apiVersion: apps/v1 kind: Deployment metadata: name: astrojs spec: selector: matchLabels: app: astrojs replicas: 1 template: metadata: labels: app: astrojs spec: securityContext: runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 imagePullSecrets: - name: registry-auth initContainers: - name: init-dir image: alpine:latest command: - chown - 1001:1001 - /app/cache securityContext: runAsNonRoot: false volumeMounts: - name: cache mountPath: "/app/cache" containers: - name: web image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04 env: - name: FLASK_DEBUG value: "0" - name: FLASK_ENV value: "production" - name: RUN_MODE value: "web" volumeMounts: - name: cache mountPath: "/app/cache" - name: redis image: redis:6.0.8-alpine - name: compiler image: registry.k8s.astropenguin.net/astrojs:2022.03.15.04 env: - name: RUN_MODE value: "tasks" volumeMounts: - name: cache mountPath: "/app/cache" volumes: - name: cache persistentVolumeClaim: claimName: astrojs-cache --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: astrojs-cache spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi storageClassName: local-storage --- apiVersion: v1 kind: Service metadata: name: astrojs spec: selector: app: astrojs ports: - port: 5000 targetPort: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: astrojs namespace: ingress-https spec: ingressClassName: nginx tls: - hosts: - astrojs.k8s.astropenguin.net secretName: any-k8s-astro-prod rules: - host: astrojs.k8s.astropenguin.net http: paths: - path: / pathType: Prefix backend: service: name: f-astrojs-default port: number: 5000 --- kind: Service apiVersion: v1 metadata: name: f-astrojs-default namespace: ingress-https spec: type: ExternalName externalName: astrojs.default.svc.cluster.local