bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/typhon/deployment.yaml

149 lines
4.8 KiB
YAML
Raw Blame History

# services/typhon/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: typhon
namespace: climate
labels:
app: typhon
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: typhon
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
template:
metadata:
labels:
app: typhon
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9108"
prometheus.io/path: "/metrics"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "typhon"
vault.hashicorp.com/agent-inject-secret-aci-env.sh: "kv/data/atlas/climate/typhon/ac-infinity"
vault.hashicorp.com/agent-inject-template-aci-env.sh: |
{{- with secret "kv/data/atlas/climate/typhon/ac-infinity" -}}
{{- if index .Data.data "ACI_EMAIL" }}
export ACI_EMAIL="{{ index .Data.data "ACI_EMAIL" }}"
{{- end }}
{{- if index .Data.data "ACI_PASSWORD" }}
export ACI_PASSWORD="{{ index .Data.data "ACI_PASSWORD" }}"
{{- end }}
{{- if index .Data.data "ACI_HOST" }}
export ACI_HOST="{{ index .Data.data "ACI_HOST" }}"
{{- end }}
{{- if index .Data.data "TYPHON_MODE" }}
export TYPHON_MODE="{{ index .Data.data "TYPHON_MODE" }}"
{{- end }}
{{- if index .Data.data "ENABLE_CONTROL_API" }}
export ENABLE_CONTROL_API="{{ index .Data.data "ENABLE_CONTROL_API" }}"
{{- end }}
{{- if index .Data.data "TY_BLE_DEFAULT_MAC" }}
export TY_BLE_DEFAULT_MAC="{{ index .Data.data "TY_BLE_DEFAULT_MAC" }}"
{{- end }}
{{- if index .Data.data "TY_BLE_ALLOWED_MACS" }}
export TY_BLE_ALLOWED_MACS="{{ index .Data.data "TY_BLE_ALLOWED_MACS" }}"
{{- end }}
{{- if index .Data.data "TY_BLE_DEVICE_TYPE" }}
export TY_BLE_DEVICE_TYPE="{{ index .Data.data "TY_BLE_DEVICE_TYPE" }}"
{{- end }}
{{- if index .Data.data "TY_BLE_SCAN_TIMEOUT_MS" }}
export TY_BLE_SCAN_TIMEOUT_MS="{{ index .Data.data "TY_BLE_SCAN_TIMEOUT_MS" }}"
{{- end }}
{{- if index .Data.data "TY_BLE_PORT_BASE" }}
export TY_BLE_PORT_BASE="{{ index .Data.data "TY_BLE_PORT_BASE" }}"
{{- end }}
{{- end -}}
typhon.bstein.dev/restart-rev: "2"
spec:
serviceAccountName: typhon
imagePullSecrets:
- name: harbor-regcred
nodeSelector:
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
containers:
- name: typhon
image: registry.bstein.dev/bstein/typhon:main
imagePullPolicy: Always
command: ["/bin/sh", "-c"]
args:
- |
set -eu
if [ -f /vault/secrets/aci-env.sh ]; then
. /vault/secrets/aci-env.sh
fi
: "${TYPHON_MODE:=cloud}"
: "${ENABLE_CONTROL_API:=false}"
exec node dist/index.js
env:
- name: TYPHON_MODE
value: "cloud"
- name: ENABLE_CONTROL_API
value: "false"
- name: POLL_INTERVAL_SECONDS
value: "30"
- name: REQUEST_TIMEOUT_MS
value: "10000"
- name: LISTEN_PORT
value: "9108"
- name: CONTROL_LISTEN_PORT
value: "9110"
- name: TY_BLE_DEVICE_TYPE
value: "11"
- name: TY_BLE_SCAN_TIMEOUT_MS
value: "20000"
- name: TY_BLE_PORT_BASE
value: "1"
- name: LOG_LEVEL
value: "info"
ports:
- name: metrics
containerPort: 9108
- name: control
containerPort: 9110
volumeMounts:
- name: tmp
mountPath: /tmp
livenessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: 20
periodSeconds: 20
timeoutSeconds: 3
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
securityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumes:
- name: tmp
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink