diff --git a/apps/fc-ttsreader/fc-ttsreader.yaml b/apps/fc-ttsreader/fc-ttsreader.yaml index 32059e0..03f9b55 100644 --- a/apps/fc-ttsreader/fc-ttsreader.yaml +++ b/apps/fc-ttsreader/fc-ttsreader.yaml @@ -5,7 +5,7 @@ kind: Namespace metadata: name: fc-ttsreader labels: - app.kubernetes.io/part-of: bluejay-infra + app.kubernetes.io/part-of: flowercore --- apiVersion: apps/v1 kind: Deployment @@ -13,48 +13,91 @@ metadata: name: ttsreader-web namespace: fc-ttsreader labels: - app: ttsreader-web + app.kubernetes.io/name: ttsreader-web + app.kubernetes.io/part-of: flowercore spec: replicas: 1 + strategy: + type: Recreate selector: matchLabels: - app: ttsreader-web + app.kubernetes.io/name: ttsreader-web template: metadata: labels: - app: ttsreader-web + app.kubernetes.io/name: ttsreader-web + app.kubernetes.io/part-of: flowercore + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "5217" + prometheus.io/path: "/metrics" spec: + securityContext: + fsGroup: 1654 + fsGroupChangePolicy: OnRootMismatch containers: - - name: ttsreader-web - image: localhost/fc-ttsreader-web:v202604132015 + - name: web + image: localhost/fc-ttsreader-web:v202604162001 imagePullPolicy: Never ports: - - containerPort: 8080 + - containerPort: 5217 name: http env: - - name: ASPNETCORE_ENVIRONMENT - value: Production - name: ASPNETCORE_URLS - value: "http://+:8080" + value: "http://+:5217" + - name: ASPNETCORE_ENVIRONMENT + value: "Production" + - name: FlowerCore__Database__ConnectionStrings__Sqlite + value: "Data Source=/data/ttsreader.db" + - name: TtsReader__Audio__OutputRoot + value: "/data/audio" + - name: TtsReader__Jobs__Root + value: "/data/jobs" + - name: TtsReader__Runtime__LogsRoot + value: "/data/logs" + envFrom: + - secretRef: + name: ttsreader-secrets + optional: true resources: requests: - memory: "128Mi" - cpu: "100m" + cpu: 100m + memory: 256Mi limits: - memory: "512Mi" - cpu: "500m" - livenessProbe: - httpGet: - path: /metrics/prometheus - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 + cpu: 500m + memory: 512Mi + volumeMounts: + - name: data + mountPath: /data + - name: tmp + mountPath: /tmp + securityContext: + runAsNonRoot: true + runAsUser: 1654 + runAsGroup: 1654 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL readinessProbe: httpGet: - path: /metrics/prometheus - port: 8080 + path: /health + port: 5217 initialDelaySeconds: 5 periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 5217 + initialDelaySeconds: 15 + periodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: ttsreader-data + - name: tmp + emptyDir: {} --- apiVersion: v1 kind: Service @@ -63,19 +106,32 @@ metadata: namespace: fc-ttsreader spec: selector: - app: ttsreader-web + app.kubernetes.io/name: ttsreader-web ports: - - port: 80 - targetPort: 8080 + - port: 5217 + targetPort: 5217 name: http --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ttsreader-data + namespace: fc-ttsreader +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi +--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: ttsreader-web-tls + name: ttsreader-cert namespace: fc-ttsreader spec: - secretName: ttsreader-web-tls + secretName: ttsreader-tls issuerRef: name: step-ca-acme kind: ClusterIssuer @@ -95,6 +151,6 @@ spec: kind: Rule services: - name: ttsreader-web - port: 80 + port: 5217 tls: - secretName: ttsreader-web-tls + secretName: ttsreader-tls