--- apiVersion: v1 kind: Namespace metadata: name: ${ZED_KUBE_NAMESPACE} --- kind: Service apiVersion: v1 metadata: namespace: ${ZED_KUBE_NAMESPACE} name: ${ZED_SERVICE_NAME} annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID} service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true" spec: type: LoadBalancer selector: app: ${ZED_SERVICE_NAME} ports: - name: web protocol: TCP port: 443 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: ${ZED_KUBE_NAMESPACE} name: ${ZED_SERVICE_NAME} spec: replicas: 1 selector: matchLabels: app: ${ZED_SERVICE_NAME} template: metadata: labels: app: ${ZED_SERVICE_NAME} annotations: ad.datadoghq.com/collab.check_names: | ["openmetrics"] ad.datadoghq.com/collab.init_configs: | [{}] ad.datadoghq.com/collab.instances: | [ { "openmetrics_endpoint": "http://%%host%%:%%port%%/metrics", "namespace": "collab_${ZED_KUBE_NAMESPACE}", "metrics": [".*"] } ] spec: containers: - name: ${ZED_SERVICE_NAME} image: "${ZED_IMAGE_ID}" args: - serve ports: - containerPort: 8080 protocol: TCP livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 1 periodSeconds: 1 env: - name: HTTP_PORT value: "8080" - name: DATABASE_URL valueFrom: secretKeyRef: name: database key: url - name: DATABASE_MAX_CONNECTIONS value: "${DATABASE_MAX_CONNECTIONS}" - name: API_TOKEN valueFrom: secretKeyRef: name: api key: token - name: LIVE_KIT_SERVER valueFrom: secretKeyRef: name: livekit key: server - name: LIVE_KIT_KEY valueFrom: secretKeyRef: name: livekit key: key - name: LIVE_KIT_SECRET valueFrom: secretKeyRef: name: livekit key: secret - name: BLOB_STORE_ACCESS_KEY valueFrom: secretKeyRef: name: blob-store key: access_key - name: BLOB_STORE_SECRET_KEY valueFrom: secretKeyRef: name: blob-store key: secret_key - name: BLOB_STORE_URL valueFrom: secretKeyRef: name: blob-store key: url - name: BLOB_STORE_REGION valueFrom: secretKeyRef: name: blob-store key: region - name: BLOB_STORE_BUCKET valueFrom: secretKeyRef: name: blob-store key: bucket - name: CLICKHOUSE_URL valueFrom: secretKeyRef: name: clickhouse key: url - name: CLICKHOUSE_USER valueFrom: secretKeyRef: name: clickhouse key: user - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: name: clickhouse key: password - name: CLICKHOUSE_DATABASE valueFrom: secretKeyRef: name: clickhouse key: database - name: INVITE_LINK_PREFIX value: ${INVITE_LINK_PREFIX} - name: RUST_BACKTRACE value: "1" - name: RUST_LOG value: ${RUST_LOG} - name: LOG_JSON value: "true" - name: ZED_ENVIRONMENT value: ${ZED_ENVIRONMENT} securityContext: capabilities: # FIXME - Switch to the more restrictive `PERFMON` capability. # This capability isn't yet available in a stable version of Debian. add: ["SYS_ADMIN"]