1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6
7---
8kind: Service
9apiVersion: v1
10metadata:
11 namespace: ${ZED_KUBE_NAMESPACE}
12 name: ${ZED_SERVICE_NAME}
13 annotations:
14 service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}"
15 service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}"
16 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
17 service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID}
18 service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true"
19spec:
20 type: LoadBalancer
21 selector:
22 app: ${ZED_SERVICE_NAME}
23 ports:
24 - name: web
25 protocol: TCP
26 port: 443
27 targetPort: 8080
28
29---
30apiVersion: apps/v1
31kind: Deployment
32metadata:
33 namespace: ${ZED_KUBE_NAMESPACE}
34 name: ${ZED_SERVICE_NAME}
35
36spec:
37 replicas: 1
38 strategy:
39 type: RollingUpdate
40 rollingUpdate:
41 maxSurge: 1
42 maxUnavailable: 0
43 selector:
44 matchLabels:
45 app: ${ZED_SERVICE_NAME}
46 template:
47 metadata:
48 labels:
49 app: ${ZED_SERVICE_NAME}
50 spec:
51 containers:
52 - name: ${ZED_SERVICE_NAME}
53 image: "${ZED_IMAGE_ID}"
54 args:
55 - serve
56 - ${ZED_SERVICE_NAME}
57 ports:
58 - containerPort: 8080
59 protocol: TCP
60 livenessProbe:
61 httpGet:
62 path: /healthz
63 port: 8080
64 initialDelaySeconds: 5
65 periodSeconds: 5
66 timeoutSeconds: 5
67 readinessProbe:
68 httpGet:
69 path: /
70 port: 8080
71 initialDelaySeconds: 1
72 periodSeconds: 1
73 startupProbe:
74 httpGet:
75 path: /
76 port: 8080
77 initialDelaySeconds: 1
78 periodSeconds: 1
79 failureThreshold: 15
80 env:
81 - name: HTTP_PORT
82 value: "8080"
83 - name: DATABASE_URL
84 valueFrom:
85 secretKeyRef:
86 name: database
87 key: url
88 - name: DATABASE_MAX_CONNECTIONS
89 value: "${DATABASE_MAX_CONNECTIONS}"
90 - name: API_TOKEN
91 valueFrom:
92 secretKeyRef:
93 name: api
94 key: token
95 - name: LLM_API_SECRET
96 valueFrom:
97 secretKeyRef:
98 name: llm-token
99 key: secret
100 - name: LLM_DATABASE_URL
101 valueFrom:
102 secretKeyRef:
103 name: llm-database
104 key: url
105 - name: LLM_DATABASE_MAX_CONNECTIONS
106 value: "${LLM_DATABASE_MAX_CONNECTIONS}"
107 - name: ZED_CLIENT_CHECKSUM_SEED
108 valueFrom:
109 secretKeyRef:
110 name: zed-client
111 key: checksum-seed
112 - name: LIVEKIT_SERVER
113 valueFrom:
114 secretKeyRef:
115 name: livekit
116 key: server
117 - name: LIVEKIT_KEY
118 valueFrom:
119 secretKeyRef:
120 name: livekit
121 key: key
122 - name: LIVEKIT_SECRET
123 valueFrom:
124 secretKeyRef:
125 name: livekit
126 key: secret
127 - name: OPENAI_API_KEY
128 valueFrom:
129 secretKeyRef:
130 name: openai
131 key: api_key
132 - name: ANTHROPIC_API_KEY
133 valueFrom:
134 secretKeyRef:
135 name: anthropic
136 key: api_key
137 - name: ANTHROPIC_STAFF_API_KEY
138 valueFrom:
139 secretKeyRef:
140 name: anthropic
141 key: staff_api_key
142 - name: LLM_CLOSED_BETA_MODEL_NAME
143 valueFrom:
144 secretKeyRef:
145 name: llm-closed-beta
146 key: model_name
147 - name: GOOGLE_AI_API_KEY
148 valueFrom:
149 secretKeyRef:
150 name: google-ai
151 key: api_key
152 - name: PREDICTION_API_URL
153 valueFrom:
154 secretKeyRef:
155 name: prediction
156 key: api_url
157 - name: PREDICTION_API_KEY
158 valueFrom:
159 secretKeyRef:
160 name: prediction
161 key: api_key
162 - name: PREDICTION_MODEL
163 valueFrom:
164 secretKeyRef:
165 name: prediction
166 key: model
167 - name: BLOB_STORE_ACCESS_KEY
168 valueFrom:
169 secretKeyRef:
170 name: blob-store
171 key: access_key
172 - name: BLOB_STORE_SECRET_KEY
173 valueFrom:
174 secretKeyRef:
175 name: blob-store
176 key: secret_key
177 - name: BLOB_STORE_URL
178 valueFrom:
179 secretKeyRef:
180 name: blob-store
181 key: url
182 - name: BLOB_STORE_REGION
183 valueFrom:
184 secretKeyRef:
185 name: blob-store
186 key: region
187 - name: BLOB_STORE_BUCKET
188 valueFrom:
189 secretKeyRef:
190 name: blob-store
191 key: bucket
192 - name: KINESIS_ACCESS_KEY
193 valueFrom:
194 secretKeyRef:
195 name: kinesis
196 key: access_key
197 - name: KINESIS_SECRET_KEY
198 valueFrom:
199 secretKeyRef:
200 name: kinesis
201 key: secret_key
202 - name: KINESIS_STREAM
203 valueFrom:
204 secretKeyRef:
205 name: kinesis
206 key: stream
207 - name: KINESIS_REGION
208 valueFrom:
209 secretKeyRef:
210 name: kinesis
211 key: region
212 - name: BLOB_STORE_BUCKET
213 valueFrom:
214 secretKeyRef:
215 name: blob-store
216 key: bucket
217 - name: SLACK_PANICS_WEBHOOK
218 valueFrom:
219 secretKeyRef:
220 name: slack
221 key: panics_webhook
222 - name: COMPLETE_WITH_LANGUAGE_MODEL_RATE_LIMIT_PER_HOUR
223 value: "1000"
224 - name: SUPERMAVEN_ADMIN_API_KEY
225 valueFrom:
226 secretKeyRef:
227 name: supermaven
228 key: api_key
229 - name: USER_BACKFILLER_GITHUB_ACCESS_TOKEN
230 valueFrom:
231 secretKeyRef:
232 name: user-backfiller
233 key: github_access_token
234 optional: true
235 - name: INVITE_LINK_PREFIX
236 value: ${INVITE_LINK_PREFIX}
237 - name: RUST_BACKTRACE
238 value: "1"
239 - name: RUST_LOG
240 value: ${RUST_LOG}
241 - name: LOG_JSON
242 value: "true"
243 - name: ZED_ENVIRONMENT
244 value: ${ZED_ENVIRONMENT}
245 - name: AUTO_JOIN_CHANNEL_ID
246 value: "${AUTO_JOIN_CHANNEL_ID}"
247 securityContext:
248 capabilities:
249 # TODO - Switch to the more restrictive `PERFMON` capability.
250 # This capability isn't yet available in a stable version of Debian.
251 add: ["SYS_ADMIN"]
252 terminationGracePeriodSeconds: 10