111 lines
3.5 KiB
YAML
111 lines
3.5 KiB
YAML
# services/comms/guest-register-deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: matrix-guest-register
|
|
labels:
|
|
app.kubernetes.io/name: matrix-guest-register
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: matrix-guest-register
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: guest-register-proxy-5
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
vault.hashicorp.com/role: "comms"
|
|
vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime"
|
|
vault.hashicorp.com/agent-inject-template-mas-admin-secret: |
|
|
{{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}}
|
|
labels:
|
|
app.kubernetes.io/name: matrix-guest-register
|
|
spec:
|
|
serviceAccountName: comms-vault
|
|
hostAliases:
|
|
- ip: "10.43.36.27"
|
|
hostnames:
|
|
- "matrix-authentication-service"
|
|
- "matrix-authentication-service.comms.svc.cluster.local"
|
|
- ip: "10.43.216.45"
|
|
hostnames:
|
|
- "othrys-synapse-matrix-synapse"
|
|
- "othrys-synapse-matrix-synapse.comms.svc.cluster.local"
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 10001
|
|
runAsGroup: 10001
|
|
containers:
|
|
- name: guest-register
|
|
image: python:3.11-slim
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
env:
|
|
- name: PYTHONDONTWRITEBYTECODE
|
|
value: "1"
|
|
- name: PYTHONUNBUFFERED
|
|
value: "1"
|
|
- name: PORT
|
|
value: "8080"
|
|
- name: MAS_BASE
|
|
value: http://matrix-authentication-service:8080
|
|
- name: MAS_ADMIN_CLIENT_ID
|
|
value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
|
|
- name: MAS_ADMIN_CLIENT_SECRET_FILE
|
|
value: /vault/secrets/mas-admin-secret
|
|
- name: MAS_ADMIN_API_BASE
|
|
value: http://matrix-authentication-service:8081/api/admin/v1
|
|
- name: SYNAPSE_BASE
|
|
value: http://othrys-synapse-matrix-synapse:8008
|
|
- name: MATRIX_SERVER_NAME
|
|
value: live.bstein.dev
|
|
- name: RATE_WINDOW_SEC
|
|
value: "60"
|
|
- name: RATE_MAX
|
|
value: "30"
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: http
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
timeoutSeconds: 2
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 20
|
|
timeoutSeconds: 2
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 250m
|
|
memory: 256Mi
|
|
volumeMounts:
|
|
- name: app
|
|
mountPath: /app/server.py
|
|
subPath: server.py
|
|
readOnly: true
|
|
command:
|
|
- python
|
|
- /app/server.py
|
|
volumes:
|
|
- name: app
|
|
configMap:
|
|
name: matrix-guest-register
|
|
items:
|
|
- key: server.py
|
|
path: server.py
|