apiVersion: apps/v1 kind: Deployment metadata: name: kakigoori labels: app.kubernetes.io/name: kakigoori spec: replicas: 3 selector: matchLabels: app.kubernetes.io/name: kakigoori template: metadata: labels: app.kubernetes.io/name: kakigoori spec: containers: - name: kakigoori image: "git.prettysunflower.moe/prettysunflower/kakigoori:main" imagePullPolicy: Always ports: - containerPort: 8001 volumeMounts: - name: config mountPath: /kakigoori/kakigoori/local_settings.py subPath: local_settings.py securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault - name: anubis image: ghcr.io/techarohq/anubis:v1.21.3 env: - name: "BIND" value: ":8080" - name: "DIFFICULTY" value: "4" - name: ED25519_PRIVATE_KEY_HEX valueFrom: secretKeyRef: name: anubis-kakigoori-key key: ED25519_PRIVATE_KEY_HEX - name: "THOTH_URL" valueFrom: secretKeyRef: name: anubis-kakigoori-key key: THOTH_URL - name: "THOTH_TOKEN" valueFrom: secretKeyRef: name: anubis-kakigoori-key key: THOTH_TOKEN - name: "METRICS_BIND" value: ":9090" - name: "SERVE_ROBOTS_TXT" value: "true" - name: "TARGET" value: "http://localhost:8001" - name: "OG_PASSTHROUGH" value: "true" - name: "OG_EXPIRY_TIME" value: "24h" resources: limits: cpu: 750m memory: 256Mi requests: cpu: 250m memory: 256Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault volumes: - name: config configMap: name: kakigoori-config dnsPolicy: "None" dnsConfig: nameservers: - 100.96.226.96