netflux-kubernetes/deploy/base/deploy-invidious.yaml

155 lines
4.1 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: invidious
labels:
app: invidious
component: web
app.kubernetes.io/name: invidious
app.kubernetes.io/instance: invidious
spec:
selector:
matchLabels:
app: invidious
component: web
template:
metadata:
labels:
app: invidious
component: web
app.kubernetes.io/name: invidious
app.kubernetes.io/instance: invidious
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
initContainers:
- image: alpine/git:latest
imagePullPolicy: IfNotPresent
name: init-invidious-repo
volumeMounts:
- mountPath: /data
name: data
- mountPath: /scripts
name: scripts
command: ["/bin/sh", "/scripts/init.sh"]
resources:
requests:
memory: 64Mi
cpu: 100m
limits:
memory: 128Mi
cpu: 500m
securityContext:
readOnlyRootFilesystem: true
- image: jbergknoff/postgresql-client:latest
imagePullPolicy: IfNotPresent
name: init-invidious-db
volumeMounts:
- mountPath: /data
name: data
env:
- name: PGHOST
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-host
optional: false
- name: PGPORT
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-port
optional: false
# See init-invidious-db.sh:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-name
optional: false
# See init-invidious-db.sh:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-user
optional: false
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-password
optional: false
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 1000m
securityContext:
readOnlyRootFilesystem: true
workingDir: /data/repo
command: ["sh", "docker/init-invidious-db.sh"]
containers:
- image: quay.io/invidious/invidious:latest
imagePullPolicy: Always
name: invidious
ports:
- name: http
protocol: TCP
containerPort: 3000
env:
- name: INVIDIOUS_CONFIG_FILE
value: /invidious/config/config.yml
- name: INVIDIOUS_DATABASE_URL
valueFrom:
secretKeyRef:
name: invidious-credentials
key: database-url
optional: false
- name: INVIDIOUS_HMAC_KEY
valueFrom:
secretKeyRef:
name: invidious-credentials
key: hmac-key
optional: false
volumeMounts:
- mountPath: /invidious/config/config.yml
subPath: config.yml
name: config
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 1000m
lifecycle:
preStop:
exec:
command: ["kill", "-INT", "1"]
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/v1/comments/jNQXAC9IVRw
port: 3000
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
securityContext:
readOnlyRootFilesystem: true
volumes:
- name: data
emptyDir: {}
- name: config
configMap:
name: invidious-config
- name: scripts
configMap:
name: invidious-scripts