# services/pegasus/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: pegasus namespace: jellyfin spec: replicas: 1 revisionHistoryLimit: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 selector: { matchLabels: { app: pegasus } } template: metadata: { labels: { app: pegasus } } spec: nodeSelector: kubernetes.io/arch: amd64 imagePullSecrets: - name: zot-regcred securityContext: runAsNonRoot: true runAsUser: 10001 runAsGroup: 10001 fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" containers: - name: pegasus image: registry.bstein.dev/pegasus:1.2.16 # {"$imagepolicy": "jellyfin:pegasus"} imagePullPolicy: Always command: ["/pegasus"] env: - name: PEGASUS_MEDIA_ROOT valueFrom: { configMapKeyRef: { name: pegasus-config, key: PEGASUS_MEDIA_ROOT } } - name: PEGASUS_BIND valueFrom: { configMapKeyRef: { name: pegasus-config, key: PEGASUS_BIND } } - name: PEGASUS_USER_MAP_FILE value: "/config/user-map.yaml" - name: PEGASUS_SESSION_KEY valueFrom: { secretKeyRef: { name: pegasus-secrets, key: PEGASUS_SESSION_KEY } } - name: JELLYFIN_URL valueFrom: { secretKeyRef: { name: pegasus-secrets, key: JELLYFIN_URL } } - name: PEGASUS_DEBUG value: "1" - name: PEGASUS_DRY_RUN value: "0" ports: [{ name: http, containerPort: 8080 }] readinessProbe: httpGet: { path: /healthz, port: http } initialDelaySeconds: 2 periodSeconds: 5 timeoutSeconds: 1 livenessProbe: httpGet: { path: /healthz, port: http } initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 2 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: ["ALL"] } resources: requests: { cpu: 100m, memory: 256Mi } limits: { cpu: 1000m, memory: 1Gi } volumeMounts: - name: media mountPath: /media - name: config mountPath: /config readOnly: true - name: tmp mountPath: /tmp volumes: - name: media persistentVolumeClaim: claimName: jellyfin-media-asteria - name: config configMap: { name: pegasus-user-map } - name: tmp emptyDir: {}