155 lines
4.1 KiB
YAML
155 lines
4.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: invidious
|
|
labels:
|
|
app: invidious
|
|
component: web
|
|
app.kubernetes.io/name: invidious
|
|
app.kubernetes.io/instance: invidious
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: invidious
|
|
component: web
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: invidious
|
|
component: web
|
|
app.kubernetes.io/name: invidious
|
|
app.kubernetes.io/instance: invidious
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
initContainers:
|
|
- image: alpine/git:latest
|
|
imagePullPolicy: IfNotPresent
|
|
name: init-invidious-repo
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /scripts
|
|
name: scripts
|
|
command: ["/bin/sh", "/scripts/init.sh"]
|
|
resources:
|
|
requests:
|
|
memory: 64Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 128Mi
|
|
cpu: 500m
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
- image: jbergknoff/postgresql-client:latest
|
|
imagePullPolicy: IfNotPresent
|
|
name: init-invidious-db
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
env:
|
|
- name: PGHOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-host
|
|
optional: false
|
|
- name: PGPORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-port
|
|
optional: false
|
|
# See init-invidious-db.sh:
|
|
- name: POSTGRES_DB
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-name
|
|
optional: false
|
|
# See init-invidious-db.sh:
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-user
|
|
optional: false
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-password
|
|
optional: false
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 1000m
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
workingDir: /data/repo
|
|
command: ["sh", "docker/init-invidious-db.sh"]
|
|
containers:
|
|
- image: quay.io/invidious/invidious:latest
|
|
imagePullPolicy: Always
|
|
name: invidious
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
containerPort: 3000
|
|
env:
|
|
- name: INVIDIOUS_CONFIG_FILE
|
|
value: /invidious/config/config.yml
|
|
- name: INVIDIOUS_DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: database-url
|
|
optional: false
|
|
- name: INVIDIOUS_HMAC_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: invidious-credentials
|
|
key: hmac-key
|
|
optional: false
|
|
volumeMounts:
|
|
- mountPath: /invidious/config/config.yml
|
|
subPath: config.yml
|
|
name: config
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 1000m
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command: ["kill", "-INT", "1"]
|
|
livenessProbe:
|
|
failureThreshold: 10
|
|
httpGet:
|
|
path: /api/v1/comments/jNQXAC9IVRw
|
|
port: 3000
|
|
scheme: HTTP
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 10
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
volumes:
|
|
- name: data
|
|
emptyDir: {}
|
|
- name: config
|
|
configMap:
|
|
name: invidious-config
|
|
- name: scripts
|
|
configMap:
|
|
name: invidious-scripts
|