
app: invidious
component: web
2022-05-11 11:18:49 +02:00
app.kubernetes.io/name: invidious
app.kubernetes.io/instance: invidious
spec:
selector:
matchLabels:
2022-06-05 17:44:52 +02:00
app: invidious
component: web
2022-05-11 11:18:49 +02:00
template:
metadata:
labels:
2022-06-05 17:44:52 +02:00
app: invidious
component: web
2022-05-11 11:18:49 +02:00
app.kubernetes.io/name: invidious
app.kubernetes.io/instance: invidious
spec:
2023-09-11 00:18:13 +02:00
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
2022-05-11 11:18:49 +02:00
initContainers:
2023-10-08 19:40:14 +02:00
- image: alpine/git:latest
2022-05-11 11:18:49 +02:00
imagePullPolicy: IfNotPresent
name: init-invidious-repo
volumeMounts:
- mountPath: /data
name: data
2023-01-12 07:05:10 +01:00
- mountPath: /scripts
name: scripts
command: ["/bin/sh", "/scripts/init.sh"]
2023-09-10 20:44:15 +02:00
resources:
requests:
memory: 64Mi
cpu: 100m
limits:
memory: 128Mi
cpu: 500m
securityContext:
readOnlyRootFilesystem: true
2023-10-08 19:40:14 +02:00
- image: jbergknoff/postgresql-client:latest
2022-05-11 11:18:49 +02:00
imagePullPolicy: IfNotPresent
name: init-invidious-db
volumeMounts:
- mountPath: /data
name: data
2022-05-11 11:18:49 +02:00
env:
- name: PGHOST
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-host
optional: false
- name: PGPORT
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-port
optional: false
# See init-invidious-db.sh:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-name
optional: false
# See init-invidious-db.sh:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-user
optional: false
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-password
optional: false
2023-09-10 20:44:15 +02:00
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 1000m
securityContext:
readOnlyRootFilesystem: true
workingDir: /data/repo
command: ["sh", "docker/init-invidious-db.sh"]
2022-05-11 11:18:49 +02:00
containers:
2023-10-08 19:40:14 +02:00
- image: quay.io/invidious/invidious:latest
2022-06-27 18:49:41 +02:00
imagePullPolicy: Always
2022-05-11 11:18:49 +02:00
name: invidious
ports:
- name: http
protocol: TCP
containerPort: 3000
env:
- name: INVIDIOUS_CONFIG_FILE
value: /invidious/config/config.yml
- name: INVIDIOUS_DATABASE_URL
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-url
optional: false
- name: INVIDIOUS_HMAC_KEY
valueFrom:
secretKeyRef:
name: invidious-credentials
key: hmac-key
optional: false
2022-05-11 11:18:49 +02:00
volumeMounts:
- mountPath: /invidious/config/config.yml
subPath: config.yml
name: config
2022-05-11 20:21:14 +02:00
resources:
requests:
2023-09-10 20:44:15 +02:00
memory: 128Mi
cpu: 100m
2022-05-11 20:21:14 +02:00
limits:
2023-09-10 20:44:15 +02:00
memory: 256Mi
cpu: 1000m
lifecycle:
preStop:
exec:
command: ["kill", "-INT", "1"]
2022-05-11 11:18:49 +02:00
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/v1/comments/jNQXAC9IVRw
port: 3000
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
securityContext:
readOnlyRootFilesystem: true
2022-05-11 11:18:49 +02:00
volumes:
- name: data
2022-05-11 11:18:49 +02:00
emptyDir: {}
- name: config
configMap:
name: invidious-config
2023-01-12 07:05:10 +01:00
- name: scripts
configMap:
name: invidious-scripts