bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/zot/deployment.yaml

92 lines
2.6 KiB
YAML
Raw Blame History

# services/zot/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: zot
namespace: zot
labels: { app: zot }
spec:
replicas: 1
selector:
matchLabels: { app: zot }
template:
metadata:
labels: { app: zot }
spec:
nodeSelector:
node-role.kubernetes.io/worker: "true"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values: ["rpi4","rpi5"]
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
preference:
matchExpressions:
- key: hardware
operator: In
values: ["rpi4"]
containers:
- name: zot
image: ghcr.io/project-zot/zot-linux-arm64:v2.1.8
imagePullPolicy: IfNotPresent
args: ["serve", "/etc/zot/config.json"]
ports:
- { name: http, containerPort: 5000 }
volumeMounts:
- name: cfg-rendered
mountPath: /etc/zot/config.json
subPath: config.json
readOnly: true
- name: zot-data
mountPath: /var/lib/registry
readinessProbe:
tcpSocket:
port: 5000
initialDelaySeconds: 2
periodSeconds: 5
livenessProbe:
tcpSocket:
port: 5000
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests: { cpu: "50m", memory: "64Mi" }
initContainers:
- name: render-config
image: busybox:1.36
command:
- /bin/sh
- -c
- |
set -eu
if [ -z "${ZOT_CLIENT_SECRET:-}" ]; then
echo "ZOT_CLIENT_SECRET is empty; ensure zot-oidc-client secret exists" >&2
exit 1
fi
sed "s|__CLIENT_SECRET__|${ZOT_CLIENT_SECRET}|g" /config-src/config.json > /config/config.json
env:
- name: ZOT_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: zot-oidc-client
key: client_secret
volumeMounts:
- name: cfg-src
mountPath: /config-src
- name: cfg-rendered
mountPath: /config
volumes:
- name: cfg-src
configMap:
name: zot-config
- name: cfg-rendered
emptyDir: {}
- name: zot-data
persistentVolumeClaim:
claimName: zot-data
Reference in New Issue View Git Blame Copy Permalink