# services/maintenance/metis-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: metis namespace: maintenance spec: replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app: metis template: metadata: labels: app: metis annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: serviceAccountName: metis terminationGracePeriodSeconds: 30 nodeSelector: kubernetes.io/hostname: titan-22 kubernetes.io/arch: amd64 node-role.kubernetes.io/accelerator: "true" containers: - name: metis image: registry.bstein.dev/bstein/metis:0.1.0-0-amd64 imagePullPolicy: Always envFrom: - configMapRef: name: metis env: - name: METIS_K3S_TOKEN valueFrom: secretKeyRef: name: metis-runtime key: k3s_token optional: true ports: - name: http containerPort: 8080 livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 2 readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 2 volumeMounts: - name: metis-data mountPath: /var/lib/metis - name: host-dev mountPath: /dev - name: host-sys mountPath: /sys readOnly: true - name: host-udev mountPath: /run/udev readOnly: true resources: requests: cpu: 150m memory: 256Mi limits: cpu: "1" memory: 1Gi securityContext: privileged: true runAsUser: 0 volumes: - name: metis-data persistentVolumeClaim: claimName: metis-data - name: host-dev hostPath: path: /dev - name: host-sys hostPath: path: /sys - name: host-udev hostPath: path: /run/udev