--- apiVersion: v1 kind: Namespace metadata: name: ${ZED_KUBE_NAMESPACE} --- kind: Service apiVersion: v1 metadata: namespace: ${ZED_KUBE_NAMESPACE} name: collab annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: "40879815-9a6b-4bbb-8207-8f2c7c0218f9" spec: type: LoadBalancer selector: app: collab ports: - name: web protocol: TCP port: 443 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: ${ZED_KUBE_NAMESPACE} name: collab spec: replicas: 1 selector: matchLabels: app: collab template: metadata: labels: app: collab spec: containers: - name: collab image: "${ZED_IMAGE_ID}" ports: - containerPort: 8080 protocol: TCP env: - name: HTTP_PORT value: "8080" - name: DATABASE_URL valueFrom: secretKeyRef: name: database key: url - name: SESSION_SECRET valueFrom: secretKeyRef: name: session key: secret - name: GITHUB_APP_ID valueFrom: secretKeyRef: name: github key: appId - name: GITHUB_CLIENT_ID valueFrom: secretKeyRef: name: github key: clientId - name: GITHUB_CLIENT_SECRET valueFrom: secretKeyRef: name: github key: clientSecret - name: GITHUB_PRIVATE_KEY valueFrom: secretKeyRef: name: github key: privateKey - name: API_TOKEN valueFrom: secretKeyRef: name: api key: token - name: RUST_LOG value: ${RUST_LOG} - name: TRACE_LEVEL value: ${TRACE_LEVEL} - name: HONEYCOMB_DATASET value: "collab" - name: HONEYCOMB_API_KEY valueFrom: secretKeyRef: name: honeycomb key: apiKey securityContext: capabilities: # FIXME - Switch to the more restrictive `PERFMON` capability. # This capability isn't yet available in a stable version of Debian. add: ["SYS_ADMIN"]