1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 spec:
51 containers:
52 - name: ${ZED_SERVICE_NAME}
53 image: "${ZED_IMAGE_ID}"
54 args:
55 - serve
56 - ${ZED_SERVICE_NAME}
57 ports:
58 - containerPort: 8080
59 protocol: TCP
60 livenessProbe:
61 httpGet:
62 path: /healthz
63 port: 8080
64 initialDelaySeconds: 5
65 periodSeconds: 5
66 timeoutSeconds: 5
67 readinessProbe:
68 httpGet:
69 path: /
70 port: 8080
71 initialDelaySeconds: 1
72 periodSeconds: 1
73 startupProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 failureThreshold: 15
80 env:
81 - name: HTTP_PORT
82 value: "8080"
83 - name: DATABASE_URL
84 valueFrom:
85 secretKeyRef:
86 name: database
87 key: url
88 - name: DATABASE_MAX_CONNECTIONS
89 value: "${DATABASE_MAX_CONNECTIONS}"
90 - name: API_TOKEN
91 valueFrom:
92 secretKeyRef:
93 name: api
94 key: token
95 - name: LLM_API_SECRET
96 valueFrom:
97 secretKeyRef:
98 name: llm-token
99 key: secret
100 - name: LLM_DATABASE_URL
101 valueFrom:
102 secretKeyRef:
103 name: llm-database
104 key: url
105 - name: LLM_DATABASE_MAX_CONNECTIONS
106 value: "${LLM_DATABASE_MAX_CONNECTIONS}"
107 - name: ZED_CLIENT_CHECKSUM_SEED
108 valueFrom:
109 secretKeyRef:
110 name: zed-client
111 key: checksum-seed
112 - name: LIVE_KIT_SERVER
113 valueFrom:
114 secretKeyRef:
115 name: livekit
116 key: server
117 - name: LIVE_KIT_KEY
118 valueFrom:
119 secretKeyRef:
120 name: livekit
121 key: key
122 - name: LIVE_KIT_SECRET
123 valueFrom:
124 secretKeyRef:
125 name: livekit
126 key: secret
127 - name: OPENAI_API_KEY
128 valueFrom:
129 secretKeyRef:
130 name: openai
131 key: api_key
132 - name: ANTHROPIC_API_KEY
133 valueFrom:
134 secretKeyRef:
135 name: anthropic
136 key: api_key
137 - name: ANTHROPIC_STAFF_API_KEY
138 valueFrom:
139 secretKeyRef:
140 name: anthropic
141 key: staff_api_key
142 - name: LLM_CLOSED_BETA_MODEL_NAME
143 valueFrom:
144 secretKeyRef:
145 name: llm-closed-beta
146 key: model_name
147 - name: GOOGLE_AI_API_KEY
148 valueFrom:
149 secretKeyRef:
150 name: google-ai
151 key: api_key
152 - name: BLOB_STORE_ACCESS_KEY
153 valueFrom:
154 secretKeyRef:
155 name: blob-store
156 key: access_key
157 - name: BLOB_STORE_SECRET_KEY
158 valueFrom:
159 secretKeyRef:
160 name: blob-store
161 key: secret_key
162 - name: BLOB_STORE_URL
163 valueFrom:
164 secretKeyRef:
165 name: blob-store
166 key: url
167 - name: BLOB_STORE_REGION
168 valueFrom:
169 secretKeyRef:
170 name: blob-store
171 key: region
172 - name: BLOB_STORE_BUCKET
173 valueFrom:
174 secretKeyRef:
175 name: blob-store
176 key: bucket
177 - name: KINESIS_ACCESS_KEY
178 valueFrom:
179 secretKeyRef:
180 name: kinesis
181 key: access_key
182 - name: KINESIS_SECRET_KEY
183 valueFrom:
184 secretKeyRef:
185 name: kinesis
186 key: secret_key
187 - name: KINESIS_STREAM
188 valueFrom:
189 secretKeyRef:
190 name: kinesis
191 key: stream
192 - name: KINESIS_REGION
193 valueFrom:
194 secretKeyRef:
195 name: kinesis
196 key: region
197 - name: BLOB_STORE_BUCKET
198 valueFrom:
199 secretKeyRef:
200 name: blob-store
201 key: bucket
202 - name: CLICKHOUSE_URL
203 valueFrom:
204 secretKeyRef:
205 name: clickhouse
206 key: url
207 - name: CLICKHOUSE_USER
208 valueFrom:
209 secretKeyRef:
210 name: clickhouse
211 key: user
212 - name: CLICKHOUSE_PASSWORD
213 valueFrom:
214 secretKeyRef:
215 name: clickhouse
216 key: password
217 - name: CLICKHOUSE_DATABASE
218 valueFrom:
219 secretKeyRef:
220 name: clickhouse
221 key: database
222 - name: SLACK_PANICS_WEBHOOK
223 valueFrom:
224 secretKeyRef:
225 name: slack
226 key: panics_webhook
227 - name: STRIPE_API_KEY
228 valueFrom:
229 secretKeyRef:
230 name: stripe
231 key: api_key
232 optional: true
233 - name: COMPLETE_WITH_LANGUAGE_MODEL_RATE_LIMIT_PER_HOUR
234 value: "1000"
235 - name: SUPERMAVEN_ADMIN_API_KEY
236 valueFrom:
237 secretKeyRef:
238 name: supermaven
239 key: api_key
240 - name: USER_BACKFILLER_GITHUB_ACCESS_TOKEN
241 valueFrom:
242 secretKeyRef:
243 name: user-backfiller
244 key: github_access_token
245 optional: true
246 - name: INVITE_LINK_PREFIX
247 value: ${INVITE_LINK_PREFIX}
248 - name: RUST_BACKTRACE
249 value: "1"
250 - name: RUST_LOG
251 value: ${RUST_LOG}
252 - name: LOG_JSON
253 value: "true"
254 - name: ZED_ENVIRONMENT
255 value: ${ZED_ENVIRONMENT}
256 - name: AUTO_JOIN_CHANNEL_ID
257 value: "${AUTO_JOIN_CHANNEL_ID}"
258 securityContext:
259 capabilities:
260 # FIXME - Switch to the more restrictive `PERFMON` capability.
261 # This capability isn't yet available in a stable version of Debian.
262 add: ["SYS_ADMIN"]
263 terminationGracePeriodSeconds: 10