1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 spec:
51 containers:
52 - name: ${ZED_SERVICE_NAME}
53 image: "${ZED_IMAGE_ID}"
54 args:
55 - serve
56 - ${ZED_SERVICE_NAME}
57 ports:
58 - containerPort: 8080
59 protocol: TCP
60 livenessProbe:
61 httpGet:
62 path: /healthz
63 port: 8080
64 initialDelaySeconds: 5
65 periodSeconds: 5
66 timeoutSeconds: 5
67 readinessProbe:
68 httpGet:
69 path: /
70 port: 8080
71 initialDelaySeconds: 1
72 periodSeconds: 1
73 startupProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 failureThreshold: 15
80 env:
81 - name: HTTP_PORT
82 value: "8080"
83 - name: DATABASE_URL
84 valueFrom:
85 secretKeyRef:
86 name: database
87 key: url
88 - name: DATABASE_MAX_CONNECTIONS
89 value: "${DATABASE_MAX_CONNECTIONS}"
90 - name: API_TOKEN
91 valueFrom:
92 secretKeyRef:
93 name: api
94 key: token
95 - name: ZED_CLIENT_CHECKSUM_SEED
96 valueFrom:
97 secretKeyRef:
98 name: zed-client
99 key: checksum-seed
100 - name: LIVEKIT_SERVER
101 valueFrom:
102 secretKeyRef:
103 name: livekit
104 key: server
105 - name: LIVEKIT_KEY
106 valueFrom:
107 secretKeyRef:
108 name: livekit
109 key: key
110 - name: LIVEKIT_SECRET
111 valueFrom:
112 secretKeyRef:
113 name: livekit
114 key: secret
115 - name: BLOB_STORE_ACCESS_KEY
116 valueFrom:
117 secretKeyRef:
118 name: blob-store
119 key: access_key
120 - name: BLOB_STORE_SECRET_KEY
121 valueFrom:
122 secretKeyRef:
123 name: blob-store
124 key: secret_key
125 - name: BLOB_STORE_URL
126 valueFrom:
127 secretKeyRef:
128 name: blob-store
129 key: url
130 - name: BLOB_STORE_REGION
131 valueFrom:
132 secretKeyRef:
133 name: blob-store
134 key: region
135 - name: BLOB_STORE_BUCKET
136 valueFrom:
137 secretKeyRef:
138 name: blob-store
139 key: bucket
140 - name: KINESIS_ACCESS_KEY
141 valueFrom:
142 secretKeyRef:
143 name: kinesis
144 key: access_key
145 - name: KINESIS_SECRET_KEY
146 valueFrom:
147 secretKeyRef:
148 name: kinesis
149 key: secret_key
150 - name: KINESIS_STREAM
151 valueFrom:
152 secretKeyRef:
153 name: kinesis
154 key: stream
155 - name: KINESIS_REGION
156 valueFrom:
157 secretKeyRef:
158 name: kinesis
159 key: region
160 - name: BLOB_STORE_BUCKET
161 valueFrom:
162 secretKeyRef:
163 name: blob-store
164 key: bucket
165 - name: RUST_BACKTRACE
166 value: "1"
167 - name: RUST_LOG
168 value: ${RUST_LOG}
169 - name: LOG_JSON
170 value: "true"
171 - name: ZED_ENVIRONMENT
172 value: ${ZED_ENVIRONMENT}
173 securityContext:
174 capabilities:
175 # TODO - Switch to the more restrictive `PERFMON` capability.
176 # This capability isn't yet available in a stable version of Debian.
177 add: ["SYS_ADMIN"]
178 terminationGracePeriodSeconds: 10