266 lines
8.0 KiB
JSON
266 lines
8.0 KiB
JSON
{
|
|
"apiVersion": "apps/v1",
|
|
"kind": "Deployment",
|
|
"metadata": {
|
|
"labels": {
|
|
"app.kubernetes.io/name": "fc-distribution",
|
|
"app.kubernetes.io/part-of": "flowercore"
|
|
},
|
|
"name": "fc-distribution",
|
|
"namespace": "fc-distribution"
|
|
},
|
|
"spec": {
|
|
"progressDeadlineSeconds": 600,
|
|
"replicas": 1,
|
|
"revisionHistoryLimit": 3,
|
|
"selector": {
|
|
"matchLabels": {
|
|
"app.kubernetes.io/name": "fc-distribution"
|
|
}
|
|
},
|
|
"strategy": {
|
|
"type": "Recreate"
|
|
},
|
|
"template": {
|
|
"metadata": {
|
|
"annotations": {
|
|
"flowercore.io/healthz-auth-policy": "allow-anonymous",
|
|
"prometheus.io/path": "/metrics",
|
|
"prometheus.io/port": "8080",
|
|
"prometheus.io/scrape": "true"
|
|
},
|
|
"labels": {
|
|
"app.kubernetes.io/name": "fc-distribution",
|
|
"app.kubernetes.io/part-of": "flowercore"
|
|
}
|
|
},
|
|
"spec": {
|
|
"containers": [
|
|
{
|
|
"env": [
|
|
{
|
|
"name": "ASPNETCORE_URLS",
|
|
"value": "http://+:8080"
|
|
},
|
|
{
|
|
"name": "ASPNETCORE_ENVIRONMENT",
|
|
"value": "Production"
|
|
},
|
|
{
|
|
"name": "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Enabled",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Oidc__Enabled",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Oidc__Authority",
|
|
"value": "https://id.iamworkin.lan/application/o/distribution/"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Oidc__Audience",
|
|
"value": "distribution"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Oidc__ClientId",
|
|
"value": "distribution"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Auth__Oidc__ClientSecret",
|
|
"valueFrom": {
|
|
"secretKeyRef": {
|
|
"key": "client_secret",
|
|
"name": "distribution-oidc-client",
|
|
"optional": true
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"name": "FlowerCore__Database__Provider",
|
|
"value": "Sqlite"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Database__ConnectionStrings__Sqlite",
|
|
"value": "Data Source=/data/distribution.db"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__Blobs__Root",
|
|
"value": "/blobs"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__Signing__EditionCerts__kiosk-standard__CertPath",
|
|
"value": "/signing/kiosk-standard/chain.pem"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__Signing__EditionCerts__kiosk-standard__KeyPath",
|
|
"value": "/signing/kiosk-standard/private-key.pem"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__Signing__EditionCerts__aistation-field__CertPath",
|
|
"value": "/signing/aistation-field/chain.pem"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__Signing__EditionCerts__aistation-field__KeyPath",
|
|
"value": "/signing/aistation-field/private-key.pem"
|
|
},
|
|
{
|
|
"name": "FlowerCore__Distribution__EntitlementPublic__PublicEditions__0",
|
|
"value": "*"
|
|
}
|
|
],
|
|
"image": "localhost/fc-distribution:gx10-v1",
|
|
"imagePullPolicy": "Never",
|
|
"livenessProbe": {
|
|
"failureThreshold": 3,
|
|
"initialDelaySeconds": 30,
|
|
"periodSeconds": 30,
|
|
"successThreshold": 1,
|
|
"tcpSocket": {
|
|
"port": 8080
|
|
},
|
|
"timeoutSeconds": 1
|
|
},
|
|
"name": "web",
|
|
"ports": [
|
|
{
|
|
"containerPort": 8080,
|
|
"name": "http",
|
|
"protocol": "TCP"
|
|
}
|
|
],
|
|
"readinessProbe": {
|
|
"failureThreshold": 3,
|
|
"httpGet": {
|
|
"path": "/healthz",
|
|
"port": 8080,
|
|
"scheme": "HTTP"
|
|
},
|
|
"periodSeconds": 10,
|
|
"successThreshold": 1,
|
|
"timeoutSeconds": 1
|
|
},
|
|
"resources": {
|
|
"limits": {
|
|
"cpu": "500m",
|
|
"memory": "512Mi"
|
|
},
|
|
"requests": {
|
|
"cpu": "100m",
|
|
"memory": "256Mi"
|
|
}
|
|
},
|
|
"securityContext": {
|
|
"allowPrivilegeEscalation": false,
|
|
"capabilities": {
|
|
"drop": [
|
|
"ALL"
|
|
]
|
|
},
|
|
"readOnlyRootFilesystem": true,
|
|
"runAsGroup": 1654,
|
|
"runAsNonRoot": true,
|
|
"runAsUser": 1654
|
|
},
|
|
"startupProbe": {
|
|
"failureThreshold": 30,
|
|
"httpGet": {
|
|
"path": "/healthz",
|
|
"port": 8080,
|
|
"scheme": "HTTP"
|
|
},
|
|
"initialDelaySeconds": 5,
|
|
"periodSeconds": 5,
|
|
"successThreshold": 1,
|
|
"timeoutSeconds": 1
|
|
},
|
|
"terminationMessagePath": "/dev/termination-log",
|
|
"terminationMessagePolicy": "File",
|
|
"volumeMounts": [
|
|
{
|
|
"mountPath": "/data",
|
|
"name": "sqlite",
|
|
"subPath": "distribution/data"
|
|
},
|
|
{
|
|
"mountPath": "/blobs",
|
|
"name": "blobs",
|
|
"subPath": "distribution/blobs"
|
|
},
|
|
{
|
|
"mountPath": "/tmp",
|
|
"name": "tmp"
|
|
},
|
|
{
|
|
"mountPath": "/app/logs",
|
|
"name": "logs"
|
|
},
|
|
{
|
|
"mountPath": "/signing/kiosk-standard",
|
|
"name": "kiosk-standard",
|
|
"readOnly": true
|
|
},
|
|
{
|
|
"mountPath": "/signing/aistation-field",
|
|
"name": "aistation-field",
|
|
"readOnly": true
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"dnsPolicy": "ClusterFirst",
|
|
"restartPolicy": "Always",
|
|
"schedulerName": "default-scheduler",
|
|
"securityContext": {
|
|
"fsGroup": 1654,
|
|
"fsGroupChangePolicy": "OnRootMismatch",
|
|
"runAsNonRoot": true
|
|
},
|
|
"terminationGracePeriodSeconds": 30,
|
|
"volumes": [
|
|
{
|
|
"name": "sqlite",
|
|
"nfs": {
|
|
"path": "/volume1/kubernetes",
|
|
"server": "10.0.58.3"
|
|
}
|
|
},
|
|
{
|
|
"name": "blobs",
|
|
"nfs": {
|
|
"path": "/volume1/kubernetes",
|
|
"server": "10.0.58.3"
|
|
}
|
|
},
|
|
{
|
|
"emptyDir": {},
|
|
"name": "tmp"
|
|
},
|
|
{
|
|
"emptyDir": {},
|
|
"name": "logs"
|
|
},
|
|
{
|
|
"name": "kiosk-standard",
|
|
"secret": {
|
|
"defaultMode": 256,
|
|
"secretName": "edition-kiosk-standard"
|
|
}
|
|
},
|
|
{
|
|
"name": "aistation-field",
|
|
"secret": {
|
|
"defaultMode": 256,
|
|
"secretName": "edition-aistation-field"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|