1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 spec:
51 containers:
52 - name: ${ZED_SERVICE_NAME}
53 image: "${ZED_IMAGE_ID}"
54 args:
55 - serve
56 - ${ZED_SERVICE_NAME}
57 ports:
58 - containerPort: 8080
59 protocol: TCP
60 livenessProbe:
61 httpGet:
62 path: /healthz
63 port: 8080
64 initialDelaySeconds: 5
65 periodSeconds: 5
66 timeoutSeconds: 5
67 readinessProbe:
68 httpGet:
69 path: /
70 port: 8080
71 initialDelaySeconds: 1
72 periodSeconds: 1
73 startupProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 failureThreshold: 15
80 env:
81 - name: HTTP_PORT
82 value: "8080"
83 - name: DATABASE_URL
84 valueFrom:
85 secretKeyRef:
86 name: database
87 key: url
88 - name: DATABASE_MAX_CONNECTIONS
89 value: "${DATABASE_MAX_CONNECTIONS}"
90 - name: API_TOKEN
91 valueFrom:
92 secretKeyRef:
93 name: api
94 key: token
95 - name: ZED_CLIENT_CHECKSUM_SEED
96 valueFrom:
97 secretKeyRef:
98 name: zed-client
99 key: checksum-seed
100 - name: LIVE_KIT_SERVER
101 valueFrom:
102 secretKeyRef:
103 name: livekit
104 key: server
105 - name: LIVE_KIT_KEY
106 valueFrom:
107 secretKeyRef:
108 name: livekit
109 key: key
110 - name: LIVE_KIT_SECRET
111 valueFrom:
112 secretKeyRef:
113 name: livekit
114 key: secret
115 - name: OPENAI_API_KEY
116 valueFrom:
117 secretKeyRef:
118 name: openai
119 key: api_key
120 - name: ANTHROPIC_API_KEY
121 valueFrom:
122 secretKeyRef:
123 name: anthropic
124 key: api_key
125 - name: BLOB_STORE_ACCESS_KEY
126 valueFrom:
127 secretKeyRef:
128 name: blob-store
129 key: access_key
130 - name: BLOB_STORE_SECRET_KEY
131 valueFrom:
132 secretKeyRef:
133 name: blob-store
134 key: secret_key
135 - name: BLOB_STORE_URL
136 valueFrom:
137 secretKeyRef:
138 name: blob-store
139 key: url
140 - name: BLOB_STORE_REGION
141 valueFrom:
142 secretKeyRef:
143 name: blob-store
144 key: region
145 - name: BLOB_STORE_BUCKET
146 valueFrom:
147 secretKeyRef:
148 name: blob-store
149 key: bucket
150 - name: CLICKHOUSE_URL
151 valueFrom:
152 secretKeyRef:
153 name: clickhouse
154 key: url
155 - name: CLICKHOUSE_USER
156 valueFrom:
157 secretKeyRef:
158 name: clickhouse
159 key: user
160 - name: CLICKHOUSE_PASSWORD
161 valueFrom:
162 secretKeyRef:
163 name: clickhouse
164 key: password
165 - name: CLICKHOUSE_DATABASE
166 valueFrom:
167 secretKeyRef:
168 name: clickhouse
169 key: database
170 - name: SLACK_PANICS_WEBHOOK
171 valueFrom:
172 secretKeyRef:
173 name: slack
174 key: panics_webhook
175 - name: SUPERMAVEN_ADMIN_API_KEY
176 valueFrom:
177 secretKeyRef:
178 name: supermaven
179 key: api_key
180 - name: INVITE_LINK_PREFIX
181 value: ${INVITE_LINK_PREFIX}
182 - name: RUST_BACKTRACE
183 value: "1"
184 - name: RUST_LOG
185 value: ${RUST_LOG}
186 - name: LOG_JSON
187 value: "true"
188 - name: ZED_ENVIRONMENT
189 value: ${ZED_ENVIRONMENT}
190 - name: AUTO_JOIN_CHANNEL_ID
191 value: "${AUTO_JOIN_CHANNEL_ID}"
192 securityContext:
193 capabilities:
194 # FIXME - Switch to the more restrictive `PERFMON` capability.
195 # This capability isn't yet available in a stable version of Debian.
196 add: ["SYS_ADMIN"]
197 terminationGracePeriodSeconds: 10