apiVersion: apps/v1 kind: Deployment metadata: name: mastodon-streaming namespace: {{ .namespace }} spec: replicas: 1 selector: matchLabels: component: streaming template: metadata: labels: component: streaming spec: securityContext: runAsNonRoot: true runAsUser: 991 runAsGroup: 991 fsGroup: 991 seccompProfile: type: RuntimeDefault containers: - name: streaming image: {{ .streamingImage }} securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false ports: - name: streaming containerPort: {{ .streamingPort }} protocol: TCP env: - name: NODE_ENV value: production - name: PORT value: "{{ .streamingPort }}" - name: STREAMING_CLUSTER_NUM value: "1" - name: DB_HOST value: "{{ .dbHostname }}" - name: DB_PORT value: "{{ .dbPort }}" - name: DB_NAME value: "{{ .dbName }}" - name: DB_USER value: "{{ .dbUsername }}" - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-secrets key: dbPassword - name: REDIS_HOST value: "{{ .redisHostname }}" - name: REDIS_PORT value: "{{ .redisPort }}" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: redis.password resources: requests: cpu: 250m memory: 128Mi limits: memory: 512Mi livenessProbe: httpGet: path: /api/v1/streaming/health port: streaming initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 readinessProbe: httpGet: path: /api/v1/streaming/health port: streaming initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 3