Mayne0213
79e9fbaeb7
- ArgoCD Application for mas namespace - Deployment with privileged container, hostPID for K8s access - RBAC: ServiceAccount, ClusterRoles (viewer/writer) - ExternalSecrets for API keys and PostgreSQL password - Ingress at mas0213.kro.kr with Authelia SSO
84 lines
2.1 KiB
YAML
84 lines
2.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: mas
|
|
labels:
|
|
app: mas
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: mas
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 0
|
|
maxSurge: 1
|
|
revisionHistoryLimit: 3
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: mas
|
|
spec:
|
|
hostPID: true
|
|
serviceAccountName: mas
|
|
imagePullSecrets:
|
|
- name: ghcr-secret
|
|
containers:
|
|
- name: mas
|
|
image: ghcr.io/mayne0213/mas:latest
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
privileged: true
|
|
ports:
|
|
- containerPort: 8000
|
|
name: http
|
|
env:
|
|
- name: ANTHROPIC_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mas-api-keys
|
|
key: anthropic-api-key
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgresql-password
|
|
key: password
|
|
- name: CHAINLIT_DATABASE_URL
|
|
value: "postgresql://bluemayne:$(POSTGRES_PASSWORD)@postgresql-rw.postgresql.svc.cluster.local:5432/mas"
|
|
- name: DATABASE_URL
|
|
value: "postgresql://bluemayne:$(POSTGRES_PASSWORD)@postgresql-rw.postgresql.svc.cluster.local:5432/mas"
|
|
- name: POSTGRES_HOST
|
|
value: "postgresql-rw.postgresql.svc.cluster.local"
|
|
- name: POSTGRES_PORT
|
|
value: "5432"
|
|
- name: POSTGRES_USER
|
|
value: "bluemayne"
|
|
- name: GITEA_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mas-api-keys
|
|
key: gitea-token
|
|
optional: true
|
|
- name: REDIS_URL
|
|
value: "redis://redis:6379/0"
|
|
resources:
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 1Gi
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8000
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
restartPolicy: Always
|