titan-iac/services/outline/deployment.yaml

# services/outline/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: outline
  namespace: outline
  labels:
    app: outline
spec:
  replicas: 1
  selector:
    matchLabels:
      app: outline
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  template:
    metadata:
      labels:
        app: outline
    spec:
      nodeSelector:
        node-role.kubernetes.io/worker: "true"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi4", "rpi5"]
      containers:
        - name: outline
          image: outlinewiki/outline:1.2.0
          ports:
            - name: http
              containerPort: 3000
          env:
            - name: NODE_ENV
              value: production
            - name: URL
              value: https://notes.bstein.dev
            - name: PORT
              value: "3000"
            - name: REDIS_URL
              value: redis://outline-redis:6379
            - name: PGSSLMODE
              value: disable
            - name: FILE_STORAGE
              value: local
            - name: FILE_STORAGE_LOCAL_ROOT_DIR
              value: /var/lib/outline/data
            - name: FORCE_HTTPS
              value: "true"
            - name: OIDC_ENFORCED
              value: "true"
            - name: OIDC_SCOPES
              value: openid profile email
            - name: OIDC_USERNAME_CLAIM
              value: preferred_username
            - name: OIDC_DISPLAY_NAME
              value: Atlas SSO
            - name: SMTP_SECURE
              value: "false"
            - name: SMTP_PORT
              value: "25"
          envFrom:
            - secretRef:
                name: outline-db
            - secretRef:
                name: outline-secrets
            - secretRef:
                name: outline-oidc
            - secretRef:
                name: outline-smtp
          volumeMounts:
            - name: user-data
              mountPath: /var/lib/outline/data
          readinessProbe:
            httpGet:
              path: /_health
              port: http
            initialDelaySeconds: 15
            periodSeconds: 10
            timeoutSeconds: 3
            failureThreshold: 6
          livenessProbe:
            httpGet:
              path: /_health
              port: http
            initialDelaySeconds: 30
            periodSeconds: 20
            timeoutSeconds: 3
            failureThreshold: 6
          resources:
            requests:
              cpu: 200m
              memory: 512Mi
            limits:
              cpu: "1"
              memory: 2Gi
      volumes:
        - name: user-data
          persistentVolumeClaim:
            claimName: outline-user-data