1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
15 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
16 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
17spec:
18 type: LoadBalancer
19 selector:
20 app: ${ZED_SERVICE_NAME}
21 ports:
22 - name: web
23 protocol: TCP
24 port: 443
25 targetPort: 8080
26
27---
28apiVersion: apps/v1
29kind: Deployment
30metadata:
31 namespace: ${ZED_KUBE_NAMESPACE}
32 name: ${ZED_SERVICE_NAME}
33
34spec:
35 replicas: 1
36 selector:
37 matchLabels:
38 app: ${ZED_SERVICE_NAME}
39 template:
40 metadata:
41 labels:
42 app: ${ZED_SERVICE_NAME}
43 annotations:
44 ad.datadoghq.com/collab.check_names: |
45 ["openmetrics"]
46 ad.datadoghq.com/collab.init_configs: |
47 [{}]
48 ad.datadoghq.com/collab.instances: |
49 [
50 {
51 "openmetrics_endpoint": "http://%%host%%:%%port%%/metrics",
52 "namespace": "collab_${ZED_KUBE_NAMESPACE}",
53 "metrics": [".*"]
54 }
55 ]
56 spec:
57 containers:
58 - name: ${ZED_SERVICE_NAME}
59 image: "${ZED_IMAGE_ID}"
60 args:
61 - serve
62 - ${ZED_SERVICE_NAME}
63 ports:
64 - containerPort: 8080
65 protocol: TCP
66 livenessProbe:
67 httpGet:
68 path: /healthz
69 port: 8080
70 initialDelaySeconds: 5
71 periodSeconds: 5
72 timeoutSeconds: 5
73 readinessProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 env:
80 - name: HTTP_PORT
81 value: "8080"
82 - name: DATABASE_URL
83 valueFrom:
84 secretKeyRef:
85 name: database
86 key: url
87 - name: DATABASE_MAX_CONNECTIONS
88 value: "${DATABASE_MAX_CONNECTIONS}"
89 - name: API_TOKEN
90 valueFrom:
91 secretKeyRef:
92 name: api
93 key: token
94 - name: ZED_CLIENT_CHECKSUM_SEED
95 valueFrom:
96 secretKeyRef:
97 name: zed-client
98 key: checksum-seed
99 - name: LIVE_KIT_SERVER
100 valueFrom:
101 secretKeyRef:
102 name: livekit
103 key: server
104 - name: LIVE_KIT_KEY
105 valueFrom:
106 secretKeyRef:
107 name: livekit
108 key: key
109 - name: LIVE_KIT_SECRET
110 valueFrom:
111 secretKeyRef:
112 name: livekit
113 key: secret
114 - name: BLOB_STORE_ACCESS_KEY
115 valueFrom:
116 secretKeyRef:
117 name: blob-store
118 key: access_key
119 - name: BLOB_STORE_SECRET_KEY
120 valueFrom:
121 secretKeyRef:
122 name: blob-store
123 key: secret_key
124 - name: BLOB_STORE_URL
125 valueFrom:
126 secretKeyRef:
127 name: blob-store
128 key: url
129 - name: BLOB_STORE_REGION
130 valueFrom:
131 secretKeyRef:
132 name: blob-store
133 key: region
134 - name: BLOB_STORE_BUCKET
135 valueFrom:
136 secretKeyRef:
137 name: blob-store
138 key: bucket
139 - name: CLICKHOUSE_URL
140 valueFrom:
141 secretKeyRef:
142 name: clickhouse
143 key: url
144 - name: CLICKHOUSE_USER
145 valueFrom:
146 secretKeyRef:
147 name: clickhouse
148 key: user
149 - name: CLICKHOUSE_PASSWORD
150 valueFrom:
151 secretKeyRef:
152 name: clickhouse
153 key: password
154 - name: CLICKHOUSE_DATABASE
155 valueFrom:
156 secretKeyRef:
157 name: clickhouse
158 key: database
159 - name: INVITE_LINK_PREFIX
160 value: ${INVITE_LINK_PREFIX}
161 - name: RUST_BACKTRACE
162 value: "1"
163 - name: RUST_LOG
164 value: ${RUST_LOG}
165 - name: LOG_JSON
166 value: "true"
167 - name: ZED_ENVIRONMENT
168 value: ${ZED_ENVIRONMENT}
169 securityContext:
170 capabilities:
171 # FIXME - Switch to the more restrictive `PERFMON` capability.
172 # This capability isn't yet available in a stable version of Debian.
173 add: ["SYS_ADMIN"]