42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: matrix-media-repo
|
||
|
spec:
|
||
|
template:
|
||
|
spec:
|
||
|
# This does not currently work as there are some weird expectations on
|
||
|
# run scripts as running as non-root
|
||
|
securityContext:
|
||
|
fsGroup: 1000
|
||
|
containers:
|
||
|
- name: media-repo
|
||
|
image: drgrove/matrix-media-repo
|
||
|
ports:
|
||
|
- name: http
|
||
|
containerPort: 8000
|
||
|
protocol: TCP
|
||
|
- name: metrics
|
||
|
containerPort: 9000
|
||
|
protocol: TCP
|
||
|
volumeMounts:
|
||
|
- mountPath: /home/user/media/
|
||
|
name: ephemeral
|
||
|
- mountPath: /home/user/config/media-repo.yaml
|
||
|
name: config
|
||
|
subPath: config.yaml
|
||
|
readOnly: true
|
||
|
securityContext:
|
||
|
capabilities:
|
||
|
drop:
|
||
|
- ALL
|
||
|
allowPrivilegeEscalation: false
|
||
|
# Right now setting this to true is not possible
|
||
|
readOnlyRootFilesystem: false
|
||
|
volumes:
|
||
|
- name: config
|
||
|
secret:
|
||
|
secretName: mmr-config
|
||
|
- name: ephemeral
|
||
|
emptyDir: {}
|