2025-08-10 20:41:01 -05:00
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: monerod
|
|
|
|
|
namespace: monero
|
|
|
|
|
labels: { app: monerod }
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
strategy: { type: Recreate }
|
|
|
|
|
selector: { matchLabels: { app: monerod } }
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels: { app: monerod }
|
|
|
|
|
spec:
|
|
|
|
|
securityContext:
|
|
|
|
|
fsGroup: 1000
|
|
|
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
|
|
|
initContainers:
|
|
|
|
|
- name: fetch-monero-cli
|
|
|
|
|
image: debian:bookworm-slim
|
2025-08-11 17:43:11 -05:00
|
|
|
command: ["/bin/sh","-c"]
|
2025-08-10 20:41:01 -05:00
|
|
|
args:
|
|
|
|
|
- |
|
2025-08-12 00:16:10 -05:00
|
|
|
set -eux
|
2025-08-10 20:41:01 -05:00
|
|
|
apt-get update
|
2025-08-11 08:54:22 -05:00
|
|
|
apt-get install -y --no-install-recommends ca-certificates curl bzip2
|
|
|
|
|
update-ca-certificates
|
|
|
|
|
ARCH="$(uname -m)"
|
|
|
|
|
case "$ARCH" in
|
2025-08-11 17:43:11 -05:00
|
|
|
x86_64) F="monero-linux-x64" ;;
|
|
|
|
|
aarch64|arm64) F="monero-linux-armv8" ;;
|
|
|
|
|
armv7l) F="monero-linux-armv7" ;;
|
2025-08-11 08:54:22 -05:00
|
|
|
*) echo "Unsupported arch: $ARCH" >&2; exit 1 ;;
|
|
|
|
|
esac
|
2025-08-11 17:43:11 -05:00
|
|
|
VER="v0.18.4.1"
|
2025-08-12 00:16:10 -05:00
|
|
|
URL="https://downloads.getmonero.org/cli/${F}-${VER}.tar.bz2"
|
2025-08-11 08:54:22 -05:00
|
|
|
echo "Downloading $URL"
|
|
|
|
|
cd /data
|
|
|
|
|
curl -fL "$URL" -o monero.tar.bz2
|
|
|
|
|
tar -xjf monero.tar.bz2 --strip-components=1
|
|
|
|
|
rm -f monero.tar.bz2
|
2025-08-10 20:41:01 -05:00
|
|
|
volumeMounts:
|
2025-08-11 08:54:22 -05:00
|
|
|
- name: data
|
|
|
|
|
mountPath: /data
|
2025-08-11 17:43:11 -05:00
|
|
|
|
2025-08-10 20:41:01 -05:00
|
|
|
containers:
|
|
|
|
|
- name: monerod
|
|
|
|
|
image: debian:bookworm-slim
|
2025-08-11 17:43:11 -05:00
|
|
|
command: ["/bin/sh","-c"]
|
|
|
|
|
args:
|
|
|
|
|
- exec /data/monerod \
|
|
|
|
|
--data-dir=/data \
|
|
|
|
|
--non-interactive \
|
|
|
|
|
--prune-blockchain \
|
|
|
|
|
--rpc-bind-ip=0.0.0.0 --rpc-bind-port=18081 \
|
2025-08-12 00:29:07 -05:00
|
|
|
--confirm-external-bind \
|
2025-08-11 17:43:11 -05:00
|
|
|
--p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080
|
2025-08-11 08:54:22 -05:00
|
|
|
ports:
|
2025-08-11 17:43:11 -05:00
|
|
|
- { containerPort: 18081, name: rpc }
|
|
|
|
|
- { containerPort: 18080, name: p2p }
|
2025-08-10 20:41:01 -05:00
|
|
|
securityContext:
|
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
runAsUser: 1000
|
|
|
|
|
capabilities: { drop: ["ALL"] }
|
|
|
|
|
readinessProbe:
|
|
|
|
|
httpGet: { path: /get_info, port: 18081 }
|
2025-08-11 08:54:22 -05:00
|
|
|
initialDelaySeconds: 90
|
2025-08-10 20:41:01 -05:00
|
|
|
periodSeconds: 10
|
2025-08-11 08:54:22 -05:00
|
|
|
timeoutSeconds: 3
|
|
|
|
|
failureThreshold: 6
|
2025-08-10 20:41:01 -05:00
|
|
|
livenessProbe:
|
|
|
|
|
httpGet: { path: /get_info, port: 18081 }
|
2025-08-11 08:54:22 -05:00
|
|
|
initialDelaySeconds: 180
|
2025-08-10 20:41:01 -05:00
|
|
|
periodSeconds: 20
|
2025-08-11 08:54:22 -05:00
|
|
|
timeoutSeconds: 3
|
|
|
|
|
failureThreshold: 6
|
2025-08-11 17:43:11 -05:00
|
|
|
volumeMounts:
|
|
|
|
|
- { name: data, mountPath: /data }
|
|
|
|
|
- { name: tmp, mountPath: /tmp }
|
2025-08-10 20:41:01 -05:00
|
|
|
volumes:
|
2025-08-11 08:54:22 -05:00
|
|
|
- name: data
|
2025-08-11 17:43:11 -05:00
|
|
|
persistentVolumeClaim: { claimName: monerod-chain }
|
2025-08-11 08:54:22 -05:00
|
|
|
- name: tmp
|
2025-08-10 20:41:01 -05:00
|
|
|
emptyDir: {}
|
