# services/communication/guest-register-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: matrix-guest-register labels: app.kubernetes.io/name: matrix-guest-register spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: matrix-guest-register template: metadata: annotations: checksum/config: guest-register-proxy-3 labels: app.kubernetes.io/name: matrix-guest-register spec: securityContext: runAsNonRoot: true runAsUser: 10001 runAsGroup: 10001 containers: - name: guest-register image: python:3.11-slim imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL env: - name: PYTHONDONTWRITEBYTECODE value: "1" - name: PYTHONUNBUFFERED value: "1" - name: PORT value: "8080" - name: SYNAPSE_BASE value: http://othrys-synapse-matrix-synapse:8008 - name: GUEST_REGISTER_SHARED_SECRET valueFrom: secretKeyRef: name: guest-register-shared-secret-runtime key: secret - name: MATRIX_SERVER_NAME value: live.bstein.dev - name: RATE_WINDOW_SEC value: "60" - name: RATE_MAX value: "30" ports: - name: http containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 2 periodSeconds: 10 timeoutSeconds: 2 livenessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 2 resources: requests: cpu: 50m memory: 64Mi limits: cpu: 250m memory: 256Mi volumeMounts: - name: app mountPath: /app/server.py subPath: server.py readOnly: true command: - python - /app/server.py volumes: - name: app configMap: name: matrix-guest-register items: - key: server.py path: server.py