--- apiVersion: apps/v1 kind: Deployment metadata: name: decidim namespace: decidim spec: replicas: 1 selector: matchLabels: component: web strategy: type: Recreate template: metadata: labels: component: web spec: automountServiceAccountToken: false serviceAccountName: decidim securityContext: fsGroup: 1000 fsGroupChangePolicy: Always containers: - name: decidim image: payneio/decidim-sidekiq:0.31.0 imagePullPolicy: Always command: - /bin/bash - -c - | set -e cd /code bundle exec rake db:migrate bundle exec rails runner "Decidim::System::Admin.find_or_create_by!(email: ENV['SYSTEM_ADMIN_EMAIL']) { |admin| admin.password = ENV['SYSTEM_ADMIN_PASSWORD']; admin.password_confirmation = ENV['SYSTEM_ADMIN_PASSWORD'] }" bundle exec rails s -b 0.0.0.0 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER - SETGID - SETUID - DAC_OVERRIDE privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault env: - name: RAILS_ENV value: "production" - name: PORT value: "{{ .port }}" - name: RAILS_LOG_TO_STDOUT value: "true" # Database configuration - name: DATABASE_URL valueFrom: secretKeyRef: name: decidim-secrets key: dbUrl # Redis configuration - name: REDIS_HOSTNAME value: {{ .redisHostname }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: decidim-secrets key: redis.password - name: REDIS_URL value: "redis://:$(REDIS_PASSWORD)@$(REDIS_HOSTNAME):6379/0" # Application configuration - name: DECIDIM_HOST value: {{ .domain }} - name: DECIDIM_ORGANIZATION_NAME value: {{ .siteName }} - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: decidim-secrets key: secretKeyBase # SMTP configuration - name: SMTP_ADDRESS value: {{ .smtp.host }} - name: SMTP_PORT value: "{{ .smtp.port }}" - name: SMTP_USERNAME value: {{ .smtp.user }} - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: decidim-secrets key: smtpPassword - name: SMTP_DOMAIN value: {{ .domain }} - name: SMTP_FROM value: {{ .smtp.from }} - name: SMTP_STARTTLS_AUTO value: "{{ .smtp.startTls }}" # System admin credentials - name: SYSTEM_ADMIN_EMAIL value: {{ .systemAdminEmail }} - name: SYSTEM_ADMIN_PASSWORD valueFrom: secretKeyRef: name: decidim-secrets key: systemAdminPassword ports: - name: http containerPort: {{ .port }} protocol: TCP livenessProbe: tcpSocket: port: {{ .port }} initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 readinessProbe: tcpSocket: port: {{ .port }} initialDelaySeconds: 180 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: 2000m ephemeral-storage: 10Gi memory: 4Gi requests: cpu: 500m ephemeral-storage: 50Mi memory: 1Gi volumeMounts: - name: decidim-data mountPath: /code/public/uploads - name: sidekiq image: payneio/decidim-sidekiq:0.31.0 imagePullPolicy: Always command: - /bin/bash - -c - | set -e cd /code bundle exec sidekiq securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER - SETGID - SETUID - DAC_OVERRIDE privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault env: - name: RAILS_ENV value: "production" - name: RAILS_LOG_TO_STDOUT value: "true" # Database configuration - name: DATABASE_URL valueFrom: secretKeyRef: name: decidim-secrets key: dbUrl # Redis configuration - name: REDIS_HOSTNAME value: {{ .redisHostname }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: decidim-secrets key: redis.password - name: REDIS_URL value: "redis://:$(REDIS_PASSWORD)@$(REDIS_HOSTNAME):6379/0" # Application configuration - name: DECIDIM_HOST value: {{ .domain }} - name: SECRET_KEY_BASE valueFrom: secretKeyRef: name: decidim-secrets key: secretKeyBase resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 250m memory: 512Mi volumeMounts: - name: decidim-data mountPath: /code/public/uploads volumes: - name: decidim-data persistentVolumeClaim: claimName: decidim-data