# services/crypto/wallet-monero-temp/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: wallet-monero-temp namespace: crypto labels: app: wallet-monero-temp spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: wallet-monero-temp template: metadata: labels: app: wallet-monero-temp annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "crypto" vault.hashicorp.com/agent-inject-secret-wallet-rpc-env.sh: "kv/data/atlas/crypto/wallet-monero-temp-rpc-auth" vault.hashicorp.com/agent-inject-template-wallet-rpc-env.sh: | {{- with secret "kv/data/atlas/crypto/wallet-monero-temp-rpc-auth" -}} export RPC_USER="{{ .Data.data.username }}" export RPC_PASS="{{ .Data.data.password }}" {{- end -}} spec: serviceAccountName: crypto-vault-sync automountServiceAccountToken: true nodeSelector: node-role.kubernetes.io/worker: "true" imagePullSecrets: - name: harbor-regcred securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch initContainers: - name: volume-permissions image: busybox:1.36 imagePullPolicy: IfNotPresent command: ["/bin/sh", "-lc"] args: - chown :1000 /data && chmod 0770 /data securityContext: runAsUser: 0 volumeMounts: - name: data mountPath: /data containers: - name: wallet-rpc image: registry.bstein.dev/crypto/monero-wallet-rpc:0.18.4.1 imagePullPolicy: Always command: ["/bin/sh", "-lc"] args: - | set -eu . /vault/secrets/wallet-rpc-env.sh exec /usr/local/bin/monero-wallet-rpc \ --wallet-dir /data \ --daemon-address xmr-node.cakewallet.com:18081 \ --rpc-bind-ip 0.0.0.0 --rpc-bind-port 18083 \ --rpc-login "${RPC_USER}:${RPC_PASS}" \ --confirm-external-bind ports: - containerPort: 18083 name: rpc resources: requests: cpu: 100m memory: 128Mi limits: cpu: "1" memory: 512Mi volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: wallet-monero-temp