{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "labels": { "app.kubernetes.io/name": "fc-distribution", "app.kubernetes.io/part-of": "flowercore" }, "name": "fc-distribution", "namespace": "fc-distribution" }, "spec": { "progressDeadlineSeconds": 600, "replicas": 1, "revisionHistoryLimit": 3, "selector": { "matchLabels": { "app.kubernetes.io/name": "fc-distribution" } }, "strategy": { "type": "Recreate" }, "template": { "metadata": { "annotations": { "flowercore.io/healthz-auth-policy": "allow-anonymous", "prometheus.io/path": "/metrics", "prometheus.io/port": "8080", "prometheus.io/scrape": "true" }, "labels": { "app.kubernetes.io/name": "fc-distribution", "app.kubernetes.io/part-of": "flowercore" } }, "spec": { "containers": [ { "env": [ { "name": "ASPNETCORE_URLS", "value": "http://+:8080" }, { "name": "ASPNETCORE_ENVIRONMENT", "value": "Production" }, { "name": "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT", "value": "false" }, { "name": "FlowerCore__Auth__Enabled", "value": "true" }, { "name": "FlowerCore__Auth__Oidc__Enabled", "value": "true" }, { "name": "FlowerCore__Auth__Oidc__Authority", "value": "https://id.iamworkin.lan/application/o/distribution/" }, { "name": "FlowerCore__Auth__Oidc__Audience", "value": "distribution" }, { "name": "FlowerCore__Auth__Oidc__ClientId", "value": "distribution" }, { "name": "FlowerCore__Auth__Oidc__ClientSecret", "valueFrom": { "secretKeyRef": { "key": "client_secret", "name": "distribution-oidc-client", "optional": true } } }, { "name": "FlowerCore__Database__Provider", "value": "Sqlite" }, { "name": "FlowerCore__Database__ConnectionStrings__Sqlite", "value": "Data Source=/data/distribution.db" }, { "name": "FlowerCore__Distribution__Blobs__Root", "value": "/blobs" }, { "name": "FlowerCore__Distribution__Signing__EditionCerts__kiosk-standard__CertPath", "value": "/signing/kiosk-standard/chain.pem" }, { "name": "FlowerCore__Distribution__Signing__EditionCerts__kiosk-standard__KeyPath", "value": "/signing/kiosk-standard/private-key.pem" }, { "name": "FlowerCore__Distribution__Signing__EditionCerts__aistation-field__CertPath", "value": "/signing/aistation-field/chain.pem" }, { "name": "FlowerCore__Distribution__Signing__EditionCerts__aistation-field__KeyPath", "value": "/signing/aistation-field/private-key.pem" }, { "name": "FlowerCore__Distribution__EntitlementPublic__PublicEditions__0", "value": "*" } ], "image": "localhost/fc-distribution:gx10-v1", "imagePullPolicy": "Never", "livenessProbe": { "failureThreshold": 3, "initialDelaySeconds": 30, "periodSeconds": 30, "successThreshold": 1, "tcpSocket": { "port": 8080 }, "timeoutSeconds": 1 }, "name": "web", "ports": [ { "containerPort": 8080, "name": "http", "protocol": "TCP" } ], "readinessProbe": { "failureThreshold": 3, "httpGet": { "path": "/healthz", "port": 8080, "scheme": "HTTP" }, "periodSeconds": 10, "successThreshold": 1, "timeoutSeconds": 1 }, "resources": { "limits": { "cpu": "500m", "memory": "512Mi" }, "requests": { "cpu": "100m", "memory": "256Mi" } }, "securityContext": { "allowPrivilegeEscalation": false, "capabilities": { "drop": [ "ALL" ] }, "readOnlyRootFilesystem": true, "runAsGroup": 1654, "runAsNonRoot": true, "runAsUser": 1654 }, "startupProbe": { "failureThreshold": 30, "httpGet": { "path": "/healthz", "port": 8080, "scheme": "HTTP" }, "initialDelaySeconds": 5, "periodSeconds": 5, "successThreshold": 1, "timeoutSeconds": 1 }, "terminationMessagePath": "/dev/termination-log", "terminationMessagePolicy": "File", "volumeMounts": [ { "mountPath": "/data", "name": "sqlite", "subPath": "distribution/data" }, { "mountPath": "/blobs", "name": "blobs", "subPath": "distribution/blobs" }, { "mountPath": "/tmp", "name": "tmp" }, { "mountPath": "/app/logs", "name": "logs" }, { "mountPath": "/signing/kiosk-standard", "name": "kiosk-standard", "readOnly": true }, { "mountPath": "/signing/aistation-field", "name": "aistation-field", "readOnly": true } ] } ], "dnsPolicy": "ClusterFirst", "restartPolicy": "Always", "schedulerName": "default-scheduler", "securityContext": { "fsGroup": 1654, "fsGroupChangePolicy": "OnRootMismatch", "runAsNonRoot": true }, "terminationGracePeriodSeconds": 30, "volumes": [ { "name": "sqlite", "nfs": { "path": "/volume1/kubernetes", "server": "10.0.58.3" } }, { "name": "blobs", "nfs": { "path": "/volume1/kubernetes", "server": "10.0.58.3" } }, { "emptyDir": {}, "name": "tmp" }, { "emptyDir": {}, "name": "logs" }, { "name": "kiosk-standard", "secret": { "defaultMode": 256, "secretName": "edition-kiosk-standard" } }, { "name": "aistation-field", "secret": { "defaultMode": 256, "secretName": "edition-aistation-field" } } ] } } } }