-
Notifications
You must be signed in to change notification settings - Fork 2
/
server.yaml
67 lines (67 loc) · 2.24 KB
/
server.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
apiVersion: apps/v1
kind: Deployment
metadata:
name: development-server
labels:
tier: server
spec:
replicas: 1
selector:
matchLabels:
tier: server
template:
metadata:
labels:
tier: server
spec:
securityContext:
# The default behavior of your node is to run as root, but that is undesirable, even in a dev environment,
# because root in the container is root on the node (your machine). In dev we still need the pod user to
# have some permissions, most notably the ability to write to the file system, because we're actually
# running our pre-commit hooks *inside* the pod. Therefore, we're going to run the server pod, and your code
# as the user that runs helm3. In a production version of this template, you'd probably want to run as
# something more secure.
runAsUser: {{ .Values.uid }}
runAsGroup: {{ .Values.gid }}
runAsNonRoot: true
volumes:
- name: host-project
hostPath:
path: "{{ .Values.projectDir }}"
- name: database-secrets
secret:
secretName: database-credentials
- name: app-secrets
secret:
secretName: app-secrets
containers:
- name: server
image: "{{ .Values.imageTag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
workingDir: /opt/project/server
command: ["python"]
args: ["manage.py", "runserver_plus", "0.0.0.0:8000"]
env:
- name: SECRETS_ROOTPATH
value: "{{ .Values.secrets.rootPath }}"
ports:
- name: http
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
volumeMounts:
- name: host-project
mountPath: /opt/project/
- name: database-secrets
mountPath: "{{ .Values.secrets.rootPath }}/database-secrets"
readOnly: true
- name: app-secrets
mountPath: "{{ .Values.secrets.rootPath }}/app-secrets"
readOnly: true