1
0
Fork 0
distrust-stack/kustomizations/matrix/matrix-media-repo/deployment.yaml

42 lines
1.1 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-media-repo
spec:
template:
spec:
# This does not currently work as there are some weird expectations on
# run scripts as running as non-root
securityContext:
fsGroup: 1000
containers:
- name: media-repo
image: drgrove/matrix-media-repo
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
volumeMounts:
- mountPath: /home/user/media/
name: ephemeral
- mountPath: /home/user/config/media-repo.yaml
name: config
subPath: config.yaml
readOnly: true
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
# Right now setting this to true is not possible
readOnlyRootFilesystem: false
volumes:
- name: config
secret:
secretName: mmr-config
- name: ephemeral
emptyDir: {}