--- apiVersion: apps/v1 kind: Deployment metadata: name: discourse namespace: discourse spec: replicas: 1 selector: matchLabels: component: web strategy: type: Recreate template: metadata: labels: component: web spec: automountServiceAccountToken: false serviceAccountName: discourse securityContext: fsGroup: 1000 fsGroupChangePolicy: Always initContainers: - name: discourse-migrate image: discourse/discourse:3.5.3 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER - SETGID - SETUID - DAC_OVERRIDE privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault command: - /bin/bash - -c - | set -e cd /var/www/discourse export HOME=/root git config --global --add safe.directory /var/www/discourse bundle exec rake db:migrate bundle exec rake assets:precompile env: - name: RAILS_ENV value: "production" - name: DISCOURSE_DB_HOST value: {{ .dbHostname }} - name: DISCOURSE_DB_PORT value: "{{ .dbPort }}" - name: DISCOURSE_DB_NAME value: {{ .dbName }} - name: DISCOURSE_DB_USERNAME value: {{ .dbUsername }} - name: DISCOURSE_DB_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: dbPassword - name: DISCOURSE_REDIS_HOST value: {{ .redisHostname }} - name: DISCOURSE_REDIS_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: redis.password - name: DISCOURSE_HOSTNAME value: {{ .domain }} - name: DISCOURSE_SECRET_KEY_BASE valueFrom: secretKeyRef: name: discourse-secrets key: secretKeyBase volumeMounts: - name: discourse-data mountPath: /shared containers: - name: discourse image: discourse/discourse:3.5.3 imagePullPolicy: "IfNotPresent" command: - /sbin/boot securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER - SETGID - SETUID - DAC_OVERRIDE privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault env: - name: RAILS_ENV value: "production" # Discourse database configuration - name: DISCOURSE_DB_HOST value: {{ .dbHostname }} - name: DISCOURSE_DB_PORT value: "{{ .dbPort }}" - name: DISCOURSE_DB_NAME value: {{ .dbName }} - name: DISCOURSE_DB_USERNAME value: {{ .dbUsername }} - name: DISCOURSE_DB_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: dbPassword # Redis configuration - name: DISCOURSE_REDIS_HOST value: {{ .redisHostname }} - name: DISCOURSE_REDIS_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: redis.password # Site configuration - name: DISCOURSE_HOSTNAME value: {{ .domain }} - name: DISCOURSE_DEVELOPER_EMAILS value: {{ .adminEmail }} - name: DISCOURSE_SECRET_KEY_BASE valueFrom: secretKeyRef: name: discourse-secrets key: secretKeyBase # SMTP configuration - name: DISCOURSE_SMTP_ADDRESS value: {{ .smtp.host }} - name: DISCOURSE_SMTP_PORT value: "{{ .smtp.port }}" - name: DISCOURSE_SMTP_USER_NAME value: {{ .smtp.user }} - name: DISCOURSE_SMTP_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: smtpPassword - name: DISCOURSE_SMTP_ENABLE_START_TLS value: "{{ .smtp.startTls }}" ports: - name: http containerPort: 80 protocol: TCP livenessProbe: httpGet: path: /srv/status port: http initialDelaySeconds: 500 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 readinessProbe: httpGet: path: /srv/status port: http initialDelaySeconds: 360 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: 2000m ephemeral-storage: 10Gi memory: 8Gi requests: cpu: 750m ephemeral-storage: 50Mi memory: 1Gi volumeMounts: - name: discourse-data mountPath: /shared - name: sidekiq image: discourse/discourse:3.5.3 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - CHOWN - FOWNER - SETGID - SETUID - DAC_OVERRIDE privileged: false readOnlyRootFilesystem: false runAsNonRoot: false runAsUser: 0 seccompProfile: type: RuntimeDefault command: - /bin/bash - -c - "cd /var/www/discourse && export HOME=/root && exec bundle exec sidekiq" env: - name: RAILS_ENV value: "production" # Discourse database configuration - name: DISCOURSE_DB_HOST value: {{ .dbHostname }} - name: DISCOURSE_DB_PORT value: "{{ .dbPort }}" - name: DISCOURSE_DB_NAME value: {{ .dbName }} - name: DISCOURSE_DB_USERNAME value: {{ .dbUsername }} - name: DISCOURSE_DB_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: dbPassword # Redis configuration - name: DISCOURSE_REDIS_HOST value: {{ .redisHostname }} - name: DISCOURSE_REDIS_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: redis.password # Site configuration - name: DISCOURSE_HOSTNAME value: {{ .domain }} - name: DISCOURSE_DEVELOPER_EMAILS value: {{ .adminEmail }} - name: DISCOURSE_SECRET_KEY_BASE valueFrom: secretKeyRef: name: discourse-secrets key: secretKeyBase # SMTP configuration - name: DISCOURSE_SMTP_ADDRESS value: {{ .smtp.host }} - name: DISCOURSE_SMTP_PORT value: "{{ .smtp.port }}" - name: DISCOURSE_SMTP_USER_NAME value: {{ .smtp.user }} - name: DISCOURSE_SMTP_PASSWORD valueFrom: secretKeyRef: name: discourse-secrets key: smtpPassword - name: DISCOURSE_SMTP_ENABLE_START_TLS value: "{{ .smtp.startTls }}" livenessProbe: exec: command: - /bin/bash - -c - "pgrep -f sidekiq" initialDelaySeconds: 500 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 readinessProbe: exec: command: - /bin/bash - -c - "pgrep -f sidekiq" initialDelaySeconds: 180 periodSeconds: 30 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 6 resources: limits: cpu: 1000m ephemeral-storage: 2Gi memory: 1Gi requests: cpu: 375m ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: discourse-data mountPath: /shared volumes: - name: discourse-data persistentVolumeClaim: claimName: discourse-data