apiVersion: apps/v1 kind: Deployment metadata: name: mastodon-web namespace: {{ .namespace }} spec: replicas: 1 selector: matchLabels: component: web template: metadata: labels: component: web spec: securityContext: runAsNonRoot: true runAsUser: 991 runAsGroup: 991 fsGroup: 991 seccompProfile: type: RuntimeDefault containers: - name: web image: {{ .image }} securityContext: allowPrivilegeEscalation: false capabilities: drop: [ALL] readOnlyRootFilesystem: false command: - bundle - exec - puma - -C - config/puma.rb ports: - name: http containerPort: {{ .webPort }} protocol: TCP env: - name: LOCAL_DOMAIN value: "{{ .domain }}" - name: RAILS_ENV value: production - name: RAILS_LOG_LEVEL value: info - name: DEFAULT_LOCALE value: "{{ .locale }}" - name: SINGLE_USER_MODE value: "{{ .singleUserMode }}" - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: mastodon-secrets key: secretKeyBase - name: OTP_SECRET valueFrom: secretKeyRef: name: mastodon-secrets key: otpSecret - name: VAPID_PRIVATE_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: vapidPrivateKey - name: VAPID_PUBLIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: vapidPublicKey - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordPrimaryKey - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordDeterministicKey - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT valueFrom: secretKeyRef: name: mastodon-secrets key: activeRecordKeyDerivationSalt - name: DB_HOST value: "{{ .dbHostname }}" - name: DB_PORT value: "{{ .dbPort }}" - name: DB_NAME value: "{{ .dbName }}" - name: DB_USER value: "{{ .dbUsername }}" - name: DB_PASS valueFrom: secretKeyRef: name: mastodon-secrets key: dbPassword - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: postgres.password - name: REDIS_HOST value: "{{ .redisHostname }}" - name: REDIS_PORT value: "{{ .redisPort }}" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: redis.password - name: SMTP_SERVER value: "{{ .smtp.server }}" - name: SMTP_PORT value: "{{ .smtp.port }}" - name: SMTP_LOGIN value: "{{ .smtp.user }}" - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: mastodon-secrets key: smtpPassword - name: SMTP_FROM_ADDRESS value: "{{ .smtp.from }}" - name: SMTP_AUTH_METHOD value: "{{ .smtp.authMethod }}" - name: SMTP_ENABLE_STARTTLS value: "{{ .smtp.enableStarttls }}" - name: SMTP_TLS value: "{{ .smtp.tls }}" - name: STREAMING_API_BASE_URL value: "wss://{{ .domain }}" - name: WEB_CONCURRENCY value: "2" - name: MAX_THREADS value: "5" volumeMounts: - name: assets mountPath: /opt/mastodon/public/assets - name: system mountPath: /opt/mastodon/public/system resources: requests: cpu: 250m memory: 768Mi limits: memory: 1280Mi livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 3 volumes: - name: assets persistentVolumeClaim: claimName: mastodon-assets - name: system persistentVolumeClaim: claimName: mastodon-system