52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: matrix-media-repo
|
|
spec:
|
|
template:
|
|
spec:
|
|
# This does not currently work as there are some weird expectations on
|
|
# run scripts as running as non-root
|
|
securityContext:
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: media-repo
|
|
image: turt2live/matrix-media-repo
|
|
command:
|
|
- media_repo
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 9000
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /media/
|
|
name: ephemeral
|
|
- mountPath: /data/media-repo.yaml
|
|
name: config
|
|
subPath: config.yaml
|
|
readOnly: true
|
|
- mountPath: /mnt/keys/mmr.signing.key
|
|
name: signing-key
|
|
readOnly: true
|
|
subPath: signing.key
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
allowPrivilegeEscalation: false
|
|
# Right now setting this to true is not possible
|
|
readOnlyRootFilesystem: false
|
|
volumes:
|
|
- name: config
|
|
secret:
|
|
secretName: mmr-config
|
|
- name: signing-key
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: mmr-signing-key
|
|
- name: ephemeral
|
|
emptyDir: {}
|