--- apiVersion: v1 kind: Namespace metadata: name: ${ZED_KUBE_NAMESPACE} --- kind: Service apiVersion: v1 metadata: namespace: ${ZED_KUBE_NAMESPACE} name: zed annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: "2634d353-1ab4-437f-add2-4ffd8f315233" spec: type: LoadBalancer selector: app: zed ports: - name: web protocol: TCP port: 443 targetPort: 8080 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: ${ZED_KUBE_NAMESPACE} name: zed spec: replicas: 1 selector: matchLabels: app: zed template: metadata: labels: app: zed spec: containers: - name: zed image: "${ZED_IMAGE_ID}" ports: - containerPort: 8080 protocol: TCP env: - name: HTTP_PORT value: "8080" - name: DATABASE_URL valueFrom: secretKeyRef: name: database key: url - name: SESSION_SECRET valueFrom: secretKeyRef: name: session key: secret - name: GITHUB_APP_ID valueFrom: secretKeyRef: name: github key: appId - name: GITHUB_CLIENT_ID valueFrom: secretKeyRef: name: github key: clientId - name: GITHUB_CLIENT_SECRET valueFrom: secretKeyRef: name: github key: clientSecret - name: GITHUB_PRIVATE_KEY valueFrom: secretKeyRef: name: github key: privateKey - name: API_TOKEN valueFrom: secretKeyRef: name: api key: token securityContext: capabilities: # FIXME - Switch to the more restrictive `PERFMON` capability. # This capability isn't yet available in a stable version of Debian. add: ["SYS_ADMIN"]