--- apiVersion: v1 kind: Namespace metadata: name: ${ZED_KUBE_NAMESPACE} --- kind: Service apiVersion: v1 metadata: namespace: ${ZED_KUBE_NAMESPACE} name: ${ZED_SERVICE_NAME} annotations: service.beta.kubernetes.io/do-loadbalancer-name: "${ZED_SERVICE_NAME}-${ZED_KUBE_NAMESPACE}" service.beta.kubernetes.io/do-loadbalancer-size-unit: "${ZED_LOAD_BALANCER_SIZE_UNIT}" service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: ${ZED_DO_CERTIFICATE_ID} service.beta.kubernetes.io/do-loadbalancer-disable-lets-encrypt-dns-records: "true" spec: type: LoadBalancer selector: app: ${ZED_SERVICE_NAME} ports: - name: web protocol: TCP port: 443 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: ${ZED_KUBE_NAMESPACE} name: ${ZED_SERVICE_NAME} spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: ${ZED_SERVICE_NAME} template: metadata: labels: app: ${ZED_SERVICE_NAME} spec: containers: - name: ${ZED_SERVICE_NAME} image: "${ZED_IMAGE_ID}" args: - serve - ${ZED_SERVICE_NAME} ports: - containerPort: 8080 protocol: TCP livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 1 periodSeconds: 1 startupProbe: httpGet: path: / port: 8080 initialDelaySeconds: 1 periodSeconds: 1 failureThreshold: 15 env: - name: HTTP_PORT value: "8080" - name: DATABASE_URL valueFrom: secretKeyRef: name: database key: url - name: DATABASE_MAX_CONNECTIONS value: "${DATABASE_MAX_CONNECTIONS}" - name: API_TOKEN valueFrom: secretKeyRef: name: api key: token - name: LLM_API_SECRET valueFrom: secretKeyRef: name: llm-token key: secret - name: LLM_DATABASE_URL valueFrom: secretKeyRef: name: llm-database key: url - name: LLM_DATABASE_MAX_CONNECTIONS value: "${LLM_DATABASE_MAX_CONNECTIONS}" - name: ZED_CLIENT_CHECKSUM_SEED valueFrom: secretKeyRef: name: zed-client key: checksum-seed - name: LIVEKIT_SERVER valueFrom: secretKeyRef: name: livekit key: server - name: LIVEKIT_KEY valueFrom: secretKeyRef: name: livekit key: key - name: LIVEKIT_SECRET valueFrom: secretKeyRef: name: livekit key: secret - name: OPENAI_API_KEY valueFrom: secretKeyRef: name: openai key: api_key - name: ANTHROPIC_API_KEY valueFrom: secretKeyRef: name: anthropic key: api_key - name: ANTHROPIC_STAFF_API_KEY valueFrom: secretKeyRef: name: anthropic key: staff_api_key - name: LLM_CLOSED_BETA_MODEL_NAME valueFrom: secretKeyRef: name: llm-closed-beta key: model_name - name: GOOGLE_AI_API_KEY valueFrom: secretKeyRef: name: google-ai key: api_key - name: PREDICTION_API_URL valueFrom: secretKeyRef: name: prediction key: api_url - name: PREDICTION_API_KEY valueFrom: secretKeyRef: name: prediction key: api_key - name: PREDICTION_MODEL valueFrom: secretKeyRef: name: prediction key: model - name: BLOB_STORE_ACCESS_KEY valueFrom: secretKeyRef: name: blob-store key: access_key - name: BLOB_STORE_SECRET_KEY valueFrom: secretKeyRef: name: blob-store key: secret_key - name: BLOB_STORE_URL valueFrom: secretKeyRef: name: blob-store key: url - name: BLOB_STORE_REGION valueFrom: secretKeyRef: name: blob-store key: region - name: BLOB_STORE_BUCKET valueFrom: secretKeyRef: name: blob-store key: bucket - name: KINESIS_ACCESS_KEY valueFrom: secretKeyRef: name: kinesis key: access_key - name: KINESIS_SECRET_KEY valueFrom: secretKeyRef: name: kinesis key: secret_key - name: KINESIS_STREAM valueFrom: secretKeyRef: name: kinesis key: stream - name: KINESIS_REGION valueFrom: secretKeyRef: name: kinesis key: region - name: BLOB_STORE_BUCKET valueFrom: secretKeyRef: name: blob-store key: bucket - name: SLACK_PANICS_WEBHOOK valueFrom: secretKeyRef: name: slack key: panics_webhook - name: STRIPE_API_KEY valueFrom: secretKeyRef: name: stripe key: api_key optional: true - name: COMPLETE_WITH_LANGUAGE_MODEL_RATE_LIMIT_PER_HOUR value: "1000" - name: SUPERMAVEN_ADMIN_API_KEY valueFrom: secretKeyRef: name: supermaven key: api_key - name: USER_BACKFILLER_GITHUB_ACCESS_TOKEN valueFrom: secretKeyRef: name: user-backfiller key: github_access_token optional: true - name: INVITE_LINK_PREFIX value: ${INVITE_LINK_PREFIX} - name: RUST_BACKTRACE value: "1" - name: RUST_LOG value: ${RUST_LOG} - name: LOG_JSON value: "true" - name: ZED_ENVIRONMENT value: ${ZED_ENVIRONMENT} - name: AUTO_JOIN_CHANNEL_ID value: "${AUTO_JOIN_CHANNEL_ID}" securityContext: capabilities: # TODO - Switch to the more restrictive `PERFMON` capability. # This capability isn't yet available in a stable version of Debian. add: ["SYS_ADMIN"] terminationGracePeriodSeconds: 10