# services/comms/guest-register-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: matrix-guest-register labels: app.kubernetes.io/name: matrix-guest-register spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: matrix-guest-register template: metadata: annotations: checksum/config: guest-register-proxy-5 labels: app.kubernetes.io/name: matrix-guest-register spec: securityContext: runAsNonRoot: true runAsUser: 10001 runAsGroup: 10001 containers: - name: guest-register image: python:3.11-slim imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL env: - name: PYTHONDONTWRITEBYTECODE value: "1" - name: PYTHONUNBUFFERED value: "1" - name: PORT value: "8080" - name: MAS_BASE value: http://matrix-authentication-service:8080 - name: MAS_ADMIN_CLIENT_ID value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM - name: MAS_ADMIN_CLIENT_SECRET_FILE value: /etc/mas/admin-client/client_secret - name: MAS_ADMIN_API_BASE value: http://matrix-authentication-service:8081/api/admin/v1 - name: SYNAPSE_BASE value: http://othrys-synapse-matrix-synapse:8008 - name: SESSION_TTL_SEC value: "43200" - name: MATRIX_SERVER_NAME value: live.bstein.dev - name: RATE_WINDOW_SEC value: "60" - name: RATE_MAX value: "30" ports: - name: http containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 2 periodSeconds: 10 timeoutSeconds: 2 livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 2 resources: requests: cpu: 50m memory: 64Mi limits: cpu: 250m memory: 256Mi volumeMounts: - name: app mountPath: /app/server.py subPath: server.py readOnly: true - name: mas-admin-client mountPath: /etc/mas/admin-client readOnly: true command: - python - /app/server.py volumes: - name: app configMap: name: matrix-guest-register items: - key: server.py path: server.py - name: mas-admin-client secret: secretName: mas-admin-client-runtime items: - key: client_secret path: client_secret