42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: matrix-media-repo
|
|
spec:
|
|
template:
|
|
spec:
|
|
# This does not currently work as there are some weird expectations on
|
|
# run scripts as running as non-root
|
|
securityContext:
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: media-repo
|
|
image: drgrove/matrix-media-repo
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 9000
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /home/user/media/
|
|
name: ephemeral
|
|
- mountPath: /home/user/config/media-repo.yaml
|
|
name: config
|
|
subPath: config.yaml
|
|
readOnly: true
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
allowPrivilegeEscalation: false
|
|
# Right now setting this to true is not possible
|
|
readOnlyRootFilesystem: false
|
|
volumes:
|
|
- name: config
|
|
secret:
|
|
secretName: mmr-config
|
|
- name: ephemeral
|
|
emptyDir: {}
|