-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeployment.yaml
More file actions
132 lines (131 loc) · 3.79 KB
/
deployment.yaml
File metadata and controls
132 lines (131 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
apiVersion: apps/v1
kind: Deployment
metadata:
name: search-controller-manager
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: search-controller-manager
app.kubernetes.io/part-of: search-control-plane
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: search-controller-manager
app.kubernetes.io/part-of: search-control-plane
spec:
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 65532
runAsGroup: 65532
fsGroup: 65532
seccompProfile:
type: RuntimeDefault
terminationGracePeriodSeconds: 10
containers:
- name: manager
image: ghcr.io/datum-cloud/search:latest
imagePullPolicy: IfNotPresent
command:
- /search
- controller-manager
args:
- --metrics-bind-address=$(METRICS_BIND_ADDRESS)
- --health-probe-bind-address=$(HEALTH_PROBE_BIND_ADDRESS)
- --leader-elect=$(LEADER_ELECT)
- -v=$(LOG_LEVEL)
- --meilisearch-domain=$(MEILISEARCH_DOMAIN)
- --meilisearch-task-wait-timeout=$(MEILISEARCH_TASK_WAIT_TIMEOUT)
- --max-cel-depth=$(MAX_CEL_DEPTH)
- --nats-url=$(NATS_URL)
- --nats-tls-ca=$(NATS_TLS_CA)
- --nats-tls-cert=$(NATS_TLS_CERT)
- --nats-tls-key=$(NATS_TLS_KEY)
- --leader-elect-resource-namespace=$(LEADER_ELECT_RESOURCE_NAMESPACE)
- --enable-multi-tenancy=$(ENABLE_MULTI_TENANCY)
- --project-label-selector=$(PROJECT_LABEL_SELECTOR)
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: METRICS_BIND_ADDRESS
value: ":8080"
- name: HEALTH_PROBE_BIND_ADDRESS
value: ":8081"
- name: LEADER_ELECT
value: "true"
- name: LOG_LEVEL
value: "4"
- name: MEILISEARCH_DOMAIN
value: "http://meilisearch.meilisearch-system.svc.cluster.local:7700"
- name: MEILISEARCH_TASK_WAIT_TIMEOUT
value: "3s"
- name: MAX_CEL_DEPTH
value: "10"
- name: NATS_URL
value: "nats://nats.nats-system.svc.cluster.local:4222"
- name: NATS_TLS_CA
value: ""
- name: NATS_TLS_CERT
value: ""
- name: NATS_TLS_KEY
value: ""
- name: LEADER_ELECT_RESOURCE_NAMESPACE
value: ""
- name: ENABLE_MULTI_TENANCY
value: "false"
- name: PROJECT_LABEL_SELECTOR
value: ""
- name: MEILISEARCH_API_KEY
valueFrom:
secretKeyRef:
name: meilisearch-master-key
key: MEILI_MASTER_KEY
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
capabilities:
drop:
- ALL
ports:
- containerPort: 8081
name: health
protocol: TCP
- containerPort: 8080
name: metrics
protocol: TCP
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
livenessProbe:
httpGet:
path: /healthz
port: health
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: health
initialDelaySeconds: 5
periodSeconds: 10
volumeMounts:
- name: tmp
mountPath: /tmp
volumes:
- name: tmp
emptyDir: {}
restartPolicy: Always