1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 spec:
51 containers:
52 - name: ${ZED_SERVICE_NAME}
53 image: "${ZED_IMAGE_ID}"
54 args:
55 - serve
56 - ${ZED_SERVICE_NAME}
57 ports:
58 - containerPort: 8080
59 protocol: TCP
60 livenessProbe:
61 httpGet:
62 path: /healthz
63 port: 8080
64 initialDelaySeconds: 5
65 periodSeconds: 5
66 timeoutSeconds: 5
67 readinessProbe:
68 httpGet:
69 path: /
70 port: 8080
71 initialDelaySeconds: 1
72 periodSeconds: 1
73 startupProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 failureThreshold: 15
80 env:
81 - name: HTTP_PORT
82 value: "8080"
83 - name: DATABASE_URL
84 valueFrom:
85 secretKeyRef:
86 name: database
87 key: url
88 - name: DATABASE_MAX_CONNECTIONS
89 value: "${DATABASE_MAX_CONNECTIONS}"
90 - name: API_TOKEN
91 valueFrom:
92 secretKeyRef:
93 name: api
94 key: token
95 - name: LLM_API_SECRET
96 valueFrom:
97 secretKeyRef:
98 name: llm-token
99 key: secret
100 - name: LLM_DATABASE_URL
101 valueFrom:
102 secretKeyRef:
103 name: llm-database
104 key: url
105 - name: LLM_DATABASE_MAX_CONNECTIONS
106 value: "${LLM_DATABASE_MAX_CONNECTIONS}"
107 - name: ZED_CLIENT_CHECKSUM_SEED
108 valueFrom:
109 secretKeyRef:
110 name: zed-client
111 key: checksum-seed
112 - name: LIVE_KIT_SERVER
113 valueFrom:
114 secretKeyRef:
115 name: livekit
116 key: server
117 - name: LIVE_KIT_KEY
118 valueFrom:
119 secretKeyRef:
120 name: livekit
121 key: key
122 - name: LIVE_KIT_SECRET
123 valueFrom:
124 secretKeyRef:
125 name: livekit
126 key: secret
127 - name: OPENAI_API_KEY
128 valueFrom:
129 secretKeyRef:
130 name: openai
131 key: api_key
132 - name: ANTHROPIC_API_KEY
133 valueFrom:
134 secretKeyRef:
135 name: anthropic
136 key: api_key
137 - name: ANTHROPIC_STAFF_API_KEY
138 valueFrom:
139 secretKeyRef:
140 name: anthropic
141 key: staff_api_key
142 - name: LLM_CLOSED_BETA_MODEL_NAME
143 valueFrom:
144 secretKeyRef:
145 name: llm-closed-beta
146 key: model_name
147 - name: GOOGLE_AI_API_KEY
148 valueFrom:
149 secretKeyRef:
150 name: google-ai
151 key: api_key
152 - name: RUNPOD_API_KEY
153 valueFrom:
154 secretKeyRef:
155 name: runpod
156 key: api_key
157 optional: true
158 - name: RUNPOD_API_SUMMARY_URL
159 valueFrom:
160 secretKeyRef:
161 name: runpod
162 key: summary
163 optional: true
164 - name: BLOB_STORE_ACCESS_KEY
165 valueFrom:
166 secretKeyRef:
167 name: blob-store
168 key: access_key
169 - name: BLOB_STORE_SECRET_KEY
170 valueFrom:
171 secretKeyRef:
172 name: blob-store
173 key: secret_key
174 - name: BLOB_STORE_URL
175 valueFrom:
176 secretKeyRef:
177 name: blob-store
178 key: url
179 - name: BLOB_STORE_REGION
180 valueFrom:
181 secretKeyRef:
182 name: blob-store
183 key: region
184 - name: BLOB_STORE_BUCKET
185 valueFrom:
186 secretKeyRef:
187 name: blob-store
188 key: bucket
189 - name: CLICKHOUSE_URL
190 valueFrom:
191 secretKeyRef:
192 name: clickhouse
193 key: url
194 - name: CLICKHOUSE_USER
195 valueFrom:
196 secretKeyRef:
197 name: clickhouse
198 key: user
199 - name: CLICKHOUSE_PASSWORD
200 valueFrom:
201 secretKeyRef:
202 name: clickhouse
203 key: password
204 - name: CLICKHOUSE_DATABASE
205 valueFrom:
206 secretKeyRef:
207 name: clickhouse
208 key: database
209 - name: SLACK_PANICS_WEBHOOK
210 valueFrom:
211 secretKeyRef:
212 name: slack
213 key: panics_webhook
214 - name: COMPLETE_WITH_LANGUAGE_MODEL_RATE_LIMIT_PER_HOUR
215 value: "1000"
216 - name: SUPERMAVEN_ADMIN_API_KEY
217 valueFrom:
218 secretKeyRef:
219 name: supermaven
220 key: api_key
221 - name: USER_BACKFILLER_GITHUB_ACCESS_TOKEN
222 valueFrom:
223 secretKeyRef:
224 name: user-backfiller
225 key: github_access_token
226 optional: true
227 - name: INVITE_LINK_PREFIX
228 value: ${INVITE_LINK_PREFIX}
229 - name: RUST_BACKTRACE
230 value: "1"
231 - name: RUST_LOG
232 value: ${RUST_LOG}
233 - name: LOG_JSON
234 value: "true"
235 - name: ZED_ENVIRONMENT
236 value: ${ZED_ENVIRONMENT}
237 - name: AUTO_JOIN_CHANNEL_ID
238 value: "${AUTO_JOIN_CHANNEL_ID}"
239 securityContext:
240 capabilities:
241 # FIXME - Switch to the more restrictive `PERFMON` capability.
242 # This capability isn't yet available in a stable version of Debian.
243 add: ["SYS_ADMIN"]
244 terminationGracePeriodSeconds: 10