K3s-cluster/ocis/deployment.yaml
Tanguy Herbron 802eef042e feat(ocis): Add basic drive configuration
Add OwnCloud Infinity Scale as drive to the cluster. The current configuration only includes enough for a beta environment.
2022-09-21 18:24:46 +02:00

201 lines
5.6 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: chart-owncloud-ocis
namespace: drive
labels:
app.kubernetes.io/instance: chart
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: owncloud-ocis
app.kubernetes.io/version: 2.0.0
helm-revision: "1"
helm.sh/chart: owncloud-ocis-8.1.1
annotations:
rollme: oHHac
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: owncloud-ocis
app.kubernetes.io/instance: chart
template:
metadata:
annotations:
labels:
app.kubernetes.io/name: owncloud-ocis
app.kubernetes.io/instance: chart
spec:
serviceAccountName: default
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
runAsUser: 568
supplementalGroups:
- 568
dnsPolicy: ClusterFirst
dnsConfig:
options:
- name: ndots
value: "1"
enableServiceLinks: false
terminationGracePeriodSeconds: 10
initContainers:
- name: prepare
image: tccr.io/truecharts/multi-init:v0.0.1@sha256:4c2caebee117b055f379377fd0fd306f2ee0e6697fd47d9364073e0e9e6f2e02
securityContext:
runAsUser: 0
resources:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 10m
memory: 50Mi
env:
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "Automatically correcting permissions..."
EOF
volumeMounts:
- command:
- /bin/sh
- -c
- |
if test -f /etc/ocis/ocis.yaml; then exit 0; fi &&
/usr/bin/ocis init -f --insecure yes > /etc/ocis/password
image: 'tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82'
name: init
volumeMounts:
- mountPath: /etc/ocis
name: config
nodeName: slave-1
containers:
- name: chart-owncloud-ocis
image: tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
add: []
drop: []
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
env:
- name: UMASK
value: "2"
- name: UMASK_SET
value: "2"
- name: S6_READ_ONLY_ROOT
value: "1"
- name: NVIDIA_VISIBLE_DEVICES
value: "void"
- name: TZ
value: "Europe/Copenhagen"
- name: "ACCOUNTS_DEMO_USERS_AND_GROUPS"
value: "false"
- name: "OCIS_INSECURE"
value: "true"
- name: "OCIS_JWT_SECRET"
valueFrom:
secretKeyRef:
key: OCIS_JWT_SECRET
name: ocis-secrets
- name: "OCIS_LOG_COLOR"
value: "true"
- name: "OCIS_LOG_PRETTY"
value: "true"
- name: "OCIS_MACHINE_AUTH_API_KEY"
valueFrom:
secretKeyRef:
key: OCIS_MACHINE_AUTH_API_KEY
name: ocis-secrets
- name: "OCIS_URL"
value: "https://drive.beta.halia.dev"
- name: "PROXY_HTTP_ADDR"
value: "0.0.0.0:9200"
- name: "PROXY_TLS"
value: "false"
- name: "STORAGE_TRANSFER_SECRET"
valueFrom:
secretKeyRef:
key: STORAGE_TRANSFER_SECRET
name: ocis-secrets
envFrom:
ports:
- name: main
containerPort: 9200
protocol: TCP
volumeMounts:
- mountPath: /etc/ocis
name: config
- mountPath: /var/lib/ocis
name: data
- mountPath: /shared
name: shared
- mountPath: /tmp
name: temp
- mountPath: /var/logs
name: varlogs
livenessProbe:
tcpSocket:
port: 9200
initialDelaySeconds: 10
failureThreshold: 5
timeoutSeconds: 5
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 9200
initialDelaySeconds: 10
failureThreshold: 5
timeoutSeconds: 5
periodSeconds: 10
startupProbe:
tcpSocket:
port: 9200
initialDelaySeconds: 10
failureThreshold: 60
timeoutSeconds: 2
periodSeconds: 5
resources:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 10m
memory: 50Mi
volumes:
- name: config
persistentVolumeClaim:
claimName: chart-owncloud-ocis-config
- name: data
persistentVolumeClaim:
claimName: chart-owncloud-ocis-data
- name: shared
emptyDir:
{}
- name: temp
emptyDir:
{}
- name: varlogs
emptyDir:
{}