bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity
Files
18f4f657f8b3ce9743c9ddd7ca6dd9242ac4a3c4
bluejay-infra/apps-gx10/intranet/deployment-intranet-web.json
Andrew Stoltz 18f4f657f8 Deploy Intranet SEC-5 non-root image to GX10 
Pin localhost/fc-intranet-web:v20260617-sec5-intranet-1abdf90 and apply restricted pod/container security contexts plus writable /data, /tmp, and /app/logs mounts.
2026-06-17 08:18:31 -05:00

196 lines
5.4 KiB
JSON
Raw Blame History

{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"labels": {
"app": "intranet-web"
},
"name": "intranet-web",
"namespace": "intranet"
},
"spec": {
"progressDeadlineSeconds": 600,
"replicas": 1,
"revisionHistoryLimit": 10,
"selector": {
"matchLabels": {
"app": "intranet-web"
}
},
"strategy": {
"type": "Recreate"
},
"template": {
"metadata": {
"annotations": {
"kubectl.kubernetes.io/restartedAt": "2026-06-14T00:57:21-05:00"
},
"labels": {
"app": "intranet-web"
}
},
"spec": {
"containers": [
{
"env": [
{
"name": "ASPNETCORE_ENVIRONMENT",
"value": "Production"
},
{
"name": "ASPNETCORE_URLS",
"value": "http://+:5300"
},
{
"name": "IntranetSearch__OllamaBaseUrl",
"value": "http://10.0.57.201:11434"
},
{
"name": "IntranetSearch__Enabled",
"value": "true"
},
{
"name": "PageReadingOverrides__DatabasePath",
"value": "/data/page-reading-overrides.db"
},
{
"name": "FlowerCore__Theme__DatabasePath",
"value": "/data/intranet-theme.db"
},
{
"name": "KnowledgeFleetSearch__BaseUrl",
"value": "https://knowledge.iamworkin.lan"
},
{
"name": "KnowledgeFleetSearch__ApiKey",
"valueFrom": {
"configMapKeyRef": {
"key": "KnowledgeApiKey",
"name": "intranet-config",
"optional": true
}
}
},
{
"name": "TrustedHeaderAuthentication__SharedSecret",
"valueFrom": {
"configMapKeyRef": {
"key": "TrustedHeaderSharedSecret",
"name": "intranet-config",
"optional": true
}
}
}
],
"image": "localhost/fc-intranet-web:v20260617-sec5-intranet-1abdf90",
"imagePullPolicy": "Never",
"securityContext": {
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
},
"livenessProbe": {
"failureThreshold": 3,
"httpGet": {
"path": "/health",
"port": 5300,
"scheme": "HTTP"
},
"initialDelaySeconds": 30,
"periodSeconds": 30,
"successThreshold": 1,
"timeoutSeconds": 1
},
"name": "intranet-web",
"ports": [
{
"containerPort": 5300,
"name": "http",
"protocol": "TCP"
}
],
"readinessProbe": {
"failureThreshold": 3,
"httpGet": {
"path": "/health",
"port": 5300,
"scheme": "HTTP"
},
"initialDelaySeconds": 10,
"periodSeconds": 10,
"successThreshold": 1,
"timeoutSeconds": 1
},
"resources": {
"limits": {
"cpu": "1",
"memory": "1Gi"
},
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"volumeMounts": [
{
"mountPath": "/data",
"name": "vector-store"
},
{
"mountPath": "/srv/flowercore-notes",
"name": "notes-corpus",
"readOnly": true
},
{
"mountPath": "/tmp",
"name": "temp"
},
{
"mountPath": "/app/logs",
"name": "logs"
}
]
}
],
"dnsPolicy": "ClusterFirst",
"restartPolicy": "Always",
"schedulerName": "default-scheduler",
"securityContext": {
"fsGroup": 1654,
"fsGroupChangePolicy": "OnRootMismatch",
"runAsGroup": 1654,
"runAsNonRoot": true,
"runAsUser": 1654
},
"terminationGracePeriodSeconds": 30,
"volumes": [
{
"name": "vector-store",
"persistentVolumeClaim": {
"claimName": "intranet-vector-store"
}
},
{
"emptyDir": {},
"name": "notes-corpus"
},
{
"emptyDir": {},
"name": "temp"
},
{
"emptyDir": {},
"name": "logs"
}
]
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink