1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 annotations:
51 ad.datadoghq.com/collab.check_names: |
52 ["openmetrics"]
53 ad.datadoghq.com/collab.init_configs: |
54 [{}]
55 ad.datadoghq.com/collab.instances: |
56 [
57 {
58 "openmetrics_endpoint": "http://%%host%%:%%port%%/metrics",
59 "namespace": "collab_${ZED_KUBE_NAMESPACE}",
60 "metrics": [".*"]
61 }
62 ]
63 spec:
64 containers:
65 - name: ${ZED_SERVICE_NAME}
66 image: "${ZED_IMAGE_ID}"
67 args:
68 - serve
69 - ${ZED_SERVICE_NAME}
70 ports:
71 - containerPort: 8080
72 protocol: TCP
73 livenessProbe:
74 httpGet:
75 path: /healthz
76 port: 8080
77 initialDelaySeconds: 5
78 periodSeconds: 5
79 timeoutSeconds: 5
80 readinessProbe:
81 httpGet:
82 path: /
83 port: 8080
84 initialDelaySeconds: 1
85 periodSeconds: 1
86 startupProbe:
87 httpGet:
88 path: /
89 port: 8080
90 initialDelaySeconds: 1
91 periodSeconds: 1
92 failureThreshold: 15
93 env:
94 - name: HTTP_PORT
95 value: "8080"
96 - name: DATABASE_URL
97 valueFrom:
98 secretKeyRef:
99 name: database
100 key: url
101 - name: DATABASE_MAX_CONNECTIONS
102 value: "${DATABASE_MAX_CONNECTIONS}"
103 - name: API_TOKEN
104 valueFrom:
105 secretKeyRef:
106 name: api
107 key: token
108 - name: ZED_CLIENT_CHECKSUM_SEED
109 valueFrom:
110 secretKeyRef:
111 name: zed-client
112 key: checksum-seed
113 - name: LIVE_KIT_SERVER
114 valueFrom:
115 secretKeyRef:
116 name: livekit
117 key: server
118 - name: LIVE_KIT_KEY
119 valueFrom:
120 secretKeyRef:
121 name: livekit
122 key: key
123 - name: LIVE_KIT_SECRET
124 valueFrom:
125 secretKeyRef:
126 name: livekit
127 key: secret
128 - name: OPENAI_API_KEY
129 valueFrom:
130 secretKeyRef:
131 name: openai
132 key: api_key
133 - name: BLOB_STORE_ACCESS_KEY
134 valueFrom:
135 secretKeyRef:
136 name: blob-store
137 key: access_key
138 - name: BLOB_STORE_SECRET_KEY
139 valueFrom:
140 secretKeyRef:
141 name: blob-store
142 key: secret_key
143 - name: BLOB_STORE_URL
144 valueFrom:
145 secretKeyRef:
146 name: blob-store
147 key: url
148 - name: BLOB_STORE_REGION
149 valueFrom:
150 secretKeyRef:
151 name: blob-store
152 key: region
153 - name: BLOB_STORE_BUCKET
154 valueFrom:
155 secretKeyRef:
156 name: blob-store
157 key: bucket
158 - name: CLICKHOUSE_URL
159 valueFrom:
160 secretKeyRef:
161 name: clickhouse
162 key: url
163 - name: CLICKHOUSE_USER
164 valueFrom:
165 secretKeyRef:
166 name: clickhouse
167 key: user
168 - name: CLICKHOUSE_PASSWORD
169 valueFrom:
170 secretKeyRef:
171 name: clickhouse
172 key: password
173 - name: CLICKHOUSE_DATABASE
174 valueFrom:
175 secretKeyRef:
176 name: clickhouse
177 key: database
178 - name: SLACK_PANICS_WEBHOOK
179 valueFrom:
180 secretKeyRef:
181 name: slack
182 key: panics_webhook
183 - name: INVITE_LINK_PREFIX
184 value: ${INVITE_LINK_PREFIX}
185 - name: RUST_BACKTRACE
186 value: "1"
187 - name: RUST_LOG
188 value: ${RUST_LOG}
189 - name: LOG_JSON
190 value: "true"
191 - name: ZED_ENVIRONMENT
192 value: ${ZED_ENVIRONMENT}
193 - name: AUTO_JOIN_CHANNEL_ID
194 value: "${AUTO_JOIN_CHANNEL_ID}"
195 securityContext:
196 capabilities:
197 # FIXME - Switch to the more restrictive `PERFMON` capability.
198 # This capability isn't yet available in a stable version of Debian.
199 add: ["SYS_ADMIN"]
200 terminationGracePeriodSeconds: 10