apiVersion: apps/v1 kind: Deployment metadata: name: prettysunflower-website labels: app.kubernetes.io/name: prettysunflower-website spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: prettysunflower-website template: metadata: labels: app.kubernetes.io/name: prettysunflower-website spec: containers: - name: website image: 'git.prettysunflower.moe/prettysunflower/prettysunflower-website:latest' imagePullPolicy: Always envFrom: - secretRef: name: prettysunflower-website-secret ports: - containerPort: 3334 - name: website-static image: 'git.prettysunflower.moe/prettysunflower/prettysunflower-website-static:main' imagePullPolicy: Always ports: - containerPort: 8001 - name: anubis image: ghcr.io/techarohq/anubis:v1.21.3 imagePullPolicy: Always env: - name: "BIND" value: ":8080" - name: "DIFFICULTY" value: "4" - name: ED25519_PRIVATE_KEY_HEX valueFrom: secretKeyRef: name: anubis-prettysunflower-website-key key: ED25519_PRIVATE_KEY_HEX - name: "METRICS_BIND" value: ":9090" - name: "SERVE_ROBOTS_TXT" value: "false" - name: "TARGET" value: "http://localhost:3334" - name: "OG_PASSTHROUGH" value: "true" - name: "OG_EXPIRY_TIME" value: "24h" - name: "THOTH_URL" valueFrom: secretKeyRef: name: anubis-prettysunflower-website-key key: THOTH_URL - name: "THOTH_TOKEN" valueFrom: secretKeyRef: name: anubis-prettysunflower-website-key key: THOTH_TOKEN resources: limits: cpu: 750m memory: 256Mi requests: cpu: 250m memory: 256Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault dnsPolicy: "ClusterFirst" dnsConfig: nameservers: - 100.96.226.96