apiVersion: apps/v1 kind: Deployment metadata: name: invidious labels: app: invidious component: web app.kubernetes.io/name: invidious app.kubernetes.io/instance: invidious spec: selector: matchLabels: app: invidious component: web template: metadata: labels: app: invidious component: web app.kubernetes.io/name: invidious app.kubernetes.io/instance: invidious spec: securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true initContainers: - image: alpine/git:latest imagePullPolicy: IfNotPresent name: init-invidious-repo volumeMounts: - mountPath: /data name: data - mountPath: /scripts name: scripts command: ["/bin/sh", "/scripts/init.sh"] resources: requests: memory: 64Mi cpu: 100m limits: memory: 128Mi cpu: 500m securityContext: readOnlyRootFilesystem: true - image: jbergknoff/postgresql-client:latest imagePullPolicy: IfNotPresent name: init-invidious-db volumeMounts: - mountPath: /data name: data env: - name: PGHOST valueFrom: secretKeyRef: name: invidious-credentials key: database-host optional: false - name: PGPORT valueFrom: secretKeyRef: name: invidious-credentials key: database-port optional: false # See init-invidious-db.sh: - name: POSTGRES_DB valueFrom: secretKeyRef: name: invidious-credentials key: database-name optional: false # See init-invidious-db.sh: - name: POSTGRES_USER valueFrom: secretKeyRef: name: invidious-credentials key: database-user optional: false - name: PGPASSWORD valueFrom: secretKeyRef: name: invidious-credentials key: database-password optional: false resources: requests: memory: 128Mi cpu: 100m limits: memory: 256Mi cpu: 1000m securityContext: readOnlyRootFilesystem: true workingDir: /data/repo command: ["sh", "docker/init-invidious-db.sh"] containers: - image: quay.io/invidious/invidious:latest imagePullPolicy: Always name: invidious ports: - name: http protocol: TCP containerPort: 3000 env: - name: INVIDIOUS_CONFIG_FILE value: /invidious/config/config.yml - name: INVIDIOUS_DATABASE_URL valueFrom: secretKeyRef: name: invidious-credentials key: database-url optional: false - name: INVIDIOUS_HMAC_KEY valueFrom: secretKeyRef: name: invidious-credentials key: hmac-key optional: false volumeMounts: - mountPath: /invidious/config/config.yml subPath: config.yml name: config resources: requests: memory: 128Mi cpu: 100m limits: memory: 256Mi cpu: 1000m lifecycle: preStop: exec: command: ["kill", "-INT", "1"] livenessProbe: failureThreshold: 10 httpGet: path: /api/v1/comments/jNQXAC9IVRw port: 3000 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 securityContext: readOnlyRootFilesystem: true volumes: - name: data emptyDir: {} - name: config configMap: name: invidious-config - name: scripts configMap: name: invidious-scripts